|
Log-Analyse und Auswertung: GVU Trojaner Windows 7 64 BitWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
08.10.2013, 17:10 | #1 |
| GVU Trojaner Windows 7 64 Bit Hallo liebe Community, habe mir bereits einige der artverwandten Fälle angesehen und mich nun dazu entschlossen euch um eure fachkundige Hilfe zu bitten. Es handelt sich um den Computer eines guten Freundes von mir. Kleinere Probleme kriege ich in der Regel auch selbst beseitigt. Allerdings musste ich feststellen, dass bei ihm noch einiges mehr im Argen lag bzw. liegt. (In erster Linie bin ich aber schon hier wegen dem GVU-Trojaner. Der abgesicherte Modus mit Netzwerktreibern geht nicht, hatte ich gestern Abend schon kurz ausprobiert. Aber ich glaube er kann sich noch mit einem anderen Benutzer anmelden.) Java war nicht auf dem aktuellen Stand, er besucht offenbar teils recht "ominöse" Websites, verwendet bislang sonst auch gerne nicht aktuelle Software, ... . Konnte ihn nun tatsächlich von dem Sinn und Zweck des Leitfadens "Das sichere Windows System" von Paule (weiß nicht ob ich den Link hier posten darf) überzeugen. Der Gute hat mir versprochen in Zukunft mit Bedacht zu surfen und den Anschnallgurt anzulegen. Fahre später direkt zu ihm und werde versuchen die Log-Files zu posten, Frage vorab: Farbar's Recovery Scan Tool oder OTLPENet.exe von OldTimer ? Bereits im Voraus vielen Dank für eure Hilfe, Lou Schalter Edit: Bitte entschuldigt, hatte die Punkte überlesen: Ich habe Windows Vista, 7 oder 8 Erzeuge ein FRST-Logfile nach dieser Anleitung: Scan mit Farbar Recovery Scan Tool Ich habe Windows XP Erzeuge ein Logfile, das du mit OTLpe erstellt hast: Scan mit Otlpe => Werde mit FRST ein Logfile erstellen und gleich hier posten. Geändert von Lou Schalter (08.10.2013 um 17:39 Uhr) |
08.10.2013, 18:25 | #2 | |
/// TB-Ausbilder | GVU Trojaner Windows 7 64 Bit Hi,
__________________Zitat:
Sobald das Log da ist, kann ich den Rechner entsperren.
__________________ |
08.10.2013, 21:42 | #3 |
| GVU Trojaner Windows 7 64 Bit Wenn ich im Abgesicherten Modus (sowohl Netzwerktreiber als auch Eingabeaufforderung) starten will bleibt es bei WINDOWS\system32\drivers\CLASSPNP.sys hängen und danach fährt sich der Rechner automatisch wieder selbst herunter.
__________________Bei der Auswahl von "Computer reparieren" in den erweiterten Startoptionen kommt der Fehler: Status 0xc000000e Info: Fehler bei der Startauswahl. Zugriff auf ein erforderliches Gerät nicht möglich. Hm. Da ist guter Rat teuer. Habe jetzt alles Moegliche versucht, mit OTLPE hatte ich schliesslich Erfolg. Hoffe das ist o.k. Mit FRST ging garnichts, da bin ich einfach nicht weiter gekommen. Hier die Logs. Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 10/8/2013 11:17:52 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE 64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86) Drive C: | 110.00 Mb Total Space | 85.88 Mb Free Space | 78.07% Space Free | Partition Type: NTFS Drive D: | 465.76 Gb Total Space | 6.35 Gb Free Space | 1.36% Space Free | Partition Type: NTFS Drive E: | 465.76 Gb Total Space | 313.54 Gb Free Space | 67.32% Space Free | Partition Type: NTFS Drive F: | 273.20 Gb Total Space | 17.62 Gb Free Space | 6.45% Space Free | Partition Type: NTFS Drive G: | 7.26 Gb Total Space | 7.26 Gb Free Space | 100.00% Space Free | Partition Type: FAT32 Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- E:\Windows\System32\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- E:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 File not found htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{003B37AE-21F5-5BC5-F5EB-CD60A8928696}" = AMD Accelerated Video Transcoding "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64 "{35D00343-3BFA-46A1-C6DD-FFD770501E0B}" = AMD Drag and Drop Transcoding "{57580625-C673-7FEA-8791-E84B7AAF5069}" = ccc-utility64 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{653B9326-BD45-53BE-681A-A49CAAEE8A3C}" = ccc-utility64 "{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91A8C38A-0239-11E0-9658-189EDFD72085}" = M-Audio FastTrack Driver 6.0.6 (x64) "{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}" = AMD Catalyst Install Manager "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{AAFE68DD-A2D5-BDBF-E1B2-CB01DEFD6EB0}" = AMD Media Foundation Decoders "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Logitech Gaming Software" = Logitech Gaming Software 8.20 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{003B37AE-21F5-5BC5-F5EB-CD60A8928696}" = AMD Accelerated Video Transcoding "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64 "{35D00343-3BFA-46A1-C6DD-FFD770501E0B}" = AMD Drag and Drop Transcoding "{57580625-C673-7FEA-8791-E84B7AAF5069}" = ccc-utility64 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{653B9326-BD45-53BE-681A-A49CAAEE8A3C}" = ccc-utility64 "{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91A8C38A-0239-11E0-9658-189EDFD72085}" = M-Audio FastTrack Driver 6.0.6 (x64) "{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}" = AMD Catalyst Install Manager "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{AAFE68DD-A2D5-BDBF-E1B2-CB01DEFD6EB0}" = AMD Media Foundation Decoders "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Logitech Gaming Software" = Logitech Gaming Software 8.20 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\*****_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "JNLP" = JNLP "TeamSpeak 3 Client" = TeamSpeak 3 Client < End of report > OLT.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 10/8/2013 11:17:52 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE 64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86) Drive C: | 110.00 Mb Total Space | 85.88 Mb Free Space | 78.07% Space Free | Partition Type: NTFS Drive D: | 465.76 Gb Total Space | 6.35 Gb Free Space | 1.36% Space Free | Partition Type: NTFS Drive E: | 465.76 Gb Total Space | 313.54 Gb Free Space | 67.32% Space Free | Partition Type: NTFS Drive F: | 273.20 Gb Total Space | 17.62 Gb Free Space | 6.45% Space Free | Partition Type: NTFS Drive G: | 7.26 Gb Total Space | 7.26 Gb Free Space | 100.00% Space Free | Partition Type: FAT32 Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/11/09 23:11:32 | 000,204,288 | ---- | M] (AMD) [Auto] -- E:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2008/01/19 04:06:50 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2008/01/19 04:00:52 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\appmgmts.dll -- (AppMgmt) SRV - [2011/08/06 01:14:15 | 000,411,432 | ---- | M] (Valve Corporation) [Disabled] -- E:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/06/06 06:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- E:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010/11/20 23:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\seclogon.dll -- (seclogon) SRV - [2010/06/23 19:40:36 | 000,077,824 | ---- | M] (Avid Technology, Inc..) [Auto] -- E:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh) SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/08 16:55:54 | 000,075,064 | ---- | M] () [Auto] -- E:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2009/07/13 21:41:53 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\qwave.dll -- (QWAVE) SRV - [2008/07/27 14:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2006/12/27 19:00:00 | 000,356,352 | ---- | M] (AVM Berlin) [Auto] -- E:\Program Files (x86)\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) SRV - [2006/10/18 10:26:16 | 000,285,216 | ---- | M] (Acronis) [Auto] -- E:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011/11/09 23:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011/11/09 22:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010/12/07 14:19:02 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\MAudioFastTrack.sys -- (MAUSBFASTTRACK) DRV:64bit: - [2009/07/14 10:36:28 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009/04/21 13:08:10 | 000,012,800 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand] -- E:\Windows\System32\drivers\danew.sys -- (danewFltr) DRV:64bit: - [2007/02/16 10:36:21 | 000,629,536 | ---- | M] (Acronis) [Kernel | Boot] -- E:\Windows\System32\drivers\timntr.sys -- (timounter) DRV:64bit: - [2007/02/16 10:36:20 | 000,198,944 | ---- | M] (Acronis) [Kernel | Boot] -- E:\Windows\System32\drivers\snapman.sys -- (snapman) DRV:64bit: - [2006/12/27 19:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- E:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB) DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- E:\Windows\System32\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2005/03/28 20:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand] -- E:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Administrator_ON_F\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\Administrator_ON_F\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKU\Administrator_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKU\Administrator_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\Administrator_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\Administrator_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 62 77 37 8F B3 C3 CE 01 [binary data] IE - HKU\Administrator_ON_F\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\Administrator_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 AC 4D D3 F3 F7 CC 01 [binary data] IE - HKU\*****_ON_F\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\*****_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\LocalService_ON_F\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\NetworkService_ON_F\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.1.4: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.1.7: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: E:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.0: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: E:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2012/02/01 20:14:46 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files (x86)\Mozilla Firefox\extensions [2011/11/18 11:49:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010/06/20 17:02:25 | 000,000,000 | ---D | M] (Adobe Flash) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{82e4700b-58f2-4aa0-8949-964b59155c87} [2011/12/20 21:09:49 | 000,000,000 | ---D | M] (Default) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2008/03/11 12:08:03 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [2009/02/12 16:56:10 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2010/02/15 16:52:08 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010/06/28 12:11:23 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/11/27 14:00:28 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011/12/20 21:09:48 | 000,025,560 | ---- | M] (Mozilla Foundation) -- E:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll [2011/12/20 21:09:48 | 000,140,760 | ---- | M] (Mozilla Foundation) -- E:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll [2007/04/10 12:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- E:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2010/09/14 23:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011/12/20 21:09:48 | 000,067,032 | ---- | M] (mozilla.org) -- E:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll [2011/06/06 06:55:30 | 000,183,696 | ---- | M] (Adobe Systems Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2010/06/28 12:02:52 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2010/06/28 12:02:52 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2010/06/28 12:02:53 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2010/06/28 12:02:53 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2010/06/28 12:02:53 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2010/06/28 12:02:53 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2010/06/28 12:02:53 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011/03/12 16:14:17 | 000,001,392 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/03/12 16:14:17 | 000,002,344 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011/03/12 16:14:17 | 000,002,371 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\google.xml [2011/03/12 16:14:17 | 000,006,805 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011/03/12 16:14:17 | 000,001,178 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011/03/12 16:14:17 | 000,001,105 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml [2011/05/15 21:20:36 | 000,000,849 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - File not found O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - File not found O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - File not found O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (af0.Adblock.BHO) - {90EFF544-3981-4d46-85C9-C0361D0931D6} - E:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - File not found O2 - BHO: (no name) - {C4415769-1588-4AD6-9624-B2E69DB78D1A} - Reg Error: Value error. File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found O2 - BHO: (no name) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No CLSID value found. O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - File not found O3 - HKU\Administrator_ON_F\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - File not found O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] E:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [IAAnotif] File not found O4:64bit: - HKLM..\Run: [Launch LCore] File not found O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] E:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.) O4:64bit: - HKLM..\Run: [MSC] File not found O4:64bit: - HKLM..\Run: [SoundMAX] File not found O4 - HKLM..\Run: [DeathAdder] E:\Program Files (x86)\Razer\DeathAdder\razerhid.exe () O4 - HKLM..\Run: [DigidesignMMERefresh] E:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc..) O4 - HKLM..\Run: [SoundMAXPnP] E:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [StartCCC] E:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] E:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [VirtualCloneDrive] File not found O4 - HKLM..\Run: [vmware-tray] File not found O4 - HKU\*****_ON_F..\Run: [Google Update] File not found O4 - HKU\*****_ON_F..\Run: [SpybotSD TeaTimer] File not found O4 - HKU\LocalService_ON_F..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\NetworkService_ON_F..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\LocalService_ON_F..\RunOnce: [mctadmin] File not found O4 - HKU\NetworkService_ON_F..\RunOnce: [mctadmin] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKU\Administrator_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\*****_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - File not found O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - File not found O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - File not found O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - File not found O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - File not found O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - File not found O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - File not found O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - File not found O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - E:\Windows\System32\nlaapi.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - E:\Windows\System32\NapiNSP.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - E:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - E:\Windows\System32\mswsock.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - E:\Windows\System32\winrnr.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\Windows\System32\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\Windows\System32\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\Windows\System32\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\Windows\System32\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\Windows\System32\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - E:\Windows\System32\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - E:\Windows\System32\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - E:\Windows\System32\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - E:\Windows\System32\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - E:\Windows\System32\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - E:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - E:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - E:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - E:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found O13:64bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15:64bit: - .DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15:64bit: - .DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15:64bit: - .DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) O15:64bit: - .DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) O15:64bit: - *****_ON_F\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15:64bit: - *****_ON_F\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15:64bit: - *****_ON_F\..Trusted Domains: soe.com ([]* in Trusted sites) O15:64bit: - *****_ON_F\..Trusted Domains: sony.com ([]* in Trusted sites) O15:64bit: - *****_ON_F\..Trusted Ranges: Range1 ([http] in Trusted sites) O15:64bit: - *****_ON_F\..Trusted Ranges: Range1 ([https] in Trusted sites) O15:64bit: - LocalService_ON_F\..Trusted Domains: clonewarsadventures.com ([]* in ) O15:64bit: - LocalService_ON_F\..Trusted Domains: freerealms.com ([]* in ) O15:64bit: - LocalService_ON_F\..Trusted Domains: soe.com ([]* in ) O15:64bit: - LocalService_ON_F\..Trusted Domains: sony.com ([]* in ) O15:64bit: - NetworkService_ON_F\..Trusted Domains: clonewarsadventures.com ([]* in ) O15:64bit: - NetworkService_ON_F\..Trusted Domains: freerealms.com ([]* in ) O15:64bit: - NetworkService_ON_F\..Trusted Domains: soe.com ([]* in ) O15:64bit: - NetworkService_ON_F\..Trusted Domains: sony.com ([]* in ) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - E:\Windows\System32\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - E:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - E:\Windows\System32\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - E:\Windows\System32\inetcomm.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - E:\Windows\System32\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - E:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\Windows\System32\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\Windows\System32\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\Windows\System32\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - E:\Windows\System32\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - E:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O29:64bit: - HKLM SecurityProviders - (credssp.dll) - E:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - E:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (msv1_0) - E:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - E:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (kerberos) - E:\Windows\System32\kerberos.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (msv1_0) - E:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (schannel) - E:\Windows\System32\schannel.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (wdigest) - E:\Windows\System32\wdigest.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (tspkg) - E:\Windows\System32\tspkg.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (pku2u) - File not found O30:64bit: - LSA: Security Packages - (livessp) - File not found O30 - LSA: Security Packages - (kerberos) - E:\Windows\SysWow64\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - E:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - E:\Windows\SysWow64\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - E:\Windows\SysWow64\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - E:\Windows\SysWow64\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - File not found O30 - LSA: Security Packages - (livessp) - File not found O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found 64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found 64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2013/10/08 23:11:50 | 000,000,000 | -HSD | C] -- E:\RECYCLER [2013/10/08 14:35:33 | 001,954,124 | ---- | C] (Farbar) -- F:\Users\Administrator\Desktop\FRST64.exe [2013/10/07 19:47:21 | 004,095,448 | ---- | C] (BrightFort LLC ) -- F:\Users\Administrator\Desktop\spywareblastersetup50.exe [2013/10/07 19:43:00 | 001,032,220 | ---- | C] (Thisisu) -- F:\Users\Administrator\Desktop\JRT.exe [2013/09/26 16:21:33 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Steam [3 E:\Windows\SysWow64\*.tmp files -> E:\Windows\SysWow64\*.tmp -> ] [1 E:\*.tmp files -> E:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/10/08 13:57:58 | 001,954,124 | ---- | M] (Farbar) -- F:\Users\Administrator\Desktop\FRST64.exe [2013/10/07 19:47:21 | 004,095,448 | ---- | M] (BrightFort LLC ) -- F:\Users\Administrator\Desktop\spywareblastersetup50.exe [2013/10/07 19:43:07 | 001,032,220 | ---- | M] (Thisisu) -- F:\Users\Administrator\Desktop\JRT.exe [2013/10/07 19:24:22 | 001,045,226 | ---- | M] () -- F:\Users\Administrator\Desktop\adwcleaner.exe [3 E:\Windows\SysWow64\*.tmp files -> E:\Windows\SysWow64\*.tmp -> ] [1 E:\*.tmp files -> E:\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/10/07 19:24:02 | 001,045,226 | ---- | C] () -- F:\Users\Administrator\Desktop\adwcleaner.exe [2012/01/09 17:01:06 | 000,000,000 | ---- | C] () -- E:\Windows\ativpsrm.bin [2012/01/04 18:06:52 | 000,217,088 | ---- | C] () -- E:\Windows\SysWow64\qtmlClient.dll [2011/11/09 17:39:44 | 000,059,904 | ---- | C] () -- E:\Windows\SysWow64\OpenVideo.dll [2011/11/09 17:39:32 | 000,054,784 | ---- | C] () -- E:\Windows\SysWow64\OVDecode.dll [2011/10/14 19:54:52 | 000,321,856 | ---- | C] () -- E:\Windows\SysWow64\nvStreaming.exe [2011/10/08 23:37:34 | 000,000,732 | ---- | C] () -- E:\Users\*****\AppData\Local\d3d9caps64.dat [2011/09/12 19:06:16 | 000,003,917 | ---- | C] () -- E:\Windows\SysWow64\atipblag.dat [2011/04/09 12:55:28 | 000,179,261 | ---- | C] () -- E:\Windows\SysWow64\xlive.dll.cat [2010/12/22 18:05:26 | 000,001,356 | ---- | C] () -- E:\Users\*****\AppData\Local\d3d9caps.dat [2010/11/27 13:56:32 | 000,000,120 | ---- | C] () -- E:\Users\*****\AppData\default.pls [2010/06/06 14:15:17 | 000,122,992 | -H-- | C] () -- E:\Windows\SysWow64\mlfcache.dat [2010/03/08 16:55:54 | 002,434,856 | ---- | C] () -- E:\Windows\SysWow64\pbsvc_bc2.exe [2010/02/05 10:34:43 | 000,000,093 | ---- | C] () -- E:\Users\*****\AppData\Local\fusioncache.dat [2009/12/09 20:29:02 | 000,052,736 | ---- | C] () -- E:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/11/22 21:00:42 | 000,000,000 | ---- | C] () -- E:\Windows\SysWow64\Access.dat [2009/11/08 12:37:00 | 000,044,544 | ---- | C] () -- E:\Windows\SysWow64\Gif89.dll [2009/09/27 09:13:48 | 000,000,033 | ---- | C] () -- E:\Windows\Multimedia manager.INI [2009/01/23 18:40:27 | 000,000,056 | -H-- | C] () -- E:\Windows\SysWow64\ezsidmv.dat [2009/01/01 12:00:39 | 000,043,520 | ---- | C] () -- E:\Windows\SysWow64\CmdLineExt03.dll [2008/11/27 19:29:00 | 000,096,801 | ---- | C] () -- E:\Windows\War3Unin.dat [2008/08/25 15:34:16 | 000,000,466 | RHS- | C] () -- E:\ProgramData\ntuser.pol [2008/08/12 16:17:52 | 000,003,308 | ---- | C] () -- E:\Windows\bthservsdp.dat [2008/08/08 15:57:05 | 000,106,605 | ---- | C] () -- E:\Windows\SysWow64\StructuredQuerySchema.bin [2008/08/08 15:57:05 | 000,018,904 | ---- | C] () -- E:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2008/07/29 12:02:05 | 000,000,000 | ---- | C] () -- E:\ProgramData\LauncherAccess.dt [2008/07/29 12:00:03 | 000,005,632 | ---- | C] () -- E:\Windows\SysWow64\drivers\StarOpen.sys [2008/04/22 17:46:56 | 000,368,640 | ---- | C] () -- E:\Windows\SysWow64\msjetoledb40.dll [2008/04/22 17:46:42 | 000,060,124 | ---- | C] () -- E:\Windows\SysWow64\tcpmon.ini [2008/02/18 16:26:18 | 000,001,167 | ---- | C] () -- E:\Windows\mozver.dat [2008/02/14 13:32:04 | 000,000,000 | ---- | C] () -- E:\Windows\nsreg.dat [2008/02/12 15:46:22 | 000,214,864 | ---- | C] () -- E:\Windows\SysWow64\PnkBstrB.exe [2008/02/12 15:46:21 | 000,669,184 | ---- | C] () -- E:\Windows\SysWow64\pbsvc.exe [2008/02/12 15:46:21 | 000,075,064 | ---- | C] () -- E:\Windows\SysWow64\PnkBstrA.exe [2008/02/11 15:22:15 | 000,000,069 | ---- | C] () -- E:\Windows\NeroDigital.ini [2007/05/19 09:22:17 | 001,499,938 | ---- | C] () -- E:\Windows\SysWow64\PerfStringBackup.INI [2006/11/02 11:35:48 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat [2006/11/02 11:00:58 | 000,197,632 | ---- | C] () -- E:\Windows\SysWow64\ir32_32.dll [2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- E:\Windows\SysWow64\dssec.dat [2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- E:\Windows\SysWow64\NOISE.DAT [2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- E:\Windows\SysWow64\mlang.dat [2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin ========== LOP Check ========== [2008/02/12 08:04:51 | 000,000,000 | ---D | M] -- E:\ProgramData\Acronis [2007/02/16 04:35:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten [2006/11/02 11:41:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data [2011/02/03 14:59:54 | 000,000,000 | ---D | M] -- E:\ProgramData\DAEMON Tools Lite [2006/11/02 11:41:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop [2006/11/02 11:41:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents [2007/02/16 04:35:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente [2011/11/18 11:48:32 | 000,000,000 | ---D | M] -- E:\ProgramData\Easybits GO [2007/02/16 04:35:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten [2006/11/02 11:41:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites [2011/05/23 07:23:38 | 000,000,000 | ---D | M] -- E:\ProgramData\HighAndes [2012/01/04 19:05:27 | 000,000,000 | ---D | M] -- E:\ProgramData\PACE Anti-Piracy [2011/09/23 11:31:20 | 000,000,000 | ---D | M] -- E:\ProgramData\Panasonic [2012/02/02 19:24:32 | 000,000,000 | ---D | M] -- E:\ProgramData\PMB Files [2010/03/15 16:13:37 | 000,000,000 | ---D | M] -- E:\ProgramData\Samsung [2006/11/02 11:41:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu [2007/02/16 04:35:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü [2006/11/02 11:41:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates [2007/02/16 04:35:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen [2010/02/15 11:14:21 | 000,000,000 | ---D | M] -- E:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3} [2010/06/28 11:47:55 | 000,000,000 | ---D | M] -- E:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2012/02/02 20:09:36 | 000,032,606 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT [2012/02/02 20:05:00 | 000,000,420 | -H-- | M] () -- E:\Windows\Tasks\User_Feed_Synchronization-{67EDA5FC-0019-45FD-BD8F-60FFCB19790F}.job [2012/02/02 20:07:06 | 000,000,454 | -H-- | M] () -- E:\Windows\Tasks\User_Feed_Synchronization-{FF4DA3C5-B76D-406A-8828-716AE39A637B}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 128 bytes -> E:\Windows:nlsPreferences @Alternate Data Stream - 1264 bytes -> E:\ProgramData\Microsoft:SQasxH89fAhVdXZTo4rQsa1lB8 @Alternate Data Stream - 1257 bytes -> E:\ProgramData\Microsoft:mF4IF8xPxZPwwlfGMSTyMdmOB @Alternate Data Stream - 1241 bytes -> E:\ProgramData\Microsoft:DsK0QpZjrH4Bu7uFCcUC3mv2JNM @Alternate Data Stream - 1237 bytes -> E:\ProgramData\Microsoft:BzN69YMHrh8PpgVkajVTf @Alternate Data Stream - 1126 bytes -> E:\Program Files (x86)\Common Files\System:8pBA6f4chx8LvxmXGoa @Alternate Data Stream - 1075 bytes -> E:\Users\*****\AppData\Local:Gy1L44sVjSHClQdReyzsUh8 < End of report > |
08.10.2013, 22:12 | #4 |
/// TB-Ausbilder | GVU Trojaner Windows 7 64 Bit Hallo, und du bist dir sicher, dass hier Malware das Problem ist? (Hat man den GVU-Sperrschirm gesehen?) In diesem Log kann ich keine Spur davon erkennen..
__________________ cheers, Leo |
08.10.2013, 22:19 | #5 |
| GVU Trojaner Windows 7 64 Bit Hallo Leo, der Form halber zunaechst einmal vielen Dank! Finde das toll, dass du mir bei der Sache weiter hilfst. Ja, ich bin mir sehr sicher. Sobald ich mich unter dem Benutzer anmelde kommt der Sperrschirm. Soll ich mal so starten und dir eine Hardcopy davon einstellen? Mit FRST habe ich es nicht hin bekommen, siehe obig beschriebene Fehlermeldung. Dann habe ich es mit OTLPE versucht. Ging zunaechst auch nicht, dann habe ich mir eine Start-CD damit erstellt und es hin bekommen. Sitze gerade am betroffenen Computer und nutze den InternetExplorer der Benutzeroberflaeche von der gebooteten CD. Soll ich mal bei den Scans ueberall auf ALL einstellen? Die Windows-Installation ist hier ein wenig merkwuerdig gestaltet ... es ist ein Raid, aber das System ist auf der Platte F so wie es aussieht. Edit Er hat gestern Abend offenbar noch diverse AntiMalware-Software installiert und mit einem dieser Programme drueber gebuegelt meint er gerade. Also vom Administrator-Benutzerkonto aus. Da kann man sich nach wie vor anmelden. Zudem hat er gestern Abend noch 30 Windows-Updates gestartet, welche es noch heruntergeladen hatte bevor der Rechner aus gegangen ist. Vorhin hat es mir beim Booten die ganze Zeit angezeigt, dass etwas beim Windows-Update schief gelaufen sei, es wuerde rueckgaengig gemacht werden, hernach konnte ich mich ganz normal als Admin anmelden. Habe dann mal unter dem Admin-Kondo prophylaktisch die Windows-Updates fuer den Moment wieder komplett rausgenommen, diese duerften uns jetzt gerade kaum weiterhelfen. Edit 2 Auf der Festplatte E sitzt auch noch ein Betriebtssystem, vielleicht hat es sich ja dort versteckt ... ? Hier die OLT.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 10/9/2013 12:26:53 AM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE 64bit-Windows Vista (TM) Ultimate Service Pack 1 (Version = 6.0.6001) - Type = System Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 93.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86) Drive C: | 110.00 Mb Total Space | 85.88 Mb Free Space | 78.07% Space Free | Partition Type: NTFS Drive D: | 465.76 Gb Total Space | 6.35 Gb Free Space | 1.36% Space Free | Partition Type: NTFS Drive E: | 465.76 Gb Total Space | 313.54 Gb Free Space | 67.32% Space Free | Partition Type: NTFS Drive F: | 273.20 Gb Total Space | 17.62 Gb Free Space | 6.45% Space Free | Partition Type: NTFS Drive G: | 7.26 Gb Total Space | 7.26 Gb Free Space | 100.00% Space Free | Partition Type: FAT32 Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/11/09 23:11:32 | 000,204,288 | ---- | M] (AMD) [Auto] -- E:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2008/05/01 20:49:54 | 000,160,272 | ---- | M] (Logitech, Inc.) [Auto] -- E:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV:64bit: - [2008/01/19 04:06:50 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2008/01/19 04:00:52 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\appmgmts.dll -- (AppMgmt) SRV - [2011/10/15 04:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto] -- E:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011/10/14 19:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto] -- E:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011/08/06 01:14:15 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand] -- E:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/06/06 06:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- E:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010/06/23 19:40:36 | 000,077,824 | ---- | M] (Avid Technology, Inc..) [Auto] -- E:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh) SRV - [2010/06/17 17:50:00 | 003,890,920 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- E:\Windows\SysWow64\GameMon.des -- (npggsvc) SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/08 16:55:54 | 000,075,064 | ---- | M] () [Auto] -- E:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2009/07/21 09:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- E:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009/06/07 07:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) [Auto] -- E:\Windows\SysWOW64\NlsSrv32.exe -- (nlsX86cc) SRV - [2009/05/13 11:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- E:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008/07/27 14:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2006/12/27 19:00:00 | 000,356,352 | ---- | M] (AVM Berlin) [Auto] -- E:\Program Files (x86)\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) SRV - [2006/10/18 10:26:16 | 000,285,216 | ---- | M] (Acronis) [Auto] -- E:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011/11/09 23:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2011/11/09 23:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011/11/09 22:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011/10/17 13:40:40 | 000,090,128 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- E:\Windows\System32\drivers\AtihdLH6.sys -- (AtiHDAudioService) DRV:64bit: - [2011/08/02 12:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/02/03 15:00:31 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System] -- E:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2010/12/07 14:19:02 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\MAudioFastTrack.sys -- (MAUSBFASTTRACK) DRV:64bit: - [2010/06/13 20:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand] -- E:\Windows\System32\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010/04/26 22:25:14 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm) DRV:64bit: - [2010/04/26 22:25:14 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) DRV:64bit: - [2010/04/26 22:25:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl) DRV:64bit: - [2010/03/18 21:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- E:\Windows\System32\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009/12/07 16:32:51 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto] -- E:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2009/09/30 10:32:44 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009/09/09 14:25:14 | 000,871,408 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- E:\Windows\System32\drivers\sptd.sys -- (sptd) DRV:64bit: - [2009/09/09 13:17:41 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2009/07/14 10:36:28 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009/04/21 13:08:10 | 000,012,800 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand] -- E:\Windows\System32\drivers\danew.sys -- (danewFltr) DRV:64bit: - [2008/02/28 21:17:08 | 000,041,488 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2008/02/28 21:17:00 | 000,112,144 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE) DRV:64bit: - [2008/02/28 21:16:52 | 000,057,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2008/02/28 21:16:44 | 000,054,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2008/02/28 21:16:28 | 000,113,680 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou) DRV:64bit: - [2008/01/19 02:47:12 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb) DRV:64bit: - [2008/01/19 02:34:08 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\avc.sys -- (Avc) DRV:64bit: - [2008/01/19 02:34:06 | 000,058,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\61883.sys -- (61883) DRV:64bit: - [2008/01/19 02:34:04 | 000,061,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\msdv.sys -- (MSDV) DRV:64bit: - [2007/02/16 10:36:21 | 000,629,536 | ---- | M] (Acronis) [Kernel | Boot] -- E:\Windows\System32\drivers\timntr.sys -- (timounter) DRV:64bit: - [2007/02/16 10:36:21 | 000,065,312 | ---- | M] (Acronis) [File_System | Auto] -- E:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter) DRV:64bit: - [2007/02/16 10:36:20 | 000,198,944 | ---- | M] (Acronis) [Kernel | Boot] -- E:\Windows\System32\drivers\snapman.sys -- (snapman) DRV:64bit: - [2007/01/12 12:43:40 | 000,037,552 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\frmupgr.sys -- (DFUBTUSB) DRV:64bit: - [2006/12/27 19:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- E:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB) DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- E:\Windows\System32\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2005/03/28 20:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand] -- E:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [2010/06/13 20:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand] -- E:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2006/07/24 10:05:00 | 000,005,632 | ---- | M] () [File_System | System] -- E:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) DRV - [2005/01/04 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand] -- E:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\*****_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\*****_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\*****_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\Lisa_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034" FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=: FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\*****\Music\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: E:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: E:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: E:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: E:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: E:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: E:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: E:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/11 21:28:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/20 21:09:49 | 000,000,000 | ---D | M] [2010/06/01 15:33:19 | 000,000,000 | ---D | M] (No name found) -- E:\Users\*****\AppData\Roaming\Mozilla\Extensions [2010/06/05 22:12:15 | 000,000,000 | ---D | M] (No name found) -- E:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7bq2ynvd.default\extensions [2009/11/19 07:39:36 | 000,000,000 | ---D | M] (No name found) -- E:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7bq2ynvd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/06/05 22:12:15 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- E:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7bq2ynvd.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009/11/19 07:39:36 | 000,000,000 | ---D | M] (No name found) -- E:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7bq2ynvd.default\extensions\staged-xpis [2012/02/01 20:14:46 | 000,000,000 | ---D | M] (No name found) -- E:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\9mi91wdq.default\extensions [2011/04/18 07:52:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- E:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\9mi91wdq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/06/05 22:12:15 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- E:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\9mi91wdq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011/04/18 07:52:28 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- E:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\9mi91wdq.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} [2012/02/01 20:14:46 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files (x86)\Mozilla Firefox\extensions [2011/11/18 11:49:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010/06/20 17:02:25 | 000,000,000 | ---D | M] (Adobe Flash) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{82e4700b-58f2-4aa0-8949-964b59155c87} [2010/06/28 12:11:23 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/11/27 14:00:28 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} File not found (No name found) -- E:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{3112CA9C-DE6D-4884-A869-9855DE68056C} File not found (No name found) -- E:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{B13721C7-F507-4982-B2E5-502A71474FED} [2010/09/14 23:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011/03/12 16:14:17 | 000,001,392 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/03/12 16:14:17 | 000,002,344 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011/03/12 16:14:17 | 000,006,805 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011/03/12 16:14:17 | 000,001,178 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011/03/12 16:14:17 | 000,001,105 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe Flash) - {82E4700B-58F2-4AA0-8949-964B59155C87} - E:\Users\*****\AppData\Roaming\AdobeFlash\IE\AdobeFlash.dll (Adobe Systems, Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] E:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] File not found O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] E:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Launch LCDMon] E:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] E:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] E:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] E:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.) O4:64bit: - HKLM..\Run: [Windows Defender] E:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [AcronisTimounterMonitor] E:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [APSDaemon] E:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] E:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] E:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [DeathAdder] E:\Program Files (x86)\Razer\DeathAdder\razerhid.exe () O4 - HKLM..\Run: [DigidesignMMERefresh] E:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc..) O4 - HKLM..\Run: [DivXUpdate] E:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [StartCCC] E:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] E:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKU\*****_ON_E..\Run: [AutoStartNPSAgent] D:\Anwendungen\NewPCStudio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKU\*****_ON_E..\Run: [avupdate] File not found O4 - HKU\*****_ON_E..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] E:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\*****_ON_E..\Run: [DAEMON Tools Lite] D:\Anwendungen\Daemon\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\Lisa_ON_E..\Run: [WindowsWelcomeCenter] E:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\LocalService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\LocalService_ON_E..\Run: [WindowsWelcomeCenter] E:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\NetworkService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\NetworkService_ON_E..\Run: [WindowsWelcomeCenter] E:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\UpdatusUser_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\UpdatusUser_ON_E..\Run: [WindowsWelcomeCenter] E:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\Lisa_ON_E..\RunOnce: [FlashPlayerUpdate] E:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_Plugin.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\*****_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - E:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - E:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - File not found O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - E:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - E:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13:64bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.254 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - E:\Windows\System32\DreamScene.dll (Microsoft Corporation) O24 - Desktop WallPaper: D:\#Sicherung\200SATA\Internet Explorer Wallpaper.bmp O24 - Desktop BackupWallPaper: D:\#Sicherung\200SATA\Internet Explorer Wallpaper.bmp O30:64bit: - LSA: Authentication Packages - (relog_ap) - E:\Windows\System32\relog_ap.dll (Acronis) O30 - LSA: Authentication Packages - (relog_ap) - E:\Windows\SysWow64\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{325ed12e-aac4-11de-9084-00040ec6ee83}\Shell\AutoRun\command - "" = K:\installer.exe O33 - MountPoints2\{325ed12e-aac4-11de-9084-00040ec6ee83}\Shell\verb\command - "" = K:\installer.exe O33 - MountPoints2\{399d00a2-2fc5-11e0-a0cd-001a922d4236}\Shell - "" = AutoRun O33 - MountPoints2\{399d00a2-2fc5-11e0-a0cd-001a922d4236}\Shell\AutoRun\command - "" = I:\Autorun.exe O33 - MountPoints2\{399d00a9-2fc5-11e0-a0cd-001a922d4236}\Shell - "" = AutoRun O33 - MountPoints2\{399d00a9-2fc5-11e0-a0cd-001a922d4236}\Shell\AutoRun\command - "" = J:\Autorun.exe O33 - MountPoints2\{c86c8c10-d80a-11dc-9404-00040ec6ee83}\Shell\AutoRun\command - "" = E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe O33 - MountPoints2\{fbb62ea3-9d70-11de-a731-00040ec6ee83}\Shell - "" = AutoRun O33 - MountPoints2\{fbb62ea3-9d70-11de-a731-00040ec6ee83}\Shell\AutoRun\command - "" = I:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found 64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found 64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2013/10/08 23:11:50 | 000,000,000 | -HSD | C] -- E:\RECYCLER [2013/09/26 16:21:33 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Steam [3 E:\Windows\SysWow64\*.tmp files -> E:\Windows\SysWow64\*.tmp -> ] [1 E:\*.tmp files -> E:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [3 E:\Windows\SysWow64\*.tmp files -> E:\Windows\SysWow64\*.tmp -> ] [1 E:\*.tmp files -> E:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/01/09 17:01:06 | 000,000,000 | ---- | C] () -- E:\Windows\ativpsrm.bin [2012/01/04 18:06:52 | 000,217,088 | ---- | C] () -- E:\Windows\SysWow64\qtmlClient.dll [2011/11/09 17:39:44 | 000,059,904 | ---- | C] () -- E:\Windows\SysWow64\OpenVideo.dll [2011/11/09 17:39:32 | 000,054,784 | ---- | C] () -- E:\Windows\SysWow64\OVDecode.dll [2011/10/14 19:54:52 | 000,321,856 | ---- | C] () -- E:\Windows\SysWow64\nvStreaming.exe [2011/10/08 23:37:34 | 000,000,732 | ---- | C] () -- E:\Users\*****\AppData\Local\d3d9caps64.dat [2011/09/12 19:06:16 | 000,003,917 | ---- | C] () -- E:\Windows\SysWow64\atipblag.dat [2011/04/09 12:55:28 | 000,179,261 | ---- | C] () -- E:\Windows\SysWow64\xlive.dll.cat [2010/12/22 18:05:26 | 000,001,356 | ---- | C] () -- E:\Users\*****\AppData\Local\d3d9caps.dat [2010/11/27 13:56:32 | 000,000,120 | ---- | C] () -- E:\Users\*****\AppData\default.pls [2010/06/06 14:15:17 | 000,122,992 | -H-- | C] () -- E:\Windows\SysWow64\mlfcache.dat [2010/03/08 16:55:54 | 002,434,856 | ---- | C] () -- E:\Windows\SysWow64\pbsvc_bc2.exe [2010/02/05 10:34:43 | 000,000,093 | ---- | C] () -- E:\Users\*****\AppData\Local\fusioncache.dat [2009/12/09 20:29:02 | 000,052,736 | ---- | C] () -- E:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/11/22 21:00:42 | 000,000,000 | ---- | C] () -- E:\Windows\SysWow64\Access.dat [2009/11/08 12:37:00 | 000,044,544 | ---- | C] () -- E:\Windows\SysWow64\Gif89.dll [2009/09/27 09:13:48 | 000,000,033 | ---- | C] () -- E:\Windows\Multimedia manager.INI [2009/01/23 18:40:27 | 000,000,056 | -H-- | C] () -- E:\Windows\SysWow64\ezsidmv.dat [2009/01/01 12:00:39 | 000,043,520 | ---- | C] () -- E:\Windows\SysWow64\CmdLineExt03.dll [2008/11/27 19:29:00 | 000,096,801 | ---- | C] () -- E:\Windows\War3Unin.dat [2008/08/25 15:34:16 | 000,000,466 | RHS- | C] () -- E:\ProgramData\ntuser.pol [2008/08/12 16:17:52 | 000,003,308 | ---- | C] () -- E:\Windows\bthservsdp.dat [2008/08/08 15:57:05 | 000,106,605 | ---- | C] () -- E:\Windows\SysWow64\StructuredQuerySchema.bin [2008/08/08 15:57:05 | 000,018,904 | ---- | C] () -- E:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2008/07/29 12:02:05 | 000,000,000 | ---- | C] () -- E:\ProgramData\LauncherAccess.dt [2008/07/29 12:00:03 | 000,005,632 | ---- | C] () -- E:\Windows\SysWow64\drivers\StarOpen.sys [2008/04/22 17:46:56 | 000,368,640 | ---- | C] () -- E:\Windows\SysWow64\msjetoledb40.dll [2008/04/22 17:46:42 | 000,060,124 | ---- | C] () -- E:\Windows\SysWow64\tcpmon.ini [2008/02/18 16:26:18 | 000,001,167 | ---- | C] () -- E:\Windows\mozver.dat [2008/02/14 13:32:04 | 000,000,000 | ---- | C] () -- E:\Windows\nsreg.dat [2008/02/12 15:46:22 | 000,214,864 | ---- | C] () -- E:\Windows\SysWow64\PnkBstrB.exe [2008/02/12 15:46:21 | 000,669,184 | ---- | C] () -- E:\Windows\SysWow64\pbsvc.exe [2008/02/12 15:46:21 | 000,075,064 | ---- | C] () -- E:\Windows\SysWow64\PnkBstrA.exe [2008/02/11 15:22:15 | 000,000,069 | ---- | C] () -- E:\Windows\NeroDigital.ini [2007/05/19 09:22:17 | 001,499,938 | ---- | C] () -- E:\Windows\SysWow64\PerfStringBackup.INI [2006/11/02 11:35:48 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat [2006/11/02 11:00:58 | 000,197,632 | ---- | C] () -- E:\Windows\SysWow64\ir32_32.dll [2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- E:\Windows\SysWow64\dssec.dat [2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- E:\Windows\SysWow64\NOISE.DAT [2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- E:\Windows\SysWow64\mlang.dat [2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin ========== LOP Check ========== [2008/02/12 08:04:51 | 000,000,000 | ---D | M] -- E:\ProgramData\Acronis [2007/02/16 04:35:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten [2006/11/02 11:41:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data [2011/02/03 14:59:54 | 000,000,000 | ---D | M] -- E:\ProgramData\DAEMON Tools Lite [2006/11/02 11:41:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop [2006/11/02 11:41:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents [2007/02/16 04:35:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente [2011/11/18 11:48:32 | 000,000,000 | ---D | M] -- E:\ProgramData\Easybits GO [2007/02/16 04:35:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten [2006/11/02 11:41:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites [2011/05/23 07:23:38 | 000,000,000 | ---D | M] -- E:\ProgramData\HighAndes [2012/01/04 19:05:27 | 000,000,000 | ---D | M] -- E:\ProgramData\PACE Anti-Piracy [2011/09/23 11:31:20 | 000,000,000 | ---D | M] -- E:\ProgramData\Panasonic [2012/02/02 19:24:32 | 000,000,000 | ---D | M] -- E:\ProgramData\PMB Files [2010/03/15 16:13:37 | 000,000,000 | ---D | M] -- E:\ProgramData\Samsung [2006/11/02 11:41:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu [2007/02/16 04:35:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü [2006/11/02 11:41:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates [2007/02/16 04:35:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen [2010/02/15 11:14:21 | 000,000,000 | ---D | M] -- E:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3} [2010/06/28 11:47:55 | 000,000,000 | ---D | M] -- E:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2012/02/02 20:09:36 | 000,032,606 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT [2012/02/02 20:05:00 | 000,000,420 | -H-- | M] () -- E:\Windows\Tasks\User_Feed_Synchronization-{67EDA5FC-0019-45FD-BD8F-60FFCB19790F}.job [2012/02/02 20:07:06 | 000,000,454 | -H-- | M] () -- E:\Windows\Tasks\User_Feed_Synchronization-{FF4DA3C5-B76D-406A-8828-716AE39A637B}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 128 bytes -> E:\Windows:nlsPreferences @Alternate Data Stream - 1264 bytes -> E:\ProgramData\Microsoft:SQasxH89fAhVdXZTo4rQsa1lB8 @Alternate Data Stream - 1257 bytes -> E:\ProgramData\Microsoft:mF4IF8xPxZPwwlfGMSTyMdmOB @Alternate Data Stream - 1241 bytes -> E:\ProgramData\Microsoft:DsK0QpZjrH4Bu7uFCcUC3mv2JNM @Alternate Data Stream - 1237 bytes -> E:\ProgramData\Microsoft:BzN69YMHrh8PpgVkajVTf @Alternate Data Stream - 1126 bytes -> E:\Program Files (x86)\Common Files\System:8pBA6f4chx8LvxmXGoa @Alternate Data Stream - 1075 bytes -> E:\Users\*****\AppData\Local:Gy1L44sVjSHClQdReyzsUh8 < End of report > [/CODE] Geändert von Lou Schalter (08.10.2013 um 22:31 Uhr) |
08.10.2013, 22:38 | #6 | |
/// TB-Ausbilder | GVU Trojaner Windows 7 64 Bit Hallo, Zitat:
Gehe bitte in diesen Admin-Account und mach dort einen FRST-Scan wie folgt: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ --> GVU Trojaner Windows 7 64 Bit |
09.10.2013, 00:10 | #7 |
| GVU Trojaner Windows 7 64 Bit Das hatte ich vorhin bereits probiert. Da hatte es dann als es bei SCHEDLGU.txt war erstmal gehangen, danach kam die Fehlermeldung Line 11324 File G{backslash}FRST64.exe Error in expression EDIT Bin gerade als Administrator angemeldet, habe mit FRST64 gescannt, hier die (leere) Logdatei: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013 Ran by Administrator at 2013-10-09 00:49:59 Running from C:\Users\Administrator\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AutoIt Error Line 11324 (File "C:\Users\Administrator\Desktop\FRST64.exe"): Error: Error in Expression Und vorher, während dem Scannen hat sich Microsoft Security Essentials gemeldet und angezeigt: Von Security Essentials wurden unbekannte Elemente auf dem PC gefunden. (...) Dateipfad: C:\ProgramData\4wcl7hv.plz EDIT 2 Hier noch der Log von Gmer (auch auf dem Admin-Konto ausgeführt) Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-10-09 01:28:18 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk2\DR2 -> \Device\Scsi\mv64xx1Port1Path0Target0Lun0 MARVELL_ rev.1.01 273,31GB Running: gmer_2.1.19163.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pwtoapod.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe[2756] C:\Windows\BDTSupport.dll!GetInformation + 7 0000000010001047 18 bytes [10, 33, C4, 89, 44, 24, 1C, ...] .text C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe[2756] C:\Windows\BDTSupport.dll!GetInformation + 26 000000001000105a 10 bytes [10, 8D, 4C, 24, 10, C7, 44, ...] .text ... * 11 .text C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe[2756] C:\Windows\BDTSupport.dll!getSubProductCode + 6 00000000100010d6 3 bytes [A1, 94, D0] .text C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe[2756] C:\Windows\BDTSupport.dll!getSubProductCode + 10 00000000100010da 8 bytes [10, 33, C4, 89, 84, 24, 20, ...] .text C:\Windows\system32\hasplms.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fb1465 2 bytes [FB, 76] .text C:\Windows\system32\hasplms.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fb14bb 2 bytes [FB, 76] .text ... * 2 .text C:\Windows\SysWOW64\PnkBstrA.exe[2932] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072dc1a22 2 bytes [DC, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2932] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072dc1ad0 2 bytes [DC, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2932] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072dc1b08 2 bytes [DC, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2932] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072dc1bba 2 bytes [DC, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2932] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072dc1bda 2 bytes [DC, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fb1465 2 bytes [FB, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[2932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fb14bb 2 bytes [FB, 76] .text ... * 2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fb1465 2 bytes [FB, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fb14bb 2 bytes [FB, 76] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4192] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect 000007fefd8d4ed0 9 bytes [68, 78, 03, FE, 02, C3, CC, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[4192] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW 000007fefbc65c54 7 bytes [68, 08, 03, FE, 02, C3, CC] .text C:\Program Files\Internet Explorer\iexplore.exe[4192] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheet 000007fefbc65c64 9 bytes [68, 40, 03, FE, 02, C3, CC, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[4192] C:\Windows\system32\comdlg32.dll!PageSetupDlgW 000007fefee617a0 9 bytes [68, B0, 03, FE, 02, C3, CC, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtdllDefWindowProc_A 0000000076e1f578 7 bytes JMP 0000000103340570 .text C:\Program Files\Internet Explorer\iexplore.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtdllDefWindowProc_W 0000000076e2b0cc 7 bytes JMP 00000001033405a8 .text C:\Program Files\Internet Explorer\iexplore.exe[4884] C:\Windows\system32\kernel32.dll!CreateThread 0000000076cf6580 9 bytes JMP 00000001033404c8 .text C:\Program Files\Internet Explorer\iexplore.exe[4884] C:\Windows\system32\ole32.dll!OleLoadFromStream 000007fefdaa75f0 7 bytes [68, E0, 05, 34, 03, C3, CC] .text C:\Program Files\Internet Explorer\iexplore.exe[4884] C:\Windows\system32\OLEAUT32.dll!VariantClear 000007fefd871180 10 bytes [68, C0, 06, 34, 03, C3, CC, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[4884] C:\Windows\system32\OLEAUT32.dll!SysFreeString 000007fefd871320 7 bytes [68, 50, 06, 34, 03, C3, CC] .text C:\Program Files\Internet Explorer\iexplore.exe[4884] C:\Windows\system32\OLEAUT32.dll!SysAllocStringByteLen 000007fefd874450 6 bytes [68, 18, 06, 34, 03, C3] .text C:\Program Files\Internet Explorer\iexplore.exe[4884] C:\Windows\system32\OLEAUT32.dll!VariantChangeType 000007fefd876720 10 bytes [68, 88, 06, 34, 03, C3, CC, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[4884] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect 000007fefd8d4ed0 9 bytes [68, 78, 03, 34, 03, C3, CC, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[4884] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW 000007fefbc65c54 7 bytes [68, 08, 03, 34, 03, C3, CC] .text C:\Program Files\Internet Explorer\iexplore.exe[4884] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheet 000007fefbc65c64 9 bytes [68, 40, 03, 34, 03, C3, CC, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[4884] C:\Windows\system32\comdlg32.dll!PageSetupDlgW 000007fefee617a0 9 bytes [68, B0, 03, 34, 03, C3, CC, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[8792] C:\Windows\SYSTEM32\ntdll.dll!NtdllDefWindowProc_A 0000000076e1f578 7 bytes JMP 0000000102ff0570 .text C:\Program Files\Internet Explorer\iexplore.exe[8792] C:\Windows\SYSTEM32\ntdll.dll!NtdllDefWindowProc_W 0000000076e2b0cc 7 bytes JMP 0000000102ff05a8 .text C:\Program Files\Internet Explorer\iexplore.exe[8792] C:\Windows\system32\kernel32.dll!CreateThread 0000000076cf6580 9 bytes JMP 0000000102ff04c8 .text C:\Program Files\Internet Explorer\iexplore.exe[8792] C:\Windows\system32\ole32.dll!OleLoadFromStream 000007fefdaa75f0 7 bytes [68, E0, 05, FF, 02, C3, CC] .text C:\Program Files\Internet Explorer\iexplore.exe[8792] C:\Windows\system32\OLEAUT32.dll!VariantClear 000007fefd871180 10 bytes [68, C0, 06, FF, 02, C3, CC, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[8792] C:\Windows\system32\OLEAUT32.dll!SysFreeString 000007fefd871320 7 bytes [68, 50, 06, FF, 02, C3, CC] .text C:\Program Files\Internet Explorer\iexplore.exe[8792] C:\Windows\system32\OLEAUT32.dll!SysAllocStringByteLen 000007fefd874450 6 bytes [68, 18, 06, FF, 02, C3] .text C:\Program Files\Internet Explorer\iexplore.exe[8792] C:\Windows\system32\OLEAUT32.dll!VariantChangeType 000007fefd876720 10 bytes [68, 88, 06, FF, 02, C3, CC, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[8792] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect 000007fefd8d4ed0 9 bytes [68, 78, 03, FF, 02, C3, CC, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[8792] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW 000007fefbc65c54 7 bytes [68, 08, 03, FF, 02, C3, CC] .text C:\Program Files\Internet Explorer\iexplore.exe[8792] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheet 000007fefbc65c64 9 bytes [68, 40, 03, FF, 02, C3, CC, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[8792] C:\Windows\system32\comdlg32.dll!PageSetupDlgW 000007fefee617a0 9 bytes [68, B0, 03, FF, 02, C3, CC, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[7792] C:\Windows\SYSTEM32\ntdll.dll!NtdllDefWindowProc_A 0000000076e1f578 7 bytes JMP 0000000100bd0570 .text C:\Program Files\Internet Explorer\iexplore.exe[7792] C:\Windows\SYSTEM32\ntdll.dll!NtdllDefWindowProc_W 0000000076e2b0cc 7 bytes JMP 0000000100bd05a8 .text C:\Program Files\Internet Explorer\iexplore.exe[7792] C:\Windows\system32\kernel32.dll!CreateThread 0000000076cf6580 9 bytes JMP 0000000100bd04c8 .text C:\Program Files\Internet Explorer\iexplore.exe[7792] C:\Windows\system32\ole32.dll!OleLoadFromStream 000007fefdaa75f0 7 bytes [68, E0, 05, BD, 00, C3, CC] .text C:\Program Files\Internet Explorer\iexplore.exe[7792] C:\Windows\system32\OLEAUT32.dll!VariantClear 000007fefd871180 10 bytes [68, C0, 06, BD, 00, C3, CC, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[7792] C:\Windows\system32\OLEAUT32.dll!SysFreeString 000007fefd871320 7 bytes [68, 50, 06, BD, 00, C3, CC] .text C:\Program Files\Internet Explorer\iexplore.exe[7792] C:\Windows\system32\OLEAUT32.dll!SysAllocStringByteLen 000007fefd874450 6 bytes [68, 18, 06, BD, 00, C3] .text C:\Program Files\Internet Explorer\iexplore.exe[7792] C:\Windows\system32\OLEAUT32.dll!VariantChangeType 000007fefd876720 10 bytes [68, 88, 06, BD, 00, C3, CC, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[7792] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect 000007fefd8d4ed0 9 bytes [68, 78, 03, BD, 00, C3, CC, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[7792] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW 000007fefbc65c54 7 bytes [68, 08, 03, BD, 00, C3, CC] .text C:\Program Files\Internet Explorer\iexplore.exe[7792] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheet 000007fefbc65c64 9 bytes [68, 40, 03, BD, 00, C3, CC, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[7792] C:\Windows\system32\comdlg32.dll!PageSetupDlgW 000007fefee617a0 9 bytes [68, B0, 03, BD, 00, C3, CC, ...] ---- Threads - GMER 2.1 ---- Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4768:5052] 0000000075df7587 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4768:3020] 000000006db50cb3 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4768:4144] 0000000077032e65 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4768:3004] 0000000077033e85 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4768:10040] 0000000077033e85 ---- EOF - GMER 2.1 ---- Es ist spaet, frage mich gerade wo diese ominoese Partition G auf einmal herkommt ... jedenfalls ist hier auch ein Betriebssystem installiert. Hier die Logfiles. OTL.txt Code:
ATTFilter OTL logfile created on: 10/9/2013 2:58:46 AM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE 64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86) Drive C: | 110.00 Mb Total Space | 85.88 Mb Free Space | 78.07% Space Free | Partition Type: NTFS Drive D: | 465.76 Gb Total Space | 6.35 Gb Free Space | 1.36% Space Free | Partition Type: NTFS Drive E: | 465.76 Gb Total Space | 313.54 Gb Free Space | 67.32% Space Free | Partition Type: NTFS Drive F: | 7.26 Gb Total Space | 7.26 Gb Free Space | 100.00% Space Free | Partition Type: FAT32 Drive G: | 273.20 Gb Total Space | 17.53 Gb Free Space | 6.42% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/11/09 23:11:32 | 000,204,288 | ---- | M] (AMD) [Auto] -- E:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2008/01/19 04:06:50 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2008/01/19 04:00:52 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\appmgmts.dll -- (AppMgmt) SRV - [2011/08/06 01:14:15 | 000,411,432 | ---- | M] (Valve Corporation) [Disabled] -- E:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/06/06 06:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- E:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010/11/20 23:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand] -- G:\Windows\System32\seclogon.dll -- (seclogon) SRV - [2010/06/23 19:40:36 | 000,077,824 | ---- | M] (Avid Technology, Inc..) [Auto] -- E:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh) SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/08 16:55:54 | 000,075,064 | ---- | M] () [Auto] -- E:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2009/07/13 21:41:53 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand] -- G:\Windows\System32\qwave.dll -- (QWAVE) SRV - [2008/07/27 14:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2006/12/27 19:00:00 | 000,356,352 | ---- | M] (AVM Berlin) [Auto] -- E:\Program Files (x86)\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) SRV - [2006/10/18 10:26:16 | 000,285,216 | ---- | M] (Acronis) [Auto] -- E:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011/11/09 23:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011/11/09 22:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010/12/07 14:19:02 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\MAudioFastTrack.sys -- (MAUSBFASTTRACK) DRV:64bit: - [2009/07/14 10:36:28 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009/04/21 13:08:10 | 000,012,800 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand] -- E:\Windows\System32\drivers\danew.sys -- (danewFltr) DRV:64bit: - [2007/02/16 10:36:21 | 000,629,536 | ---- | M] (Acronis) [Kernel | Boot] -- E:\Windows\System32\drivers\timntr.sys -- (timounter) DRV:64bit: - [2007/02/16 10:36:20 | 000,198,944 | ---- | M] (Acronis) [Kernel | Boot] -- E:\Windows\System32\drivers\snapman.sys -- (snapman) DRV:64bit: - [2006/12/27 19:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- E:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB) DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- E:\Windows\System32\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2005/03/28 20:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand] -- E:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Administrator_ON_G\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\Administrator_ON_G\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKU\Administrator_ON_G\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKU\Administrator_ON_G\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\Administrator_ON_G\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\Administrator_ON_G\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 62 77 37 8F B3 C3 CE 01 [binary data] IE - HKU\Administrator_ON_G\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\Administrator_ON_G\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\*****_ON_G\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\*****_ON_G\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKU\*****_ON_G\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\*****_ON_G\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\*****_ON_G\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\*****_ON_G\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 AC 4D D3 F3 F7 CC 01 [binary data] IE - HKU\*****_ON_G\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\*****_ON_G\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\LocalService_ON_G\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\NetworkService_ON_G\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.1.4: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.1.7: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: E:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.0: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: E:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2012/02/01 20:14:46 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files (x86)\Mozilla Firefox\extensions [2011/11/18 11:49:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010/06/20 17:02:25 | 000,000,000 | ---D | M] (Adobe Flash) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{82e4700b-58f2-4aa0-8949-964b59155c87} [2011/12/20 21:09:49 | 000,000,000 | ---D | M] (Default) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2008/03/11 12:08:03 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [2009/02/12 16:56:10 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2010/02/15 16:52:08 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010/06/28 12:11:23 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/11/27 14:00:28 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011/12/20 21:09:48 | 000,025,560 | ---- | M] (Mozilla Foundation) -- E:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll [2011/12/20 21:09:48 | 000,140,760 | ---- | M] (Mozilla Foundation) -- E:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll [2007/04/10 12:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- E:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2010/09/14 23:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011/12/20 21:09:48 | 000,067,032 | ---- | M] (mozilla.org) -- E:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll [2011/06/06 06:55:30 | 000,183,696 | ---- | M] (Adobe Systems Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2010/06/28 12:02:52 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2010/06/28 12:02:52 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2010/06/28 12:02:53 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2010/06/28 12:02:53 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2010/06/28 12:02:53 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2010/06/28 12:02:53 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2010/06/28 12:02:53 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011/03/12 16:14:17 | 000,001,392 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/03/12 16:14:17 | 000,002,344 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011/03/12 16:14:17 | 000,002,371 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\google.xml [2011/03/12 16:14:17 | 000,006,805 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011/03/12 16:14:17 | 000,001,178 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011/03/12 16:14:17 | 000,001,105 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml [2011/05/15 21:20:36 | 000,000,849 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - File not found O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - File not found O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - File not found O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (af0.Adblock.BHO) - {90EFF544-3981-4d46-85C9-C0361D0931D6} - E:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - File not found O2 - BHO: (no name) - {C4415769-1588-4AD6-9624-B2E69DB78D1A} - Reg Error: Value error. File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found O2 - BHO: (no name) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No CLSID value found. O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - File not found O3 - HKU\Administrator_ON_G\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - File not found O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] E:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [IAAnotif] File not found O4:64bit: - HKLM..\Run: [Launch LCore] File not found O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] E:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.) O4:64bit: - HKLM..\Run: [MSC] File not found O4:64bit: - HKLM..\Run: [SoundMAX] File not found O4 - HKLM..\Run: [DeathAdder] E:\Program Files (x86)\Razer\DeathAdder\razerhid.exe () O4 - HKLM..\Run: [DigidesignMMERefresh] E:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc..) O4 - HKLM..\Run: [SoundMAXPnP] E:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [StartCCC] E:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] E:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [VirtualCloneDrive] File not found O4 - HKLM..\Run: [vmware-tray] File not found O4 - HKU\*****_ON_G..\Run: [Google Update] File not found O4 - HKU\*****_ON_G..\Run: [SpybotSD TeaTimer] File not found O4 - HKU\LocalService_ON_G..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\NetworkService_ON_G..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\LocalService_ON_G..\RunOnce: [mctadmin] File not found O4 - HKU\NetworkService_ON_G..\RunOnce: [mctadmin] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKU\Administrator_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\*****_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - File not found O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - File not found O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - File not found O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - File not found O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - File not found O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - File not found O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - File not found O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - File not found O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - E:\Windows\System32\nlaapi.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - E:\Windows\System32\NapiNSP.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - E:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - E:\Windows\System32\mswsock.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - E:\Windows\System32\winrnr.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\Windows\System32\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\Windows\System32\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\Windows\System32\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\Windows\System32\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\Windows\System32\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - E:\Windows\System32\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - E:\Windows\System32\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - E:\Windows\System32\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - E:\Windows\System32\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - E:\Windows\System32\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - E:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - E:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - E:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - E:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found O13:64bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15:64bit: - .DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15:64bit: - .DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15:64bit: - .DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) O15:64bit: - .DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) O15:64bit: - *****_ON_G\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15:64bit: - *****_ON_G\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15:64bit: - *****_ON_G\..Trusted Domains: soe.com ([]* in Trusted sites) O15:64bit: - *****_ON_G\..Trusted Domains: sony.com ([]* in Trusted sites) O15:64bit: - *****_ON_G\..Trusted Ranges: Range1 ([http] in Trusted sites) O15:64bit: - *****_ON_G\..Trusted Ranges: Range1 ([https] in Trusted sites) O15:64bit: - LocalService_ON_G\..Trusted Domains: clonewarsadventures.com ([]* in ) O15:64bit: - LocalService_ON_G\..Trusted Domains: freerealms.com ([]* in ) O15:64bit: - LocalService_ON_G\..Trusted Domains: soe.com ([]* in ) O15:64bit: - LocalService_ON_G\..Trusted Domains: sony.com ([]* in ) O15:64bit: - NetworkService_ON_G\..Trusted Domains: clonewarsadventures.com ([]* in ) O15:64bit: - NetworkService_ON_G\..Trusted Domains: freerealms.com ([]* in ) O15:64bit: - NetworkService_ON_G\..Trusted Domains: soe.com ([]* in ) O15:64bit: - NetworkService_ON_G\..Trusted Domains: sony.com ([]* in ) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - E:\Windows\System32\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - E:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - E:\Windows\System32\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - E:\Windows\System32\inetcomm.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - E:\Windows\System32\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - E:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\Windows\System32\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\Windows\System32\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\Windows\System32\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - E:\Windows\System32\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - E:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O29:64bit: - HKLM SecurityProviders - (credssp.dll) - E:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - E:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (msv1_0) - E:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - E:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (kerberos) - E:\Windows\System32\kerberos.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (msv1_0) - E:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (schannel) - E:\Windows\System32\schannel.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (wdigest) - E:\Windows\System32\wdigest.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (tspkg) - E:\Windows\System32\tspkg.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (pku2u) - File not found O30:64bit: - LSA: Security Packages - (livessp) - File not found O30 - LSA: Security Packages - (kerberos) - E:\Windows\SysWow64\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - E:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - E:\Windows\SysWow64\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - E:\Windows\SysWow64\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - E:\Windows\SysWow64\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - File not found O30 - LSA: Security Packages - (livessp) - File not found O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found 64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found 64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2013/10/08 23:11:50 | 000,000,000 | -HSD | C] -- E:\RECYCLER [2013/09/26 16:21:33 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Steam [3 E:\Windows\SysWow64\*.tmp files -> E:\Windows\SysWow64\*.tmp -> ] [1 E:\*.tmp files -> E:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [3 E:\Windows\SysWow64\*.tmp files -> E:\Windows\SysWow64\*.tmp -> ] [1 E:\*.tmp files -> E:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/01/09 17:01:06 | 000,000,000 | ---- | C] () -- E:\Windows\ativpsrm.bin [2012/01/04 18:06:52 | 000,217,088 | ---- | C] () -- E:\Windows\SysWow64\qtmlClient.dll [2011/11/09 17:39:44 | 000,059,904 | ---- | C] () -- E:\Windows\SysWow64\OpenVideo.dll [2011/11/09 17:39:32 | 000,054,784 | ---- | C] () -- E:\Windows\SysWow64\OVDecode.dll [2011/10/14 19:54:52 | 000,321,856 | ---- | C] () -- E:\Windows\SysWow64\nvStreaming.exe [2011/10/08 23:37:34 | 000,000,732 | ---- | C] () -- E:\Users\*****\AppData\Local\d3d9caps64.dat [2011/09/12 19:06:16 | 000,003,917 | ---- | C] () -- E:\Windows\SysWow64\atipblag.dat [2011/04/09 12:55:28 | 000,179,261 | ---- | C] () -- E:\Windows\SysWow64\xlive.dll.cat [2010/12/22 18:05:26 | 000,001,356 | ---- | C] () -- E:\Users\*****\AppData\Local\d3d9caps.dat [2010/11/27 13:56:32 | 000,000,120 | ---- | C] () -- E:\Users\*****\AppData\default.pls [2010/06/06 14:15:17 | 000,122,992 | -H-- | C] () -- E:\Windows\SysWow64\mlfcache.dat [2010/03/08 16:55:54 | 002,434,856 | ---- | C] () -- E:\Windows\SysWow64\pbsvc_bc2.exe [2010/02/05 10:34:43 | 000,000,093 | ---- | C] () -- E:\Users\*****\AppData\Local\fusioncache.dat [2009/12/09 20:29:02 | 000,052,736 | ---- | C] () -- E:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/11/22 21:00:42 | 000,000,000 | ---- | C] () -- E:\Windows\SysWow64\Access.dat [2009/11/08 12:37:00 | 000,044,544 | ---- | C] () -- E:\Windows\SysWow64\Gif89.dll [2009/09/27 09:13:48 | 000,000,033 | ---- | C] () -- E:\Windows\Multimedia manager.INI [2009/01/23 18:40:27 | 000,000,056 | -H-- | C] () -- E:\Windows\SysWow64\ezsidmv.dat [2009/01/01 12:00:39 | 000,043,520 | ---- | C] () -- E:\Windows\SysWow64\CmdLineExt03.dll [2008/11/27 19:29:00 | 000,096,801 | ---- | C] () -- E:\Windows\War3Unin.dat [2008/08/25 15:34:16 | 000,000,466 | RHS- | C] () -- E:\ProgramData\ntuser.pol [2008/08/12 16:17:52 | 000,003,308 | ---- | C] () -- E:\Windows\bthservsdp.dat [2008/08/08 15:57:05 | 000,106,605 | ---- | C] () -- E:\Windows\SysWow64\StructuredQuerySchema.bin [2008/08/08 15:57:05 | 000,018,904 | ---- | C] () -- E:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2008/07/29 12:02:05 | 000,000,000 | ---- | C] () -- E:\ProgramData\LauncherAccess.dt [2008/07/29 12:00:03 | 000,005,632 | ---- | C] () -- E:\Windows\SysWow64\drivers\StarOpen.sys [2008/04/22 17:46:56 | 000,368,640 | ---- | C] () -- E:\Windows\SysWow64\msjetoledb40.dll [2008/04/22 17:46:42 | 000,060,124 | ---- | C] () -- E:\Windows\SysWow64\tcpmon.ini [2008/02/18 16:26:18 | 000,001,167 | ---- | C] () -- E:\Windows\mozver.dat [2008/02/14 13:32:04 | 000,000,000 | ---- | C] () -- E:\Windows\nsreg.dat [2008/02/12 15:46:22 | 000,214,864 | ---- | C] () -- E:\Windows\SysWow64\PnkBstrB.exe [2008/02/12 15:46:21 | 000,669,184 | ---- | C] () -- E:\Windows\SysWow64\pbsvc.exe [2008/02/12 15:46:21 | 000,075,064 | ---- | C] () -- E:\Windows\SysWow64\PnkBstrA.exe [2008/02/11 15:22:15 | 000,000,069 | ---- | C] () -- E:\Windows\NeroDigital.ini [2007/05/19 09:22:17 | 001,499,938 | ---- | C] () -- E:\Windows\SysWow64\PerfStringBackup.INI [2006/11/02 11:35:48 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat [2006/11/02 11:00:58 | 000,197,632 | ---- | C] () -- E:\Windows\SysWow64\ir32_32.dll [2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- E:\Windows\SysWow64\dssec.dat [2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- E:\Windows\SysWow64\NOISE.DAT [2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- E:\Windows\SysWow64\mlang.dat [2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin ========== LOP Check ========== [2008/02/12 08:04:51 | 000,000,000 | ---D | M] -- E:\ProgramData\Acronis [2007/02/16 04:35:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten [2006/11/02 11:41:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data [2011/02/03 14:59:54 | 000,000,000 | ---D | M] -- E:\ProgramData\DAEMON Tools Lite [2006/11/02 11:41:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop [2006/11/02 11:41:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents [2007/02/16 04:35:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente [2011/11/18 11:48:32 | 000,000,000 | ---D | M] -- E:\ProgramData\Easybits GO [2007/02/16 04:35:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten [2006/11/02 11:41:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites [2011/05/23 07:23:38 | 000,000,000 | ---D | M] -- E:\ProgramData\HighAndes [2012/01/04 19:05:27 | 000,000,000 | ---D | M] -- E:\ProgramData\PACE Anti-Piracy [2011/09/23 11:31:20 | 000,000,000 | ---D | M] -- E:\ProgramData\Panasonic [2012/02/02 19:24:32 | 000,000,000 | ---D | M] -- E:\ProgramData\PMB Files [2010/03/15 16:13:37 | 000,000,000 | ---D | M] -- E:\ProgramData\Samsung [2006/11/02 11:41:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu [2007/02/16 04:35:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü [2006/11/02 11:41:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates [2007/02/16 04:35:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen [2010/02/15 11:14:21 | 000,000,000 | ---D | M] -- E:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3} [2010/06/28 11:47:55 | 000,000,000 | ---D | M] -- E:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2012/02/02 20:09:36 | 000,032,606 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT [2012/02/02 20:05:00 | 000,000,420 | -H-- | M] () -- E:\Windows\Tasks\User_Feed_Synchronization-{67EDA5FC-0019-45FD-BD8F-60FFCB19790F}.job [2012/02/02 20:07:06 | 000,000,454 | -H-- | M] () -- E:\Windows\Tasks\User_Feed_Synchronization-{FF4DA3C5-B76D-406A-8828-716AE39A637B}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 128 bytes -> E:\Windows:nlsPreferences @Alternate Data Stream - 1264 bytes -> E:\ProgramData\Microsoft:SQasxH89fAhVdXZTo4rQsa1lB8 @Alternate Data Stream - 1257 bytes -> E:\ProgramData\Microsoft:mF4IF8xPxZPwwlfGMSTyMdmOB @Alternate Data Stream - 1241 bytes -> E:\ProgramData\Microsoft:DsK0QpZjrH4Bu7uFCcUC3mv2JNM @Alternate Data Stream - 1237 bytes -> E:\ProgramData\Microsoft:BzN69YMHrh8PpgVkajVTf @Alternate Data Stream - 1126 bytes -> E:\Program Files (x86)\Common Files\System:8pBA6f4chx8LvxmXGoa @Alternate Data Stream - 1075 bytes -> E:\Users\*****\AppData\Local:Gy1L44sVjSHClQdReyzsUh8 < End of report > Code:
ATTFilter OTL Extras logfile created on: 10/9/2013 2:58:46 AM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE 64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86) Drive C: | 110.00 Mb Total Space | 85.88 Mb Free Space | 78.07% Space Free | Partition Type: NTFS Drive D: | 465.76 Gb Total Space | 6.35 Gb Free Space | 1.36% Space Free | Partition Type: NTFS Drive E: | 465.76 Gb Total Space | 313.54 Gb Free Space | 67.32% Space Free | Partition Type: NTFS Drive F: | 7.26 Gb Total Space | 7.26 Gb Free Space | 100.00% Space Free | Partition Type: FAT32 Drive G: | 273.20 Gb Total Space | 17.53 Gb Free Space | 6.42% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- E:\Windows\System32\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- E:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 File not found htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{003B37AE-21F5-5BC5-F5EB-CD60A8928696}" = AMD Accelerated Video Transcoding "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64 "{35D00343-3BFA-46A1-C6DD-FFD770501E0B}" = AMD Drag and Drop Transcoding "{57580625-C673-7FEA-8791-E84B7AAF5069}" = ccc-utility64 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{653B9326-BD45-53BE-681A-A49CAAEE8A3C}" = ccc-utility64 "{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91A8C38A-0239-11E0-9658-189EDFD72085}" = M-Audio FastTrack Driver 6.0.6 (x64) "{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}" = AMD Catalyst Install Manager "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{AAFE68DD-A2D5-BDBF-E1B2-CB01DEFD6EB0}" = AMD Media Foundation Decoders "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Logitech Gaming Software" = Logitech Gaming Software 8.20 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{003B37AE-21F5-5BC5-F5EB-CD60A8928696}" = AMD Accelerated Video Transcoding "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64 "{35D00343-3BFA-46A1-C6DD-FFD770501E0B}" = AMD Drag and Drop Transcoding "{57580625-C673-7FEA-8791-E84B7AAF5069}" = ccc-utility64 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{653B9326-BD45-53BE-681A-A49CAAEE8A3C}" = ccc-utility64 "{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91A8C38A-0239-11E0-9658-189EDFD72085}" = M-Audio FastTrack Driver 6.0.6 (x64) "{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}" = AMD Catalyst Install Manager "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{AAFE68DD-A2D5-BDBF-E1B2-CB01DEFD6EB0}" = AMD Media Foundation Decoders "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Logitech Gaming Software" = Logitech Gaming Software 8.20 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\*****_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "JNLP" = JNLP "TeamSpeak 3 Client" = TeamSpeak 3 Client < End of report > Geändert von Lou Schalter (08.10.2013 um 23:33 Uhr) |
09.10.2013, 08:57 | #8 | |
/// TB-Ausbilder | GVU Trojaner Windows 7 64 Bit Hallo, Zitat:
Wenn FRST nicht läuft, dann versuch bitte, im Admin-Account mit OTL (nicht OTLpe..) zu scannen wie folgt: Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
__________________ cheers, Leo |
09.10.2013, 18:52 | #9 |
| GVU Trojaner Windows 7 64 Bit Hi Leo, hier die Logs von OTL: (danke fürs nochmalige Erwähnen: "nicht OTLpe", sonst hätt' ich letzteres genommen) Code:
ATTFilter OTL logfile created on: 09.10.2013 19:42:01 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 11,99 Gb Total Physical Memory | 10,13 Gb Available Physical Memory | 84,47% Memory free 23,98 Gb Paging File | 21,81 Gb Available in Paging File | 90,95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 273,20 Gb Total Space | 17,66 Gb Free Space | 6,46% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 313,53 Gb Free Space | 67,32% Space Free | Partition Type: NTFS Drive E: | 465,76 Gb Total Space | 6,35 Gb Free Space | 1,36% Space Free | Partition Type: NTFS Drive G: | 7,26 Gb Total Space | 7,26 Gb Free Space | 99,99% Space Free | Partition Type: FAT32 Computer Name: *****-PC | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2013.10.09 19:41:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe PRC - [2013.09.15 19:53:00 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.03.03 01:17:18 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.12.07 22:11:56 | 000,659,224 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\Applets\LCDMedia.exe PRC - [2011.04.14 11:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe PRC - [2011.03.29 16:33:08 | 000,598,312 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011.03.26 00:42:04 | 000,129,648 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe PRC - [2011.03.25 23:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe PRC - [2011.03.21 11:06:08 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe PRC - [2010.12.11 20:17:48 | 000,358,944 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2010.10.22 03:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe PRC - [2010.06.24 01:40:36 | 000,077,824 | ---- | M] (Avid Technology, Inc..) -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe PRC - [2010.04.27 14:41:26 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe PRC - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe PRC - [2010.01.22 01:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe PRC - [2009.06.04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.05.18 14:29:16 | 003,866,624 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe PRC - [2007.12.19 11:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe ========== Modules (No Company Name) ========== MOD - [2011.04.14 11:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe MOD - [2011.03.21 11:06:08 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe MOD - [2010.04.27 14:41:26 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe ========== Services (SafeList) ========== SRV:64bit: - [2013.03.29 03:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.06.28 10:53:00 | 004,941,768 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009.06.05 18:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters) SRV - [2013.10.08 00:48:41 | 000,060,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\ProgramData\vh7lcw4.pzz -- (Winmgmt) SRV - [2013.09.19 23:45:28 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.09.15 19:53:00 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013.01.27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.01.27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.03.03 01:17:18 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.03.29 16:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011.03.26 00:42:16 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2011.03.26 00:42:00 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2011.03.26 00:41:50 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService) SRV - [2011.03.25 23:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService) SRV - [2011.03.16 11:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.12.11 20:18:12 | 001,064,584 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2010.10.22 03:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) SRV - [2010.08.19 14:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60) SRV - [2010.06.24 01:40:36 | 000,077,824 | ---- | M] (Avid Technology, Inc..) [Auto | Running] -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.22 01:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service) SRV - [2010.01.18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.12.09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.29 04:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2013.03.29 03:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2013.02.14 13:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2013.01.20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.11.07 09:49:58 | 000,025,600 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzdaendpt.sys -- (rzdaendpt) DRV:64bit: - [2012.11.07 09:49:54 | 000,023,040 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzvkeyboard.sys -- (rzvkeyboard) DRV:64bit: - [2012.11.07 09:49:46 | 000,113,664 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd) DRV:64bit: - [2012.06.28 10:51:36 | 000,139,592 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge) DRV:64bit: - [2012.03.03 01:17:20 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp) DRV:64bit: - [2012.03.03 01:17:16 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) DRV:64bit: - [2012.03.03 01:17:14 | 000,943,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2012.03.03 01:17:10 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.22 16:14:54 | 000,078,208 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf) DRV:64bit: - [2011.09.28 17:31:30 | 000,321,536 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock) DRV:64bit: - [2011.03.26 00:43:06 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2011.03.26 00:43:04 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2011.03.26 00:41:18 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd) DRV:64bit: - [2011.03.26 00:41:08 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2011.03.25 23:27:36 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2011.03.25 21:04:58 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2011.03.25 21:04:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.12.07 20:19:02 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MAudioFastTrack.sys -- (MAUSBFASTTRACK) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.22 03:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB) DRV:64bit: - [2010.10.22 03:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2010.10.01 01:16:34 | 000,013,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms) DRV:64bit: - [2010.03.23 17:37:34 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr) DRV:64bit: - [2009.12.23 12:36:04 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd) DRV:64bit: - [2009.11.24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.24 03:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.09.23 16:10:04 | 000,218,056 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore) DRV:64bit: - [2009.09.16 16:26:18 | 000,331,816 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv64xx.sys -- (mv64xx) DRV:64bit: - [2009.08.10 16:25:32 | 000,047,104 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CYUSB.sys -- (CYUSB) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 18:42:04 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV:64bit: - [2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.03.02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2010.08.19 14:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1037283242-4171337582-128212150-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1037283242-4171337582-128212150-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-1037283242-4171337582-128212150-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 62 77 37 8F B3 C3 CE 01 [binary data] IE - HKU\S-1-5-21-1037283242-4171337582-128212150-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1037283242-4171337582-128212150-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1037283242-4171337582-128212150-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.4: C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2012.08.05 15:23:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions O1 HOSTS File: ([2012.07.03 21:20:32 | 000,001,401 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 68.168.222.227 www.google-analytics.com. O1 - Hosts: 68.168.222.227 ad-emea.doubleclick.net. O1 - Hosts: 68.168.222.227 www.statcounter.com. O1 - Hosts: 108.163.215.51 www.google-analytics.com. O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net. O1 - Hosts: 108.163.215.51 www.statcounter.com. O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Reg Error: Value error.) - {C4415769-1588-4AD6-9624-B2E69DB78D1A} - Reg Error: Value error. File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No CLSID value found. O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKU\S-1-5-21-1037283242-4171337582-128212150-500\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon.exe (Avid Technology, Inc.) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe () O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc..) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-1037283242-4171337582-128212150-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in ) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11598DD2-21FD-4F1A-8609-82672B95369C}: DhcpNameServer = 192.168.10.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BD4187B-1E1C-4C45-B0AC-7C258A9EEF84}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCE4204A-550C-44D7-BA0F-60B49CD5C464}: DhcpNameServer = 192.168.10.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.10.09 05:11:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013.10.08 20:31:48 | 000,000,000 | ---D | C] -- C:\FRST [2013.10.08 02:03:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT [2013.10.08 02:02:10 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.10.08 02:02:10 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.10.08 02:02:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.10.08 02:02:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.10.08 02:02:08 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.10.08 02:02:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.10.08 02:02:07 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.10.08 02:02:07 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.10.08 02:02:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.10.08 02:02:06 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.10.08 02:02:06 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.10.08 02:02:06 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.10.08 02:02:05 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.10.08 02:02:05 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.10.08 02:02:05 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.10.08 01:52:51 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2013.10.08 01:51:02 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013.10.08 01:51:02 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2013.10.08 01:51:01 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013.10.08 01:50:57 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys [2013.10.08 01:50:56 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.10.08 01:50:55 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.10.08 01:50:55 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.10.08 01:50:55 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013.10.08 01:50:55 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.10.08 01:50:55 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.10.08 01:50:55 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.10.08 01:50:55 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.10.08 01:50:55 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013.10.08 01:50:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.10.08 01:50:54 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.10.08 01:50:54 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.10.08 01:50:54 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.10.08 01:50:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.10.08 01:50:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.10.08 01:50:54 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.10.08 01:50:54 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.10.08 01:50:54 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.10.08 01:50:54 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.10.08 01:50:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.10.08 01:50:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.10.08 01:50:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.10.08 01:50:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.10.08 01:50:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.10.08 01:50:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.10.08 01:50:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.10.08 01:50:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.10.08 01:50:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.10.08 01:50:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.10.08 01:50:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.10.08 01:50:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.10.08 01:50:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.10.08 01:50:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.10.08 01:50:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.10.08 01:50:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.10.08 01:50:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.10.08 01:50:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.10.08 01:50:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.10.08 01:50:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.10.08 01:50:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.10.08 01:50:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.10.08 01:50:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.10.08 01:50:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.10.08 01:50:53 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.10.08 01:50:53 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013.10.08 01:50:53 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll [2013.10.08 01:50:53 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.10.08 01:50:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.10.08 01:50:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.10.08 01:50:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.10.08 01:50:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.10.08 01:50:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.10.08 01:50:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.10.08 01:50:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.10.08 01:50:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.10.08 01:50:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.10.08 01:50:48 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL [2013.10.08 01:50:48 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL [2013.10.08 01:50:47 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll [2013.10.08 01:50:43 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013.10.08 01:47:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses [2013.10.08 01:47:48 | 000,129,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSSTDFMT.DLL [2013.10.08 01:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster [2013.10.08 01:47:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster [2013.10.08 01:40:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle [2013.10.08 01:40:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.10.08 01:40:09 | 000,868,264 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.10.08 01:40:09 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.10.08 01:39:58 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.10.08 01:39:58 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.10.08 01:39:58 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.10.08 01:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [2013.10.08 01:39:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.10.08 01:24:27 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2013.10.08 01:18:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia [2013.10.08 01:18:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe [2013.10.08 01:18:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Threat Expert [2013.10.08 01:15:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\ATI [2013.10.08 01:15:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ATI [2013.10.08 01:15:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Razer [2013.10.08 01:15:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Logitech [2013.10.08 01:15:36 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.10.08 01:15:36 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches [2013.10.08 01:15:36 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.10.08 01:15:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities [2013.10.08 01:15:23 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts [2013.10.08 01:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware [2013.10.08 00:48:36 | 000,060,512 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\vh7lcw4.pzz ========== Files - Modified Within 30 Days ========== [2013.10.09 21:38:23 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.10.09 21:38:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.10.09 21:38:07 | 1066,737,662 | -HS- | M] () -- C:\hiberfil.sys [2013.10.09 21:36:09 | 001,313,301 | ---- | M] () -- C:\ProgramData\vh7lcw4.pff [2013.10.09 21:36:03 | 000,000,000 | ---- | M] () -- C:\ProgramData\vh7lcw4.ctrl [2013.10.09 19:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.10.09 01:31:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1037283242-4171337582-128212150-1000UA.job [2013.10.09 01:31:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1037283242-4171337582-128212150-1000Core.job [2013.10.09 01:04:04 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.10.09 00:54:46 | 000,026,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.10.09 00:54:46 | 000,026,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.10.08 20:15:30 | 000,427,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.10.08 01:56:57 | 001,680,578 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.10.08 01:56:57 | 000,713,640 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.10.08 01:56:57 | 000,666,652 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.10.08 01:56:57 | 000,155,258 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.10.08 01:56:57 | 000,127,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.10.08 01:47:48 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk [2013.10.08 01:39:54 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.10.08 01:39:53 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.10.08 01:39:53 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.10.08 01:39:52 | 000,868,264 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.10.08 01:39:52 | 000,790,440 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.10.08 01:39:52 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.10.08 00:48:41 | 000,060,512 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\vh7lcw4.pzz [2013.10.08 00:48:32 | 000,180,224 | ---- | M] () -- C:\ProgramData\4wcl7hv.plz [2013.09.19 23:45:28 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.09.19 23:45:28 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.09.19 23:45:06 | 003,723,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2013.09.15 19:53:00 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.09.15 19:52:42 | 000,281,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.09.15 19:52:42 | 000,281,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe ========== Files Created - No Company Name ========== [2013.10.08 01:47:48 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk [2013.10.08 01:15:38 | 000,001,445 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.10.08 00:57:49 | 001,313,301 | ---- | C] () -- C:\ProgramData\vh7lcw4.pff [2013.10.08 00:48:35 | 000,000,000 | ---- | C] () -- C:\ProgramData\vh7lcw4.ctrl [2013.10.08 00:48:32 | 000,180,224 | ---- | C] () -- C:\ProgramData\4wcl7hv.plz [2013.08.20 19:53:55 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2013.07.20 21:59:20 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2013.05.05 02:46:01 | 000,000,099 | ---- | C] () -- C:\Windows\wininit.ini [2013.03.29 04:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe [2013.03.29 04:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe [2013.03.22 00:29:49 | 000,281,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.03.22 00:29:39 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.12.28 02:40:49 | 000,002,889 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2012.12.28 02:40:47 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.11.27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.10.23 01:54:10 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll [2012.10.23 00:45:31 | 000,076,351 | ---- | C] () -- C:\ProgramData\kuksclqtviclkhm [2012.10.18 13:33:10 | 000,038,520 | ---- | C] () -- C:\Windows\SysWow64\RGBAcodec.dll [2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.03.03 23:07:54 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll [2012.03.02 00:19:41 | 001,685,884 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.02 00:10:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 1337 bytes -> C:\ProgramData\Microsoft:mxdZjYwDRUU9SQXpYjdCMYzUP @Alternate Data Stream - 1283 bytes -> C:\ProgramData\Microsoft:ZdNaBsvHQikjGLGKCWNicw @Alternate Data Stream - 1264 bytes -> C:\ProgramData\Microsoft:pkHZHlxYL9cCCjokyYftwajtsX @Alternate Data Stream - 1217 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:gnhzvPLd0sUBaw8pJEsRfHqpr @Alternate Data Stream - 1206 bytes -> C:\Program Files (x86)\Common Files\System:PrIFGv3bUMI5Igbq0nbXopSpyk @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8 @Alternate Data Stream - 1088 bytes -> C:\ProgramData\Microsoft:UQ5sVDzEmldjh7UWHKV2QyxI < End of report > Code:
ATTFilter OTL Extras logfile created on: 09.10.2013 19:42:01 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 11,99 Gb Total Physical Memory | 10,13 Gb Available Physical Memory | 84,47% Memory free 23,98 Gb Paging File | 21,81 Gb Available in Paging File | 90,95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 273,20 Gb Total Space | 17,66 Gb Free Space | 6,46% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 313,53 Gb Free Space | 67,32% Space Free | Partition Type: NTFS Drive E: | 465,76 Gb Total Space | 6,35 Gb Free Space | 1,36% Space Free | Partition Type: NTFS Drive G: | 7,26 Gb Total Space | 7,26 Gb Free Space | 99,99% Space Free | Partition Type: FAT32 Computer Name: *****-PC | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{041BCE83-F0B9-42D1-98BE-DDB265046063}" = lport=80 | protocol=6 | dir=in | name=war thunder | "{0805053A-2D43-46DB-B6E8-C95866660227}" = lport=443 | protocol=6 | dir=in | name=war thunder | "{0EC80031-90A4-47C4-9AF6-50E38B75A54B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{0F0D9157-BC97-4A28-9567-A415DE507C11}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{17C41F29-DD98-478C-A980-412CA94CA2C0}" = lport=6881 | protocol=6 | dir=in | name=war thunder | "{1B3A2FEC-0698-4C0D-BB3D-22CAAF787117}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{21463FB6-1085-48F8-9205-48761E89DDBE}" = lport=20443 | protocol=6 | dir=in | name=war thunder | "{2815342B-CB9F-4B0F-8C16-0836C3C21267}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2F9DF250-BCED-43F5-9F69-4722BA5895EC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{30E90380-F1DF-4901-A56C-2D139EC694D1}" = lport=33333 | protocol=6 | dir=in | name=war thunder | "{365C43FD-1ED3-4691-BD37-225EC7E54053}" = rport=10243 | protocol=6 | dir=out | app=system | "{3B7B4058-3EA7-4774-A62E-1B0F20D50C6F}" = lport=27022 | protocol=6 | dir=in | name=war thunder | "{4955C946-9F15-469B-8B89-DE4CF9D748DE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{53B88C47-6B5D-4469-AD9F-1717E374E805}" = lport=6881 | protocol=6 | dir=in | name=war thunder | "{5AE90831-8968-482E-815E-B62FA82CA4DC}" = lport=58450 | protocol=6 | dir=in | name=pando media booster | "{5C3E00E0-90A5-4860-97E9-01BD041CFB1F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5C9FD667-CA31-4590-8763-62C0D354001D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{610A475D-04CE-41DC-9DB9-21DD0C4380B6}" = lport=2869 | protocol=6 | dir=in | app=system | "{6306A43C-7079-4C06-A5FC-BDBC8E7845E8}" = lport=58450 | protocol=17 | dir=in | name=pando media booster | "{66F3C3EC-F97B-4AB9-A52F-DE90A0FF84D2}" = lport=27022 | protocol=6 | dir=in | name=war thunder | "{69D713A9-FEDC-4863-9FDF-A9DA627ABDF6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{6C21A427-567D-4834-8C34-0FA68FA01E65}" = lport=33333 | protocol=6 | dir=in | name=war thunder | "{6E91E018-6D08-4F28-B83A-F97215F2BDCA}" = lport=7850 | protocol=6 | dir=in | name=war thunder | "{6E9FF070-27A5-4C7E-B7E5-5A26D15317D1}" = lport=8090 | protocol=6 | dir=in | name=war thunder | "{72181C67-C0E7-4502-91B3-014CDB4FE2CA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{838C401F-6CA0-4185-BC51-CD883082FCB5}" = lport=3478 | protocol=17 | dir=in | name=war thunder | "{96C3713B-196C-418E-AE7C-CB84EFC9C457}" = lport=443 | protocol=6 | dir=in | name=war thunder | "{9A0C4E94-4384-475F-84FF-583F564C38DC}" = lport=20010 | protocol=17 | dir=in | name=war thunder | "{A05CAD94-3CE1-4AEA-AA0C-1A7A0E0BCFCB}" = lport=7850 | protocol=6 | dir=in | name=war thunder | "{AAF928B3-6249-4ADA-96E3-5E8B463C7318}" = lport=20010 | protocol=17 | dir=in | name=war thunder | "{ABDE700B-565F-4D3E-81EE-FED88D82F7DE}" = lport=80 | protocol=6 | dir=in | name=war thunder | "{C8650C6D-76E7-4EFC-8344-63995A1077C6}" = lport=20443 | protocol=6 | dir=in | name=war thunder | "{D3FAACCA-4B0B-4E1D-AE9F-18E53669AA38}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{D995391C-FB24-4D35-94B5-E6CCBB9713AB}" = lport=10243 | protocol=6 | dir=in | app=system | "{D9E68CE7-5CDC-4C5B-B415-80D0BBC033C5}" = lport=3478 | protocol=17 | dir=in | name=war thunder | "{DA058CD9-40ED-43BA-A059-20E7F3CF68DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{DB460ABC-21A0-4747-B0B8-5BFB3041AB75}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E8825B2F-13A2-4046-86B5-6A30668ECD85}" = lport=58450 | protocol=17 | dir=in | name=pando media booster | "{EB2F7BA6-18A1-46DF-AC0D-B7DA18BA583B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F1462203-C1F7-4687-A23C-85BA2914B8EB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F1A05989-01CE-4803-80E3-37887A65FB09}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F8B62395-FFB8-4EDC-8C26-5364811074EC}" = lport=8090 | protocol=6 | dir=in | name=war thunder | "{FA0C5556-BFA4-43A2-B3D6-DBFD37ED810F}" = lport=58450 | protocol=6 | dir=in | name=pando media booster | "{FBEEF205-9E30-4CF0-99CE-AC321FB70BAD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01BD868C-FD52-4933-B88A-C8417DFE13BD}" = protocol=6 | dir=in | app=c:\program files (x86)\war thunder\aces.exe | "{0275CBC9-B9BB-40D6-B2CB-059DA4F2CC7F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe | "{031CD01C-3FB8-4A03-82B4-1B49CC5B9D85}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{049DAD6C-F750-415B-8CAF-D38814DA0F87}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | "{0513EA52-9DC4-4FB7-82D5-33AD118AFD13}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "{05C72326-50DE-43C5-9CBE-29726CFE721E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{08070037-EE8D-4D55-A57B-97EAE4D4C3F8}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{0F8E0939-6F0E-43BC-A7D9-303BE8F2BB7E}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | "{113419EF-5D14-469B-AE21-CF469CB0E222}" = protocol=17 | dir=in | app=c:\program files (x86)\lightworks\lightworks.exe | "{12917B2D-C70C-4961-9784-C9B51F489016}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe | "{16808560-D3CC-4BAD-8BE6-2AD598DBE107}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{1A5F6987-38B6-46D4-84DF-0C396DC3AF92}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{1ADABC35-509D-429B-8CB9-69F9599C2ED0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | "{1B89B5D8-057C-4B2A-B2BA-CC9FFEFC3813}" = protocol=6 | dir=in | app=e:\spiele\starcraft ii\starcraft ii public test.exe | "{1EDBC7DB-4604-49C8-8E98-FA3330750C00}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | "{21F34AFA-67E9-4D68-9A08-3ECD20CD353C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\aoeonline.exe | "{2278786D-13E6-4E1F-9CAE-5946B7F92382}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | "{23AE1166-4F85-48E0-8835-AE3B1832A7DF}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{26957A25-D5B8-4D50-B427-B5E901DF06CF}" = protocol=17 | dir=in | app=e:\spiele\starcraft ii\starcraft ii.exe | "{2828F2F1-FF4B-435A-9C1A-A43A61E22CEF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{2C0938F1-97BA-4CEE-9F1E-A4CF9D6EFA24}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\war thunder\launcher.exe | "{2ED26C03-0F60-4DB8-838C-B05D6942A7E1}" = dir=in | app=c:\windows\system32\hasplms.exe | "{3090C7B3-06AE-416C-BF48-E08C473D38B0}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe | "{336FE4D9-B5C5-433B-ACA2-48FE99F38072}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe | "{34322A03-4144-4FCF-B157-C748FEFDE7F3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{385C7191-8E30-4D59-B368-BB5C1BEF498B}" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | "{43B288F5-130B-406E-A447-F17F79D32344}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "{45D18C22-76C0-4176-9671-C58D88BD8F18}" = protocol=6 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe | "{4A88F78F-4876-4AFE-BD47-B77DEC2296F4}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | "{4CBE7146-A7E6-47CE-A1A8-B5540A3F7B51}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{4ED9F4EC-2ED8-4948-A690-740B1CC70F77}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4F09FA49-E30A-4F12-A22A-4A364DF84DE9}" = protocol=6 | dir=in | app=e:\spiele\starcraft ii\starcraft ii.exe | "{517D58F3-7967-4A20-A21A-93DE266419AA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | "{51C99D30-A920-4286-B8EA-EF769339FECE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{533B6B7F-079E-4255-BFE6-9C8895A6127E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{562C9129-D4C2-4F77-A8D4-AE0CA62D89A1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\war thunder\launcher.exe | "{58BB5F4C-509B-43AA-86B9-D9B224ACCA37}" = protocol=17 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe | "{609AACF0-4FF7-463B-9A09-55349F6F6FD6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{627F33BA-D876-4266-8710-F86180498D0D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{6350022A-7BFF-4B72-B05D-627DE0424078}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{63855988-6EC1-45DA-AAE2-66172D85BB65}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{63FFD871-9CBD-4D11-B688-872CE95B2172}" = protocol=17 | dir=in | app=c:\users\*****\appdata\local\temp\gw2.exe | "{64B1F469-0617-41DA-B24A-C3ACF668D1A4}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe | "{685E88BB-7A53-48C4-8533-E58BD32A470B}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{6B6DB0F4-33DE-4421-BE5F-A53B82945762}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6BEA41D0-7BAA-4B8D-9521-98ED5C07BEE9}" = protocol=6 | dir=in | app=c:\users\*****\appdata\local\temp\gw2.exe | "{6C4DADBF-00D2-42C0-86DE-31A9F09853C8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | "{6D770FB3-9FCE-42E6-A7F6-07A812A221D6}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{6F708AA9-F12C-48DA-AB81-91D7E8DD3BE4}" = protocol=17 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe | "{717652E7-E9D8-4E28-BD0B-BD588A355D69}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe | "{72C0C221-D09E-4E7C-8971-F624C329F2FC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{7343813F-51F7-45D7-A98E-8130638C9293}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{73C7AA5E-6C07-4BEB-BE46-3EF4525E1ED6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{76BA101E-437A-4207-BC67-2A631856840C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{7A5BD92E-60E8-4520-8AA3-22897019673C}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | "{7BA40122-01DA-4B85-A646-745159EECEA4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe | "{7C592E07-DB00-41F3-B551-9F1E32119350}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe | "{814DF18C-641E-4F1E-9882-8071B5EB3EC4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "{824F6E93-7DDA-4E50-A736-E940D34E4DC8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{85B9F90F-214D-4CED-801C-0F840483CE06}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{8A0A3ED0-F350-47C2-A937-C7A20B80DF6F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8BF32488-7DEE-44F9-8932-ACEDE15F92E6}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "{8EFB36D1-6693-41A5-8CE0-056D27DE3655}" = protocol=17 | dir=in | app=e:\spiele\spiele\codemasters\der herr der ringe online\lotroclient.exe | "{993BDBF9-A5A7-4302-82CE-5D661DB643A8}" = protocol=6 | dir=out | app=system | "{9A7E9D20-B845-451C-815C-350B4C098E02}" = protocol=6 | dir=in | app=c:\program files (x86)\lightworks\lightworks.exe | "{A2D30372-E6E7-4904-9DBB-479436C9429E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe | "{A33DE1A7-7E99-4034-A971-CB38223E8D17}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{A3C8F432-459F-4CC2-BE53-93C50D170876}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | "{A8F9240A-862F-4C84-92D6-0E5FC3BDE145}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | "{AACC15C5-0AC0-47C8-8016-9A674473C726}" = protocol=6 | dir=in | app=c:\program files (x86)\lightworks\ntcardvt.exe | "{ABFF51FE-6B79-42D1-9B08-A751B800ABAA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{ACEBA7E2-7200-44B1-920C-B2D0CE527800}" = protocol=17 | dir=in | app=e:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | "{AFD4055D-F339-414C-BB98-E0D1FA32A14D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "{B2800A25-F1F6-4283-B0C2-8465D531105D}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe | "{B61DC346-C285-40D4-98BA-2045B6AEB7AB}" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | "{B62DE640-DF77-4BB3-982E-F50D044A4FBE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | "{B65C42C8-1112-4D6E-B1E1-717D303883C9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | "{B6AC4BA6-CA25-414B-B9F2-A4F73BB2A11B}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{B972066D-7D0C-4850-8884-DBBCE549C225}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{BB1899E8-109E-4659-9A63-A1D6382EA45C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{BB45FFF7-47B0-4784-86EF-DBEE8FAD0376}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | "{BCCEC534-81AF-4A8E-A43C-39B7227E373F}" = protocol=6 | dir=in | app=e:\spiele\spiele\codemasters\der herr der ringe online\lotroclient.exe | "{BF0A0A04-B9F7-4E9C-AD0F-EBA278CD6633}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{BFB338AC-DAC6-4126-A911-49812FC824E9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{BFE19329-87FC-4ED1-ACED-36663644AEB8}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{C0F3A06C-820D-483B-ADE2-EC6D5393A180}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{C23EC837-13D8-49EE-B9A4-CE7A4CBA51EE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{C3E6226C-5ADA-4AA6-AA96-6158FBE622C8}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe | "{C4495D5B-EE5B-4481-8335-7A963D1E7924}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | "{C6CCC671-4726-4472-A5ED-76116B5BE22F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | "{C71F4C5E-35A1-4B01-B759-5C46E6150102}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{C783DB10-C5A0-4831-ACB8-0A19E4E91CFF}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "{CAC30814-02A9-4CD3-BE40-B4CFF458BDD2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{CC3ECC34-D6EB-4084-B62C-34D7704C679A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | "{CDD89E04-545E-4727-9300-5FDC44B397DA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe | "{CE5602DF-7B9F-40BE-B2A4-EDA5EC5ADEBE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | "{CF75015E-0144-4023-923C-06F46C04CBCC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{D09D215C-46C1-4F01-B338-ED6AAF2BBB5C}" = protocol=17 | dir=in | app=c:\program files (x86)\war thunder\aces.exe | "{D3F88BFE-7A6D-48B4-A3F6-542B7779CA64}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | "{D5788B80-9F9A-40AD-8AF4-FFCB7AF9046C}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | "{DD7B4AB7-F33E-4999-B372-377ECADDE39E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DD96DCD5-A4A8-46DF-BF93-1F74871162D4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "{DDFB45FF-8963-4491-9C53-CFB9927CAEB2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{E4A5EC19-BD79-453F-90C3-522EB18FE925}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E56B7801-1C2E-4A58-930D-7A98EA4A221A}" = protocol=17 | dir=in | app=c:\program files (x86)\lightworks\ntcardvt.exe | "{E9921D88-D850-436A-A819-94F9989F2080}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EDB12D78-262B-4031-8CB6-3DE923853FBA}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | "{F11D0917-2FAA-44D2-A4C3-0CCD38DADECD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\aoeonline.exe | "{F12251A2-9809-4851-92EC-668D3D394601}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe | "{F3415043-5083-4638-A372-146D50E4B1F8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{F40F5E1C-8B56-4DE7-A7DF-7C2B30A1E022}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "{F5EE74CE-2E58-41C4-82B7-17DF64A2F074}" = protocol=6 | dir=in | app=e:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | "{FB0C2BA0-FE50-4750-9E24-E71E8AEF954E}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{FC9C145A-A02D-426E-84BC-E66E0DA3733D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{FCC736DC-1ED3-4BFC-A248-096608C2E0CE}" = protocol=17 | dir=in | app=e:\spiele\starcraft ii\starcraft ii public test.exe | "{FCD5E02C-834D-4ACF-9B6F-02E8DDD27F7D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | "{FE9A56DC-1D68-420D-84E0-B6C07A00B448}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe | "{FEB7362F-9909-4C1B-8841-7448E736BB01}" = protocol=6 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe | "TCP Query User{0277EAEB-C7DA-4306-B961-EB9BD1007115}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "TCP Query User{06D130BD-7E7A-41E1-8A9C-565650BA6C2E}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{139EF40A-EDBA-48A6-9F24-1A4FBB95012C}C:\users\*****\appdata\local\microsoft\windows\temporary internet files\content.ie5\7jrjab1y\diablo-iii-setup-dede.exe" = protocol=6 | dir=in | app=c:\users\*****\appdata\local\microsoft\windows\temporary internet files\content.ie5\7jrjab1y\diablo-iii-setup-dede.exe | "TCP Query User{2FBDD666-3D9C-47A1-B4E1-B953E0EFD5CA}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | "TCP Query User{3209600D-473D-4F8D-B37D-94E94C5F619F}C:\program files (x86)\war thunder\aces.exe" = protocol=6 | dir=in | app=c:\program files (x86)\war thunder\aces.exe | "TCP Query User{3E28EB28-1E84-4FE4-8C79-9E8ABBB1A90F}E:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | "TCP Query User{8091DD60-F51C-4B73-867C-0EBA126ECFF5}C:\users\*****\appdata\roaming\paabyw\yxeno.exe" = protocol=6 | dir=in | app=c:\users\*****\appdata\roaming\paabyw\yxeno.exe | "TCP Query User{8374D1FF-91B9-4A66-8970-AC1B87B2BF5F}C:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe | "TCP Query User{A14AC6B5-838E-46DA-9C72-A28EDD9137A0}C:\users\*****\appdata\roaming\rybe\pays.exe" = protocol=6 | dir=in | app=c:\users\*****\appdata\roaming\rybe\pays.exe | "TCP Query User{A741BADC-D60A-4462-BBCB-6B250AB57B45}C:\program files (x86)\marvell\raid\apache2\bin\httpd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\marvell\raid\apache2\bin\httpd.exe | "TCP Query User{A8AF028F-6634-4CAC-8A2A-638A99DF4D73}D:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe | "TCP Query User{C78436BC-8D98-463D-A144-2EBDEBEDCEFA}E:\spiele\spiele\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=e:\spiele\spiele\codemasters\der herr der ringe online\lotroclient.exe | "TCP Query User{D1032DF4-5673-428D-9C77-D45EBD65216D}C:\users\*****\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\*****\appdata\local\temp\gw2.exe | "TCP Query User{FDF857FF-268E-41F6-9647-29278D088F37}C:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | "UDP Query User{1779D395-10B6-44F5-8002-1BD1E854FE1A}C:\program files (x86)\war thunder\aces.exe" = protocol=17 | dir=in | app=c:\program files (x86)\war thunder\aces.exe | "UDP Query User{4C008A4B-2271-4208-817E-23CD14707C16}C:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe | "UDP Query User{84B6DCBD-1008-41F1-B58E-47547DCC3245}C:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | "UDP Query User{88D1FC30-1D23-4F90-AA3B-22EE2A2BD08E}C:\users\*****\appdata\local\microsoft\windows\temporary internet files\content.ie5\7jrjab1y\diablo-iii-setup-dede.exe" = protocol=17 | dir=in | app=c:\users\*****\appdata\local\microsoft\windows\temporary internet files\content.ie5\7jrjab1y\diablo-iii-setup-dede.exe | "UDP Query User{8E3F20B3-91B4-4E6A-8EFB-B9B33647F10D}C:\users\*****\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\*****\appdata\local\temp\gw2.exe | "UDP Query User{A72B61F8-1873-4695-89F4-4EFBA1514353}C:\users\*****\appdata\roaming\rybe\pays.exe" = protocol=17 | dir=in | app=c:\users\*****\appdata\roaming\rybe\pays.exe | "UDP Query User{A860AB25-5E62-4881-AA33-AB62630A233E}E:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | "UDP Query User{A8FC0A65-4EA9-41E5-AC53-3D4FCAC93336}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "UDP Query User{AC261C5A-1244-4B32-B519-F3FB731AF317}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{B3DE29B2-E2EA-4367-8176-8EC66BCE62B2}C:\program files (x86)\marvell\raid\apache2\bin\httpd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\marvell\raid\apache2\bin\httpd.exe | "UDP Query User{B47A89E3-6E80-4A7A-89C5-88842902AD4E}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | "UDP Query User{D560999C-09BF-4943-98E2-DB9D6AFE8356}E:\spiele\spiele\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=e:\spiele\spiele\codemasters\der herr der ringe online\lotroclient.exe | "UDP Query User{E6B865E6-9FA3-4412-B57B-6A9E6F903E4A}D:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe | "UDP Query User{F065CDF5-A64E-4BE4-BBC7-416D2BBBC73D}C:\users\*****\appdata\roaming\paabyw\yxeno.exe" = protocol=17 | dir=in | app=c:\users\*****\appdata\roaming\paabyw\yxeno.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{003B37AE-21F5-5BC5-F5EB-CD60A8928696}" = AMD Accelerated Video Transcoding "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64 "{35D00343-3BFA-46A1-C6DD-FFD770501E0B}" = AMD Drag and Drop Transcoding "{57580625-C673-7FEA-8791-E84B7AAF5069}" = ccc-utility64 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{653B9326-BD45-53BE-681A-A49CAAEE8A3C}" = ccc-utility64 "{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91A8C38A-0239-11E0-9658-189EDFD72085}" = M-Audio FastTrack Driver 6.0.6 (x64) "{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}" = AMD Catalyst Install Manager "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{AAFE68DD-A2D5-BDBF-E1B2-CB01DEFD6EB0}" = AMD Media Foundation Decoders "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Logitech Gaming Software" = Logitech Gaming Software 8.20 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd "{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM) "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM) "{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}" = CCC Help Polish "{13464292-6666-B2DB-1B0C-A3FE14DAD1F9}" = CCC Help Dutch "{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM) "{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware "{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI "{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}" = CCC Help Norwegian "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{210DFA65-F805-1A2B-4F83-8E27279AE385}" = Catalyst Control Center Graphics Previews Common "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI "{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40 "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 "{29822CAD-C76A-0BEE-55F5-AAA524DA814F}" = CCC Help Greek "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM) "{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM) "{338CD56F-1CDC-CF32-33F6-DED2DF92284E}" = CCC Help French "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10 "{371F27A1-9502-4762-AE97-1C1938B21055}" = Avid Pro Tools SE 8.0.3 "{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}" = CCC Help Italian "{46458556-5C46-79A9-A6FF-81DF1F8B2729}" = CCC Help Hungarian "{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI "{519D68B8-A768-4CDC-E4C9-B115D49CED93}" = CCC Help Norwegian "{51D383BC-D988-8C1E-FAA1-BC5260A32A87}" = CCC Help Polish "{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{52C7650B-B2A0-4682-BDBE-CDEFE0522F4F}" = PC VGA Camer@ "{5508128A-2C7B-46B5-81F9-58E8E8115F0B}" = AdblockIE "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM) "{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback "{5A883D2B-D279-0D01-6E62-B810AFD8CC62}" = Catalyst Control Center InstallProxy "{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}" = CCC Help English "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM) "{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI "{67A4760F-9804-CCF6-C319-27840ED77924}" = CCC Help Korean "{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home "{6BE5E4A9-D88B-532D-26E6-883C32BF098A}" = CCC Help Thai "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{6E0D26C1-4265-1D02-4D19-D0A8F6A463F8}" = Catalyst Control Center "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}" = CCC Help German "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM) "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10 "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7DD62206-7B6C-E32E-BD11-B49B3B089D16}" = CCC Help Danish "{7F172E34-4107-8964-6AEA-5051FFD265FF}" = CCC Help Portuguese "{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI "{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89D05F35-933A-89C0-B935-C92BEE4229BD}" = CCC Help French "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10 "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.STANDARDR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.STANDARDR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.STANDARDR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.STANDARDR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.STANDARDR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.STANDARDR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARDR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARDR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.STANDARDR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARDR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.STANDARDR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.STANDARDR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.STANDARDR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.STANDARDR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010 "{91140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARDR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM) "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10 "{959E4378-CCA1-E4E4-2425-793DA92E8D95}" = CCC Help Czech "{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}" = CCC Help Turkish "{9739158D-EDED-D628-9865-1460B5A7FAE3}" = CCC Help Portuguese "{974F4B73-2017-E174-9070-3F58F01B341F}" = CCC Help Danish "{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI "{9809124C-0C4C-2367-7889-1E16D8EF1AAF}" = CCC Help Chinese Standard "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{98E20A18-3C29-86FA-50B4-918C2B34A082}" = CCC Help Hungarian "{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10 "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM) "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed(R) III v1.06 "{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}" = CCC Help Dutch "{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA "{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation "{A6E1EE9D-01DD-82FD-BDBC-193BCEF9FD5C}" = CCC Help Greek "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{AAACC0A5-4382-04D0-C75E-0669C7B949B6}" = CCC Help Japanese "{AB13F192-49FC-A065-F15C-746B10CC43C8}" = CCC Help Japanese "{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{ACEF4078-9B86-2455-E18D-34D52D37D9D5}" = CCC Help Chinese Standard "{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k "{AE548812-D611-608D-61C6-7E40F28573A2}" = CCC Help Russian "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B8010864-15F8-613B-20EF-AC35B14B3E0D}" = CCC Help Russian "{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI "{BC63AEF9-1367-9F7C-5926-52E56450EDCD}" = CCC Help Spanish "{C1342411-5A98-DE8A-5629-D0C518E1C280}" = CCC Help Finnish "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM) "{C1E2D27F-B363-588E-8859-9EF7F4EBF418}" = CCC Help Chinese Traditional "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM) "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{D08B4177-5160-6B66-8934-2F9012134D61}" = CCC Help Thai "{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux "{D34A6029-FB1A-9EA8-A938-5393F82A3A00}" = CCC Help Korean "{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI "{D76AC809-CCC1-6198-4970-A63FA5CF7DCB}" = CCC Help Swedish "{DA675EE2-4C04-9699-0EE2-7EF9FE7AB870}" = CCC Help German "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM) "{E06F7C95-4D68-63D9-2231-AA5F8E186FCB}" = CCC Help English "{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10 "{E21A8F3C-1ACB-46B1-CE72-E9CF09549DED}" = Catalyst Control Center Localization All "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E2F52AC2-B925-C18F-E1AE-42FBD46ECAC7}" = CCC Help Czech "{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}" = CCC Help Spanish "{E649AC39-69C0-C6FE-0A54-4752DB5D1FD2}" = Catalyst Control Center Graphics Previews Common "{E9463114-898C-7C2A-2C47-E9ABC63F5D43}" = CCC Help Finnish "{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}" = Lightworks "{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI "{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder(TM) Mouse "{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.199 "{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10 "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F2C35491-9323-3AE7-6023-6B4128045153}" = CCC Help Swedish "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10 "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM) "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10 "{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity™ "{FC66A32F-1A57-AC5C-4F12-DAC2F4CB77A0}" = CCC Help Chinese Traditional "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10 "{FF10AC4D-3349-99DA-3E58-5197CEA1D833}" = CCC Help Italian "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows "{FFEC93FF-C162-C0C3-B5E7-01214B0E5F2D}" = CCC Help Turkish "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AVMWLANCLI" = AVM FRITZ!WLAN "Battlelog Web Plugins" = Battlelog Web Plugins "Browser Defender_is1" = Browser Defender 2.0.6.15 "Company of Heroes" = Company of Heroes "Diablo III" = Diablo III "ESN Sonar-0.70.4" = ESN Sonar "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128 "Guild Wars 2" = Guild Wars 2 "Host OpenAL (ADI)" = Host OpenAL (ADI) "InstallShield_{52C7650B-B2A0-4682-BDBE-CDEFE0522F4F}" = PC VGA Camer@ "KLiteCodecPack_is1" = K-Lite Codec Pack 9.9.5 (Basic) "mv61xxDriver" = marvell 61xx "Office14.STANDARDR" = Microsoft Office Standard 2010 "Origin" = Origin "PunkBusterSvc" = PunkBuster Services "Security Task Manager" = Security Task Manager 1.8d "Spyware Doctor" = Spyware Doctor 7.0 "SpywareBlaster_is1" = SpywareBlaster 5.0 "StarCraft II" = StarCraft II "Steam App 105430" = Age of Empires Online "Steam App 20570" = Warhammer® 40,000™: Dawn of War® II - Chaos Rising™ "Steam App 236390" = War Thunder "Steam App 24200" = DC Universe Online "Steam App 49520" = Borderlands 2 "Steam App 55150" = Warhammer 40,000 Space Marine "Steam App 56400" = Warhammer® 40,000™: Dawn of War® II – Retribution™ "Steam App 570" = Dota 2 "Uplay" = Uplay "uTorrent" = µTorrent "VirtualCloneDrive" = VirtualCloneDrive "VLC media player" = VLC media player 2.0.0 "VMware_Workstation" = VMware Workstation ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 24.06.2013 04:28:27 | Computer Name = *****-PC | Source = WinMgmt | ID = 10 Description = Error - 25.06.2013 21:48:14 | Computer Name = *****-PC | Source = WinMgmt | ID = 10 Description = Error - 26.06.2013 13:46:54 | Computer Name = *****-PC | Source = WinMgmt | ID = 10 Description = Error - 27.06.2013 16:05:45 | Computer Name = *****-PC | Source = WinMgmt | ID = 10 Description = Error - 28.06.2013 17:24:29 | Computer Name = *****-PC | Source = WinMgmt | ID = 10 Description = Error - 29.06.2013 18:14:23 | Computer Name = *****-PC | Source = WinMgmt | ID = 10 Description = Error - 30.06.2013 07:34:56 | Computer Name = *****-PC | Source = WinMgmt | ID = 10 Description = Error - 01.07.2013 14:36:42 | Computer Name = *****-PC | Source = WinMgmt | ID = 10 Description = Error - 02.07.2013 13:32:08 | Computer Name = *****-PC | Source = WinMgmt | ID = 10 Description = Error - 02.07.2013 22:25:09 | Computer Name = *****-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 09.10.2013 13:44:10 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%127 Error - 09.10.2013 13:44:40 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%127 Error - 09.10.2013 13:45:10 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%127 Error - 09.10.2013 13:45:40 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%127 Error - 09.10.2013 13:46:10 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%127 Error - 09.10.2013 13:46:40 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%127 Error - 09.10.2013 13:47:10 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%127 Error - 09.10.2013 13:47:40 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%127 Error - 09.10.2013 13:48:10 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%127 Error - 09.10.2013 13:48:40 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%127 < End of report > |
09.10.2013, 20:46 | #10 |
/// TB-Ausbilder | GVU Trojaner Windows 7 64 Bit Ok, das passt. Dann im Admin-Konto weiter wie folgt: Schritt 1 Scan mit Combofix
Schritt 2 Starte bitte die OTL.exe.
__________________ cheers, Leo |
10.10.2013, 07:32 | #11 |
| GVU Trojaner Windows 7 64 Bit Hi Leo, hier die Logfiles: Code:
ATTFilter ComboFix 13-10-09.01 - Administrator 10.10.2013 7:54.1.8 - x64 ausgeführt von:: c:\users\Administrator\Desktop\ComboFix.exe . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\4wcl7hv.plz c:\programdata\dsgsdgdsgdsgw.pad c:\programdata\vh7lcw4.pzz c:\users\*****\3730873.exe c:\users\*****\AppData\Local\Google\Chrome\User Data\Default\Preferences c:\users\*****\npwmsdrm.dll c:\windows\npwmsdrm.dll D:\install.exe . . ((((((((((((((((((((((( Dateien erstellt von 2013-09-10 bis 2013-10-10 )))))))))))))))))))))))))))))) . . 2013-10-10 06:00 . 2013-10-10 06:00 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-10-10 06:00 . 2013-10-10 06:00 -------- d-----w- c:\users\*****\AppData\Local\temp 2013-10-08 22:57 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A3B20919-56B4-444B-A0D3-C65A7F9B6497}\mpengine.dll 2013-10-08 18:31 . 2013-10-08 18:31 -------- d-----w- C:\FRST 2013-10-08 00:03 . 2013-10-08 00:05 -------- d-----w- c:\windows\system32\MRT 2013-10-07 23:52 . 2013-10-07 23:52 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2013-10-07 23:51 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll 2013-10-07 23:51 . 2013-07-19 01:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2013-10-07 23:51 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll 2013-10-07 23:51 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll 2013-10-07 23:51 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll 2013-10-07 23:51 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-10-07 23:51 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-10-07 23:51 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-10-07 23:51 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-10-07 23:51 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-10-07 23:47 . 2013-10-07 23:47 -------- d-----w- c:\programdata\Licenses 2013-10-07 23:47 . 2009-03-24 10:52 129872 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL 2013-10-07 23:47 . 2013-10-07 23:49 -------- d-----w- c:\program files (x86)\SpywareBlaster 2013-10-07 23:40 . 2013-10-07 23:40 -------- d-----w- c:\programdata\Oracle 2013-10-07 23:40 . 2013-10-07 23:40 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-10-07 23:40 . 2013-10-07 23:39 868264 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-10-07 23:39 . 2013-10-07 23:39 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-10-07 23:39 . 2013-10-07 23:39 -------- d-----w- c:\program files (x86)\Java 2013-10-07 23:24 . 2013-10-07 23:25 -------- d-----w- C:\AdwCleaner 2013-10-07 23:18 . 2013-10-07 23:18 -------- d-----w- c:\users\Administrator\AppData\Local\Threat Expert 2013-10-07 23:15 . 2013-10-07 23:15 -------- d-----w- c:\users\Administrator\AppData\Roaming\ATI 2013-10-07 23:15 . 2013-10-07 23:15 -------- d-----w- c:\users\Administrator\AppData\Local\ATI 2013-10-07 23:15 . 2013-10-07 23:15 -------- d-----w- c:\users\Administrator\AppData\Roaming\Razer 2013-10-07 23:15 . 2013-10-07 23:15 -------- d-----w- c:\users\Administrator\AppData\Local\Logitech 2013-10-07 23:02 . 2013-10-10 06:02 -------- d-----w- c:\programdata\VMware 2013-10-07 20:25 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-09-29 11:43 . 2013-09-29 12:04 -------- d-----w- c:\users\*****\AppData\Local\SCE 2013-09-10 18:17 . 2013-09-10 18:19 -------- d-----w- c:\users\*****\AppData\Roaming\PACE Anti-Piracy 2013-09-10 18:17 . 2013-09-10 18:17 -------- d-----w- c:\users\*****\AppData\Local\PACE Anti-Piracy . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-10-10 05:45 . 2012-11-12 11:57 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-10-10 05:45 . 2012-03-01 21:23 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-10-10 05:45 . 2012-11-12 12:45 17813896 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2013-10-07 23:39 . 2012-03-04 16:42 790440 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-09-15 17:53 . 2013-03-21 22:29 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2013-09-15 17:52 . 2013-03-22 21:58 281392 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2013-09-15 17:52 . 2013-03-21 22:29 281392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2013-09-06 21:37 . 2013-09-06 21:37 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D63563FB-9D56-4649-8722-020D83192E35}\gapaengine.dll 2013-09-01 15:08 . 2012-03-01 21:15 79143768 ----a-w- c:\windows\system32\MRT.exe 2013-08-22 20:33 . 2012-06-13 06:11 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-08-20 17:54 . 2013-03-21 22:29 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2013-08-20 09:16 . 2013-08-20 17:53 3123272 ----a-w- c:\windows\SysWow64\pbsvc.exe 2013-08-02 01:48 . 2013-10-07 23:50 44032 ----a-w- c:\windows\apppatch\acwow64.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456] "vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2011-03-25 129648] "DigidesignMMERefresh"="c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe" [2010-06-23 77824] "DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2011-03-21 248320] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] . c:\users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ vh7lcw4.lnk - c:\windows\System32\rundll32.exe c:\progra~3\4wcl7hv.plz,GL300 [2009-7-14 45568] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R1 ajlvsasx;ajlvsasx;c:\windows\system32\drivers\ajlvsasx.sys;c:\windows\SYSNATIVE\drivers\ajlvsasx.sys [x] R1 crtjnuyc;crtjnuyc;c:\windows\system32\drivers\crtjnuyc.sys;c:\windows\SYSNATIVE\drivers\crtjnuyc.sys [x] R1 eaarkkjg;eaarkkjg;c:\windows\system32\drivers\eaarkkjg.sys;c:\windows\SYSNATIVE\drivers\eaarkkjg.sys [x] R1 ktmujbzd;ktmujbzd;c:\windows\system32\drivers\ktmujbzd.sys;c:\windows\SYSNATIVE\drivers\ktmujbzd.sys [x] R1 ptqllcii;ptqllcii;c:\windows\system32\drivers\ptqllcii.sys;c:\windows\SYSNATIVE\drivers\ptqllcii.sys [x] R1 rlffuili;rlffuili;c:\windows\system32\drivers\rlffuili.sys;c:\windows\SYSNATIVE\drivers\rlffuili.sys [x] R1 rmtofanc;rmtofanc;c:\windows\system32\drivers\rmtofanc.sys;c:\windows\SYSNATIVE\drivers\rmtofanc.sys [x] R1 ubqgdokm;ubqgdokm;c:\windows\system32\drivers\ubqgdokm.sys;c:\windows\SYSNATIVE\drivers\ubqgdokm.sys [x] R1 varehocl;varehocl;c:\windows\system32\drivers\varehocl.sys;c:\windows\SYSNATIVE\drivers\varehocl.sys [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x] R3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\Drivers\CYUSB.sys;c:\windows\SYSNATIVE\Drivers\CYUSB.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 rzdaendpt;Razer DeathAdder end point;c:\windows\system32\DRIVERS\rzdaendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzdaendpt.sys [x] R3 rzvkeyboard;Razer Virtual Keyboard Driver;c:\windows\system32\DRIVERS\rzvkeyboard.sys;c:\windows\SYSNATIVE\DRIVERS\rzvkeyboard.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R4 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\Spyware Doctor\pctsAuxs.exe;c:\program files (x86)\Spyware Doctor\pctsAuxs.exe [x] S0 mv64xx;mv64xx;c:\windows\system32\DRIVERS\mv64xx.sys;c:\windows\SYSNATIVE\DRIVERS\mv64xx.sys [x] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys;c:\windows\SYSNATIVE\drivers\PCTCore64.sys [x] S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys;c:\windows\SYSNATIVE\DRIVERS\tdrpm273.sys [x] S2 afcdpsrv;Acronis Nonstop Backup-Dienst;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x] S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe;c:\program files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [x] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe -run;c:\windows\SYSNATIVE\hasplms.exe -run [x] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x] S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys;c:\windows\SYSNATIVE\drivers\vmci.sys [x] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [x] S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys;c:\windows\SYSNATIVE\drivers\danew.sys [x] S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x] S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x] S3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\DRIVERS\MAudioFastTrack.sys;c:\windows\SYSNATIVE\DRIVERS\MAudioFastTrack.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 rzudd;Razer Keyboard Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x] S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys;c:\windows\SYSNATIVE\DRIVERS\VKbms.sys [x] . . Inhalt des "geplante Tasks" Ordners . 2013-10-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-12 05:45] . 2013-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-21 15:25] . 2013-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-21 15:25] . 2013-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1037283242-4171337582-128212150-1000Core.job - c:\users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-05 15:30] . 2013-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1037283242-4171337582-128212150-1000UA.job - c:\users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-05 15:30] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904] "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-12-11 358944] "M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 798728] "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll TCP: DhcpNameServer = 192.168.2.1 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . BHO-{C4415769-1588-4AD6-9624-B2E69DB78D1A} - (no file) BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe AddRemove-VMware_Workstation - c:\programdata\VMware\VMware Workstation\Uninstaller\uninstall.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-1037283242-4171337582-128212150-500\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (Administrator) "{472734EA-242A-422B-ADF8-83D1E48CC825}"=hex:51,66,7a,6c,4c,1d,3b,1b,fa,2b,35, 5d,1a,75,4c,0c,b3,f7,c3,91,e0,ce,8a,38 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,17,cd, 02,9d,b9,e4,0c,bb,99,ba,17,88,6c,ff,de "{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}"=hex:51,66,7a,6c,4c,1d,3b,1b,0b,22,1d, 30,39,58,93,01,ac,7d,20,dc,ca,22,16,fa "{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,3b,1b,72,66,62, 49,44,3e,34,63,38,4b,60,2d,7d,00,0a,52 "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,88,06, 6c,c0,87,4b,08,a8,e4,94,9a,f5,9b,6f,5e "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,cb,22, 8a,32,1d,d8,04,90,c3,11,24,72,4a,21,db "{90EFF544-3981-4D46-85C9-C0361D0931D6}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,ea,fd, 8a,b1,68,21,03,9b,c6,80,76,19,4b,73,cb "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b7,e1, ae,11,5f,3e,07,a4,2d,02,f3,04,cc,40,e2 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,da, c1,75,f5,3c,0d,a2,7b,dc,65,c5,87,ca,b4 "{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}"=hex:51,66,7a,6c,4c,1d,3b,1b,59,34,81, f4,f0,84,7e,03,bd,d5,8e,48,4d,67,cf,fb . [HKEY_USERS\S-1-5-21-1037283242-4171337582-128212150-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (Administrator) "Timestamp"=hex:35,17,e3,eb,78,c4,ce,01 . [HKEY_USERS\S-1-5-21-1037283242-4171337582-128212150-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,2b,ad,d6,53,b4,4d,4f,80,97,e5,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,2b,ad,d6,53,b4,4d,4f,80,97,e5,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\avmwlanstick\WlanNetService.exe c:\windows\system32\hasplms.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe c:\program files (x86)\Razer\DeathAdder\razertra.exe c:\program files (x86)\Razer\DeathAdder\razerofa.exe c:\program files (x86)\Razer\DeathAdder\vdDaemon.exe . ************************************************************************** . Zeit der Fertigstellung: 2013-10-10 08:13:37 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2013-10-10 06:13 . Vor Suchlauf: 11 Verzeichnis(se), 18.532.544.512 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 20.958.351.360 Bytes frei . - - End Of File - - F5F1E32134A5E803033A6649432EE4E3 87D88FA4D3EFD4431866EA91949644BF Code:
ATTFilter OTL logfile created on: 10.10.2013 08:17:03 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 11,99 Gb Total Physical Memory | 10,01 Gb Available Physical Memory | 83,48% Memory free 23,98 Gb Paging File | 21,87 Gb Available in Paging File | 91,18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 273,20 Gb Total Space | 19,62 Gb Free Space | 7,18% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 313,55 Gb Free Space | 67,32% Space Free | Partition Type: NTFS Drive E: | 465,76 Gb Total Space | 6,35 Gb Free Space | 1,36% Space Free | Partition Type: NTFS Drive G: | 7,26 Gb Total Space | 7,26 Gb Free Space | 99,99% Space Free | Partition Type: FAT32 Computer Name: *****-PC | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2013.10.09 19:41:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe PRC - [2013.09.15 19:53:00 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.03.03 01:17:18 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.04.14 11:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe PRC - [2011.03.29 16:33:08 | 000,598,312 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011.03.26 00:42:04 | 000,129,648 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe PRC - [2011.03.26 00:41:50 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe PRC - [2011.03.25 23:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe PRC - [2011.03.21 11:06:08 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe PRC - [2010.12.11 20:17:48 | 000,358,944 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2010.10.22 03:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe PRC - [2010.06.24 01:40:36 | 000,077,824 | ---- | M] (Avid Technology, Inc..) -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe PRC - [2010.04.27 14:41:26 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe PRC - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe PRC - [2010.01.22 01:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe PRC - [2009.06.04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2007.12.19 11:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe ========== Modules (No Company Name) ========== MOD - [2011.04.14 11:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe MOD - [2011.03.21 11:06:08 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe MOD - [2010.04.27 14:41:26 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe ========== Services (SafeList) ========== SRV:64bit: - [2013.03.29 03:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.06.28 10:53:00 | 004,941,768 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009.06.05 18:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters) SRV - [2013.10.10 07:45:37 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.09.15 19:53:00 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013.01.27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.01.27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.03.03 01:17:18 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.03.29 16:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011.03.26 00:42:16 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2011.03.26 00:42:00 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2011.03.26 00:41:50 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService) SRV - [2011.03.25 23:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService) SRV - [2011.03.16 11:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.12.11 20:18:12 | 001,064,584 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2010.10.22 03:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) SRV - [2010.08.19 14:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60) SRV - [2010.06.24 01:40:36 | 000,077,824 | ---- | M] (Avid Technology, Inc..) [Auto | Running] -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.22 01:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service) SRV - [2010.01.18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.12.09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.29 04:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2013.03.29 03:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2013.02.14 13:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2013.01.20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.11.07 09:49:58 | 000,025,600 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzdaendpt.sys -- (rzdaendpt) DRV:64bit: - [2012.11.07 09:49:54 | 000,023,040 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzvkeyboard.sys -- (rzvkeyboard) DRV:64bit: - [2012.11.07 09:49:46 | 000,113,664 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd) DRV:64bit: - [2012.06.28 10:51:36 | 000,139,592 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge) DRV:64bit: - [2012.03.03 01:17:20 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp) DRV:64bit: - [2012.03.03 01:17:16 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) DRV:64bit: - [2012.03.03 01:17:14 | 000,943,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2012.03.03 01:17:10 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.22 16:14:54 | 000,078,208 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf) DRV:64bit: - [2011.09.28 17:31:30 | 000,321,536 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock) DRV:64bit: - [2011.03.26 00:43:06 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2011.03.26 00:43:04 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2011.03.26 00:41:18 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd) DRV:64bit: - [2011.03.26 00:41:08 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2011.03.25 23:27:36 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2011.03.25 21:04:58 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2011.03.25 21:04:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.12.07 20:19:02 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MAudioFastTrack.sys -- (MAUSBFASTTRACK) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.22 03:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB) DRV:64bit: - [2010.10.22 03:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2010.10.01 01:16:34 | 000,013,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms) DRV:64bit: - [2010.03.23 17:37:34 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr) DRV:64bit: - [2009.12.23 12:36:04 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd) DRV:64bit: - [2009.11.24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.24 03:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.09.23 16:10:04 | 000,218,056 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore) DRV:64bit: - [2009.09.16 16:26:18 | 000,331,816 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv64xx.sys -- (mv64xx) DRV:64bit: - [2009.08.10 16:25:32 | 000,047,104 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CYUSB.sys -- (CYUSB) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 18:42:04 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV:64bit: - [2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.03.02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2010.08.19 14:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1037283242-4171337582-128212150-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1037283242-4171337582-128212150-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-1037283242-4171337582-128212150-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 23 21 02 80 C5 CE 01 [binary data] IE - HKU\S-1-5-21-1037283242-4171337582-128212150-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1037283242-4171337582-128212150-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1037283242-4171337582-128212150-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.4: C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2012.08.05 15:23:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions O1 HOSTS File: ([2013.10.10 08:08:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Reg Error: Value error.) - {C4415769-1588-4AD6-9624-B2E69DB78D1A} - Reg Error: Value error. File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No CLSID value found. O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKU\S-1-5-21-1037283242-4171337582-128212150-500\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon.exe (Avid Technology, Inc.) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe () O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc..) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1037283242-4171337582-128212150-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1037283242-4171337582-128212150-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1037283242-4171337582-128212150-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in ) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11598DD2-21FD-4F1A-8609-82672B95369C}: DhcpNameServer = 192.168.10.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BD4187B-1E1C-4C45-B0AC-7C258A9EEF84}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCE4204A-550C-44D7-BA0F-60B49CD5C464}: DhcpNameServer = 192.168.10.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.10.10 08:08:09 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013.10.10 07:51:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.10.10 07:51:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.10.10 07:51:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.10.10 07:50:19 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.10.10 07:49:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.10.08 20:31:48 | 000,000,000 | ---D | C] -- C:\FRST [2013.10.08 02:03:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT [2013.10.08 01:52:51 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2013.10.08 01:47:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses [2013.10.08 01:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster [2013.10.08 01:47:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster [2013.10.08 01:40:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle [2013.10.08 01:40:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.10.08 01:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [2013.10.08 01:39:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.10.08 01:24:27 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2013.10.08 01:18:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia [2013.10.08 01:18:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe [2013.10.08 01:18:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Threat Expert [2013.10.08 01:15:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\ATI [2013.10.08 01:15:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ATI [2013.10.08 01:15:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Razer [2013.10.08 01:15:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Logitech [2013.10.08 01:15:36 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.10.08 01:15:36 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches [2013.10.08 01:15:36 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.10.08 01:15:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities [2013.10.08 01:15:23 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts [2013.10.08 01:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware ========== Files - Modified Within 30 Days ========== [2013.10.10 08:17:46 | 000,026,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.10.10 08:17:46 | 000,026,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.10.10 08:09:40 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.10.10 08:08:06 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.10.10 08:08:03 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.10.10 08:06:50 | 001,659,522 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.10.10 08:06:50 | 000,713,640 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.10.10 08:06:50 | 000,666,652 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.10.10 08:06:50 | 000,155,258 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.10.10 08:06:50 | 000,127,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.10.10 08:02:38 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.10.10 08:02:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.10.10 08:02:29 | 1066,737,662 | -HS- | M] () -- C:\hiberfil.sys [2013.10.09 21:36:09 | 001,313,301 | ---- | M] () -- C:\ProgramData\vh7lcw4.pff [2013.10.09 21:36:03 | 000,000,000 | ---- | M] () -- C:\ProgramData\vh7lcw4.ctrl [2013.10.09 21:31:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1037283242-4171337582-128212150-1000UA.job [2013.10.09 01:31:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1037283242-4171337582-128212150-1000Core.job [2013.10.08 20:15:30 | 000,427,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.10.08 01:47:48 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk [2013.09.15 19:53:00 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.09.15 19:52:42 | 000,281,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.09.15 19:52:42 | 000,281,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe ========== Files Created - No Company Name ========== [2013.10.10 07:51:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.10.10 07:51:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.10.10 07:51:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.10.10 07:51:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.10.10 07:51:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.10.08 01:47:48 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk [2013.10.08 01:15:38 | 000,001,445 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.10.08 00:57:49 | 001,313,301 | ---- | C] () -- C:\ProgramData\vh7lcw4.pff [2013.10.08 00:48:35 | 000,000,000 | ---- | C] () -- C:\ProgramData\vh7lcw4.ctrl [2013.08.20 19:53:55 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2013.07.20 21:59:20 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2013.05.05 02:46:01 | 000,000,099 | ---- | C] () -- C:\Windows\wininit.ini [2013.03.29 04:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe [2013.03.29 04:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe [2013.03.22 00:29:49 | 000,281,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.03.22 00:29:39 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.11.27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.10.23 01:54:10 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll [2012.10.23 00:45:31 | 000,076,351 | ---- | C] () -- C:\ProgramData\kuksclqtviclkhm [2012.10.18 13:33:10 | 000,038,520 | ---- | C] () -- C:\Windows\SysWow64\RGBAcodec.dll [2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.03.03 23:07:54 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll [2012.03.02 00:19:41 | 001,685,884 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.02 00:10:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.10.08 01:15:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Razer [2013.06.16 23:43:52 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\.minecraft [2012.03.03 01:32:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Acronis [2013.09.10 20:42:40 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Digidesign [2013.02.17 16:34:29 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoft [2012.03.04 00:51:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\LolClient [2012.06.14 14:31:52 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\LolClient2 [2013.08.01 00:21:08 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Origin [2013.09.10 20:19:25 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PACE Anti-Piracy [2012.03.03 23:11:50 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Razer [2013.10.08 00:28:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TS3Client ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 1337 bytes -> C:\ProgramData\Microsoft:mxdZjYwDRUU9SQXpYjdCMYzUP @Alternate Data Stream - 1283 bytes -> C:\ProgramData\Microsoft:ZdNaBsvHQikjGLGKCWNicw @Alternate Data Stream - 1264 bytes -> C:\ProgramData\Microsoft:pkHZHlxYL9cCCjokyYftwajtsX @Alternate Data Stream - 1217 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:gnhzvPLd0sUBaw8pJEsRfHqpr @Alternate Data Stream - 1206 bytes -> C:\Program Files (x86)\Common Files\System:PrIFGv3bUMI5Igbq0nbXopSpyk @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8 @Alternate Data Stream - 1088 bytes -> C:\ProgramData\Microsoft:UQ5sVDzEmldjh7UWHKV2QyxI < End of report > Code:
ATTFilter 09.10. Trojan:JS/Reveton.A 08.10. Trojan:Win32/Reveton.V 08.10. Trojan:Win32/Reveton.V (Eintrag doppelt) 06.10. Exploit:Java/CVE-2013-2465 und bei "unter Quarantäne gestellte Elemente": 09.10.13 Trojan:JS/Reveton.A 08.10.13 Trojan:Win32/Reveton.V 05.05.13 Trojan:Win32/Urausy.C 21.03.13 PWS:Win32/Zbot 18.03.13 Exploit:Win64/Anogre.gen!A 26.02.13 Exploit:Win64/Anogre.gen!A 23.02.13 Exploit:Win64/Anogre.gen!A 18.01.13 Exploit:Win64/Anogre.gen!A 06.01.13 Trojan:Win32/Meredrop 28.12.12 Trojan:Win32/Reveton!Ink (jeweils unterschiedliche Uhrzeiten) 28.12.12 Trojan:Win32/Reveton!Ink 28.12.12 Trojan:Win32/Reveton!Ink 28.12.12 Trojan:Win32/Reveton!Ink 28.12.12 Trojan:Win32/Reveton!Ink |
10.10.2013, 09:36 | #12 |
/// TB-Ausbilder | GVU Trojaner Windows 7 64 Bit Hi, ich seh da einen Hinweis im Log, dass auch noch ein Bootkit (schätzungsweise Wistler; ein Befall des MBR = Masterbootsektors) vorliegt... Dem müssen wir danach auch unbedingt noch nachgehen. Aber zuerst zum Sperrbildschirm: Mach bitte folgenden OTL-Fix im Admin-Konto. Kannst du danach den Rechner wieder normal in das betroffene Benutzerkonto starten, ohne dass dir irgendwas den Weg versperrt?
Code:
ATTFilter :OTL [2013.10.09 21:36:09 | 001,313,301 | ---- | M] () -- C:\ProgramData\vh7lcw4.pff [2013.10.09 21:36:03 | 000,000,000 | ---- | M] () -- C:\ProgramData\vh7lcw4.ctrl [2012.10.23 00:45:31 | 000,076,351 | ---- | C] () -- C:\ProgramData\kuksclqtviclkhm @Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 1337 bytes -> C:\ProgramData\Microsoft:mxdZjYwDRUU9SQXpYjdCMYzUP @Alternate Data Stream - 1283 bytes -> C:\ProgramData\Microsoft:ZdNaBsvHQikjGLGKCWNicw @Alternate Data Stream - 1264 bytes -> C:\ProgramData\Microsoft:pkHZHlxYL9cCCjokyYftwajtsX @Alternate Data Stream - 1217 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:gnhzvPLd0sUBaw8pJEsRfHqpr @Alternate Data Stream - 1206 bytes -> C:\Program Files (x86)\Common Files\System:PrIFGv3bUMI5Igbq0nbXopSpyk @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8 @Alternate Data Stream - 1088 bytes -> C:\ProgramData\Microsoft:UQ5sVDzEmldjh7UWHKV2QyxI :files c:\users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vh7lcw4.lnk :commands [emptytemp]
__________________ cheers, Leo |
10.10.2013, 19:21 | #13 |
| GVU Trojaner Windows 7 64 Bit Hier der Log vom OTL Fix: Code:
ATTFilter All processes killed ========== OTL ========== C:\ProgramData\vh7lcw4.pff moved successfully. C:\ProgramData\vh7lcw4.ctrl moved successfully. C:\ProgramData\kuksclqtviclkhm moved successfully. ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully. ADS C:\ProgramData\Microsoft:mxdZjYwDRUU9SQXpYjdCMYzUP deleted successfully. ADS C:\ProgramData\Microsoft:ZdNaBsvHQikjGLGKCWNicw deleted successfully. ADS C:\ProgramData\Microsoft:pkHZHlxYL9cCCjokyYftwajtsX deleted successfully. ADS C:\Program Files (x86)\Common Files\microsoft shared:gnhzvPLd0sUBaw8pJEsRfHqpr deleted successfully. ADS C:\Program Files (x86)\Common Files\System:PrIFGv3bUMI5Igbq0nbXopSpyk deleted successfully. ADS C:\ProgramData\TEMP:5C321E34 deleted successfully. ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully. ADS C:\ProgramData\Microsoft:UQ5sVDzEmldjh7UWHKV2QyxI deleted successfully. ========== FILES ========== c:\users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vh7lcw4.lnk moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 18806 bytes ->Temporary Internet Files folder emptied: 225863737 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 1783 bytes User: All Users User: ***** ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 1392778 bytes ->Java cache emptied: 2455154 bytes ->Google Chrome cache emptied: 225237102 bytes ->Flash cache emptied: 10983 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 8410484 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 442,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 10102013_201521 Files\Folders moved on Reboot... C:\Users\Administrator\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C50ECY5D\142714-gvu-trojaner-windows-7-64-bit-2[1].htm moved successfully. C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2476.log moved successfully. File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... Jawoll, bin jetzt wieder unter dem normalen Benutzer angemeldet. |
10.10.2013, 20:13 | #14 |
/// TB-Ausbilder | GVU Trojaner Windows 7 64 Bit Ok, dann ab jetzt im betroffenen Konto weitermachen: Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ cheers, Leo |
10.10.2013, 20:17 | #15 |
| GVU Trojaner Windows 7 64 Bit Er frägt mich ob ich von Version 2.8.13.0 auf Version 3.0.0.12 updaten will. Denke das dürfte nix schaden, ich update mal. |
Themen zu GVU Trojaner Windows 7 64 Bit |
aktuelle, anderen, benutzer, besucht, computer, direkt, farbar recovery scan tool, frage, guten, lag, link, modus, netzwerk, probleme, recht, recovery, scan, software, surfen, system, tool, trojaner, websites, windows, windows 7, zweck |