Internet Explorer startet von allein. Laut Taskmanager auch mehrere Instanzen davon.
Hallo zusammen,
Ich habe seit 2-3 Tagen das Problem, das sich mein Internet Explorer (den ich eigentlich garnicht nutze, sondern Firefox) automatisch öffnet. Wenn ich es merke, schließe ich ihn sofort wieder, öffne den Task Manager und versuche alle gestarteten Internet Explorer Anwendungen zu schließen.
Da diese Methode das ganze aber nur temporär behebt, die Ursache jedoch weiter bestehen bleibt, wende ich mich nun an das Board hier.
Mein Virenprogram hat leider nichts gefunden und Malwarebyte hat ein paar Sachen in Quarantäne gestellt. 2 konnten wohl aber nicht behoben werden - auch nach Neustart nicht. Malwarebytes Log: Code:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org
Datenbank Version: v2012.08.05.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Torialla :: TORIALLA-PC [Administrator]
Schutz: Aktiviert
05.08.2012 14:35:28
mbam-log-2012-08-05 (14-35-28).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 205031
Laufzeit: 2 Minute(n), 51 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|LicenseValidator (Trojan.Proxy) -> Daten: C:\Users\Torialla\AppData\Roaming\Identities\{37A94899-AEE8-4882-96D1-13DE4582C0BC}\LicenseValidator.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 1
C:\Users\Torialla\AppData\Roaming\Identities\{37A94899-AEE8-4882-96D1-13DE4582C0BC}\LicenseValidator.exe (Trojan.Proxy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
OTL-Log Code:
OTL logfile created on: 05.08.2012 16:50:50 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Torialla\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 53,99% Memory free
8,00 Gb Paging File | 6,27 Gb Available in Paging File | 78,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 83,01 Gb Total Space | 11,48 Gb Free Space | 13,82% Space Free | Partition Type: NTFS
Drive D: | 382,75 Gb Total Space | 33,81 Gb Free Space | 8,83% Space Free | Partition Type: NTFS
Computer Name: TORIALLA-PC | User Name: Torialla | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.08.05 14:59:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Torialla\Desktop\OTL.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.05.29 10:55:26 | 001,028,776 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Sicherheitspaket\Anti-Virus\fssm32.exe
PRC - [2012.05.29 10:55:26 | 000,561,832 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Sicherheitspaket\Anti-Virus\FSGK32.EXE
PRC - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.04.24 16:25:29 | 000,488,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Sicherheitspaket\Anti-Virus\fsav32.exe
PRC - [2012.04.24 16:23:51 | 000,061,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Sicherheitspaket\ORSP Client\fsorsp.exe
PRC - [2009.11.18 18:08:32 | 000,201,128 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Sicherheitspaket\Common\FSM32.EXE
PRC - [2009.11.18 18:08:32 | 000,188,840 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Sicherheitspaket\Common\FSMA32.EXE
PRC - [2009.11.18 18:08:32 | 000,090,536 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Sicherheitspaket\Common\FSHDLL32.EXE
PRC - [2009.11.18 18:06:20 | 000,221,608 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Sicherheitspaket\Anti-Virus\fsgk32st.exe
========== Modules (No Company Name) ==========
MOD - [2009.11.18 18:08:42 | 000,001,536 | ---- | M] () -- C:\Program Files (x86)\Sicherheitspaket\FSPC\fspcfsm.eng
MOD - [2009.11.18 18:07:10 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Sicherheitspaket\FSGUI\strres.eng
MOD - [2009.11.18 18:07:02 | 000,553,384 | ---- | M] () -- C:\Program Files (x86)\Sicherheitspaket\FSGUI\gres.dll
MOD - [2009.11.18 18:06:54 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Sicherheitspaket\FSGUI\fsavures.eng
MOD - [2009.11.18 18:06:52 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Sicherheitspaket\FSGUI\flyerres.eng
MOD - [2009.11.18 18:06:40 | 000,090,536 | ---- | M] () -- C:\Program Files (x86)\Sicherheitspaket\FSGUI\aboutres.dll
MOD - [2009.11.18 18:06:36 | 000,442,792 | ---- | M] () -- C:\Program Files (x86)\Sicherheitspaket\FSGUI\about.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.07.18 18:25:38 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.05.25 18:07:10 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.04.24 19:56:21 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.24 16:23:51 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Sicherheitspaket\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2012.04.05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.01.01 21:20:00 | 003,931,352 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.18 18:08:32 | 000,188,840 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\Sicherheitspaket\Common\FSMA32.EXE -- (FSMA)
SRV - [2009.11.18 18:07:30 | 000,846,248 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Sicherheitspaket\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2009.11.18 18:06:20 | 000,221,608 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\Sicherheitspaket\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.29 10:16:30 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.05.29 10:16:30 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.05.09 10:21:01 | 000,055,960 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fsbts.sys -- (fsbts)
DRV:64bit: - [2012.04.25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.04.24 16:38:22 | 000,050,384 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\fses.sys -- (FSES)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009.11.18 18:07:30 | 000,094,024 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fsdfw.sys -- (FSFW)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.01.19 06:36:12 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irsir.sys -- (irsir)
DRV - [2012.05.29 10:55:33 | 000,199,848 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2012.04.24 17:42:20 | 000,042,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\fsbts.sys -- (fsbts)
DRV - [2009.11.18 18:08:18 | 000,059,784 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Sicherheitspaket\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009.11.18 18:06:22 | 000,041,640 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files (x86)\Sicherheitspaket\Anti-Virus\Win2K\FSfilter.sys -- (F-Secure Filter)
DRV - [2009.11.18 18:06:22 | 000,027,048 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files (x86)\Sicherheitspaket\Anti-Virus\Win2K\FSrec.sys -- (F-Secure Recognizer)
DRV - [2009.11.18 18:06:22 | 000,016,768 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.04 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D2 5B 1C BF 46 0C CA 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.update: false
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Torialla\AppData\Roaming\Mozilla\Firefox\Profiles\2huyn2iq.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files (x86)\Sicherheitspaket\NRS\litmus-ff@f-secure.com [2012.07.13 15:51:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Torialla\AppData\Roaming\14001.008 [2012.08.03 12:22:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 18:25:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.26 22:38:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Torialla\AppData\Roaming\14001.008 [2012.08.03 12:22:04 | 000,000,000 | ---D | M]
[2012.04.24 16:16:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torialla\AppData\Roaming\mozilla\Extensions
[2012.08.03 08:57:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torialla\AppData\Roaming\mozilla\Firefox\Profiles\2huyn2iq.default\extensions
[2012.05.10 15:37:25 | 000,000,000 | ---D | M] () -- C:\Users\Torialla\AppData\Roaming\mozilla\Firefox\Profiles\2huyn2iq.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2012.04.26 18:16:53 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Torialla\AppData\Roaming\mozilla\Firefox\Profiles\2huyn2iq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.03 08:57:13 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Torialla\AppData\Roaming\mozilla\Firefox\Profiles\2huyn2iq.default\extensions\DeviceDetection@logitech.com
[2012.04.24 16:15:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.08.03 12:22:04 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\TORIALLA\APPDATA\ROAMING\14001.008
[2012.07.18 18:25:38 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.08 07:36:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.08 07:36:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.08 07:36:56 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.08 07:36:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.08 07:36:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.08 07:36:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2012.08.05 14:52:17 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\Sicherheitspaket\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\Sicherheitspaket\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [LicenseValidator] C:\Users\Torialla\AppData\Roaming\Identities\{CEE9E8A4-8F86-46AE-9E7F-BFC723F05243}\LicenseValidator.exe (Saa©©Inc©)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000023 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{844AB4F1-428B-4477-9614-706C42FF8802}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.02.21 17:37:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.08.05 14:59:36 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Torialla\Desktop\OTL.exe
[2012.08.05 14:41:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.08.05 14:41:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.08.05 14:41:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.08.05 14:40:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.08.05 14:40:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.08.05 14:26:11 | 000,000,000 | ---D | C] -- C:\Users\Torialla\AppData\Roaming\Malwarebytes
[2012.08.05 14:26:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.05 14:26:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.05 14:26:03 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.05 14:26:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.05 12:48:26 | 000,000,000 | ---D | C] -- C:\Users\Torialla\AppData\Roaming\GlarySoft
[2012.08.04 17:25:03 | 000,000,000 | ---D | C] -- C:\Users\Torialla\AppData\Local\Skyrim NPC Editor
[2012.08.04 17:23:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skyrim NPC Editor
[2012.08.04 17:23:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2012.08.04 00:26:37 | 000,000,000 | ---D | C] -- C:\Users\Torialla\AppData\Roaming\Opera
[2012.08.03 23:06:37 | 000,000,000 | ---D | C] -- C:\Users\Torialla\AppData\Roaming\Google Inc
[2012.08.03 13:10:45 | 000,000,000 | ---D | C] -- C:\Users\Torialla\AppData\Roaming\UAs
[2012.08.03 12:39:45 | 000,000,000 | ---D | C] -- C:\Users\Torialla\AppData\Roaming\Help
[2012.08.03 12:35:41 | 000,000,000 | ---D | C] -- C:\Users\Torialla\AppData\Roaming\TeamViewer
[2012.08.03 12:22:04 | 000,000,000 | ---D | C] -- C:\Users\Torialla\AppData\Roaming\14001.008
[2012.08.03 12:21:33 | 000,000,000 | ---D | C] -- C:\Users\Torialla\AppData\Roaming\xmldm
[2012.08.03 12:21:32 | 000,000,000 | ---D | C] -- C:\Users\Torialla\AppData\Roaming\kock
[2012.08.03 00:35:44 | 000,000,000 | ---D | C] -- C:\Users\Torialla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012.08.02 00:27:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2012.08.01 17:25:07 | 000,000,000 | ---D | C] -- C:\Users\Torialla\Documents\Nexus Mod Manager
[2012.08.01 17:25:07 | 000,000,000 | ---D | C] -- C:\Users\Torialla\AppData\Local\Black_Tree_Gaming
[2012.08.01 17:24:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
[2012.08.01 17:24:16 | 000,000,000 | ---D | C] -- C:\Program Files\Nexus Mod Manager
[2012.07.31 19:23:12 | 000,000,000 | ---D | C] -- C:\Users\Torialla\AppData\Local\Skyrim
[2012.07.31 18:46:13 | 000,139,264 | ---- | C] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe
[2012.07.31 18:46:13 | 000,000,000 | ---D | C] -- C:\Users\Torialla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III
[2012.07.31 18:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
[2012.07.20 11:42:17 | 000,000,000 | ---D | C] -- C:\Users\Torialla\Documents\DVDVideoSoft
[2012.07.18 17:07:08 | 000,000,000 | ---D | C] -- C:\Users\Torialla\Documents\Electronic Arts
[2012.07.18 17:06:17 | 000,000,000 | ---D | C] -- C:\Users\Torialla\AppData\Roaming\Electronic Arts
[2012.07.16 18:32:57 | 000,000,000 | ---D | C] -- C:\Users\Torialla\AppData\Roaming\mkvtoolnix
[2012.07.10 07:46:57 | 000,000,000 | ---D | C] -- C:\Users\Torialla\Documents\OpenTTD
[2012.07.07 09:37:36 | 000,000,000 | ---D | C] -- C:\Users\Torialla\riotsGamesLogs
[2012.07.06 21:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Wars - The Old Republic
[2012.07.06 21:18:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.08.05 16:30:42 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.05 15:00:09 | 000,000,000 | ---- | M] () -- C:\Users\Torialla\defogger_reenable
[2012.08.05 14:59:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Torialla\Desktop\OTL.exe
[2012.08.05 14:52:17 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.08.05 14:42:17 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.05 14:42:17 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.05 14:34:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.05 14:33:59 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.05 14:26:05 | 000,001,152 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.05 09:55:26 | 387,574,139 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.08.04 20:35:39 | 000,000,658 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2012.08.03 14:45:40 | 000,000,017 | ---- | M] () -- C:\Users\Torialla\AppData\Roaming\blckdom.res
[2012.08.03 00:35:44 | 000,000,216 | ---- | M] () -- C:\Users\Torialla\Desktop\Creation Kit.url
[2012.08.01 19:28:02 | 000,000,695 | ---- | M] () -- C:\Users\Torialla\Desktop\World of Warcraft.lnk
[2012.07.31 19:13:40 | 000,098,287 | ---- | M] () -- C:\Windows\War3Unin.dat
[2012.07.31 19:11:37 | 000,000,823 | ---- | M] () -- C:\Users\Torialla\Desktop\Frozen Throne.lnk
[2012.07.31 19:11:32 | 000,139,264 | ---- | M] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe
[2012.07.31 19:11:32 | 000,002,829 | ---- | M] () -- C:\Windows\War3Unin.pif
[2012.07.31 19:05:48 | 000,000,818 | ---- | M] () -- C:\Users\Torialla\Desktop\Warcraft III.lnk
[2012.07.18 16:58:24 | 000,001,135 | ---- | M] () -- C:\Users\Torialla\Desktop\Dark Age of Camelot.lnk
[2012.07.11 12:23:18 | 002,198,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.06 21:18:04 | 000,000,796 | ---- | M] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.08.05 15:00:09 | 000,000,000 | ---- | C] () -- C:\Users\Torialla\defogger_reenable
[2012.08.05 14:41:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.08.05 14:41:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.08.05 14:41:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.08.05 14:41:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.08.05 14:41:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.08.05 14:26:05 | 000,001,152 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.05 09:55:26 | 387,574,139 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.08.03 12:21:44 | 000,000,017 | ---- | C] () -- C:\Users\Torialla\AppData\Roaming\blckdom.res
[2012.08.03 00:35:44 | 000,000,216 | ---- | C] () -- C:\Users\Torialla\Desktop\Creation Kit.url
[2012.08.01 17:24:22 | 000,000,658 | ---- | C] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2012.07.31 19:11:37 | 000,000,823 | ---- | C] () -- C:\Users\Torialla\Desktop\Frozen Throne.lnk
[2012.07.31 18:46:16 | 000,000,818 | ---- | C] () -- C:\Users\Torialla\Desktop\Warcraft III.lnk
[2012.07.31 18:46:13 | 000,098,287 | ---- | C] () -- C:\Windows\War3Unin.dat
[2012.07.31 18:46:13 | 000,002,829 | ---- | C] () -- C:\Windows\War3Unin.pif
[2012.07.18 16:58:24 | 000,001,135 | ---- | C] () -- C:\Users\Torialla\Desktop\Dark Age of Camelot.lnk
[2012.07.06 21:18:04 | 000,000,796 | ---- | C] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2012.06.28 08:22:31 | 000,088,680 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.06.23 16:51:44 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012.06.23 16:51:44 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012.06.23 16:51:44 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012.06.23 16:49:39 | 000,026,565 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2012.05.28 18:38:27 | 000,007,607 | ---- | C] () -- C:\Users\Torialla\AppData\Local\Resmon.ResmonCfg
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.04.24 16:20:35 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2012.04.24 16:20:16 | 001,516,002 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
========== LOP Check ==========
[2012.06.26 07:21:19 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Zusätzlich hatte ich mal Combofix drüber laufen lassen, was zu solchen Problemen über die Google Suche empfohlen wurde. Combofix-Log: Code:
ComboFix 12-08-05.02 - Torialla 05.08.2012 14:44:02.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.2652 [GMT 2:00]
ausgeführt von:: c:\users\Torialla\Downloads\ComboFix.exe
AV: Sicherheitspaket 9.12 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
FW: Sicherheitspaket 9.12 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: Sicherheitspaket 9.12 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Torialla\AppData\Local\._Revolution_
c:\users\Torialla\AppData\Roaming\AcroIEHelpe.txt
c:\users\Torialla\AppData\Roaming\BAcroIEHelpe.dll
c:\users\Torialla\AppData\Roaming\Help\coredb\storage
c:\users\Torialla\AppData\Roaming\srvblck5.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-05 bis 2012-08-05 ))))))))))))))))))))))))))))))
.
.
2012-08-05 12:52 . 2012-08-05 12:52 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-05 12:26 . 2012-08-05 12:26 -------- d-----w- c:\users\Torialla\AppData\Roaming\Malwarebytes
2012-08-05 12:26 . 2012-08-05 12:26 -------- d-----w- c:\programdata\Malwarebytes
2012-08-05 12:26 . 2012-08-05 12:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-05 12:26 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-05 10:48 . 2012-08-05 10:48 -------- d-----w- c:\users\Torialla\AppData\Roaming\GlarySoft
2012-08-04 15:25 . 2012-08-04 15:25 -------- d-----w- c:\users\Torialla\AppData\Local\Skyrim NPC Editor
2012-08-04 15:23 . 2012-08-04 15:23 -------- d-----w- c:\program files (x86)\Microsoft XNA
2012-08-04 15:22 . 2012-08-05 12:46 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{98539A36-C13F-49EC-9C52-28E5D07593BF}\offreg.dll
2012-08-03 21:06 . 2012-08-03 21:06 -------- d-----w- c:\users\Torialla\AppData\Roaming\Google Inc
2012-08-03 19:56 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{98539A36-C13F-49EC-9C52-28E5D07593BF}\mpengine.dll
2012-08-03 15:14 . 2012-08-05 12:39 5826 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-08-03 11:10 . 2012-08-03 11:10 -------- d-----w- c:\users\Torialla\AppData\Roaming\UAs
2012-08-03 10:35 . 2012-08-04 14:16 -------- d-----w- c:\users\Torialla\AppData\Roaming\TeamViewer
2012-08-03 10:22 . 2012-08-03 10:22 -------- d-----w- c:\users\Torialla\AppData\Roaming\14001.008
2012-08-03 10:21 . 2012-08-03 11:11 -------- d-----w- c:\users\Torialla\AppData\Roaming\xmldm
2012-08-03 10:21 . 2012-08-03 10:21 -------- d-----w- c:\users\Torialla\AppData\Roaming\kock
2012-08-01 15:25 . 2012-08-04 18:36 -------- d-----w- c:\users\Torialla\AppData\Local\Black_Tree_Gaming
2012-08-01 15:24 . 2012-08-01 15:24 -------- d-----w- c:\program files\Nexus Mod Manager
2012-07-31 17:23 . 2012-08-05 11:28 -------- d-----w- c:\users\Torialla\AppData\Local\Skyrim
2012-07-31 16:46 . 2012-07-31 17:11 2829 ----a-w- c:\windows\War3Unin.pif
2012-07-31 16:46 . 2012-07-31 17:11 139264 ----a-w- c:\windows\War3Unin.exe
2012-07-18 15:06 . 2012-07-18 15:06 -------- d-----w- c:\users\Torialla\AppData\Roaming\Electronic Arts
2012-07-16 16:32 . 2012-07-16 16:32 -------- d-----w- c:\users\Torialla\AppData\Roaming\mkvtoolnix
2012-07-11 06:20 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 06:10 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-07 07:37 . 2012-07-07 07:37 -------- d-----w- c:\users\Torialla\riotsGamesLogs
2012-07-06 19:18 . 2012-07-06 19:18 -------- d-----w- c:\program files (x86)\Common Files\BioWare
2012-07-06 19:17 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-07-06 19:17 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-07-06 19:17 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 06:18 . 2012-04-26 06:00 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-23 16:32 . 2012-06-23 14:51 21840 ----atw- c:\windows\SysWow64\SIntfNT.dll
2012-06-23 16:32 . 2012-06-23 14:51 17212 ----atw- c:\windows\SysWow64\SIntf32.dll
2012-06-23 16:32 . 2012-06-23 14:51 12067 ----atw- c:\windows\SysWow64\SIntf16.dll
2012-06-23 14:46 . 2012-06-23 14:46 2829 ----a-w- c:\windows\DIIUnin.pif
2012-06-23 14:46 . 2012-06-23 14:46 102400 ----a-w- c:\windows\DIIUnin.exe
2012-06-02 22:19 . 2012-06-22 05:53 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 05:53 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 05:53 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 05:53 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 05:53 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 05:53 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 05:53 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 05:53 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-22 05:53 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-29 08:16 . 2012-05-05 12:51 88480 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-05-29 08:16 . 2012-05-05 12:51 46400 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-05-24 06:30 . 2012-05-24 06:30 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-23 12:33 . 2012-05-23 12:34 772552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-15 10:48 . 2012-05-23 12:38 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-05-23 12:38 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-05-23 12:37 8139072 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-05-23 12:37 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-05-23 12:37 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-05-23 12:37 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-23 12:37 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2012-05-23 12:37 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-05-23 12:37 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-05-23 12:37 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-05-23 12:37 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-05-23 12:37 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-23 12:37 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2012-05-23 12:37 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-05-23 12:37 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-05-23 12:37 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2012-05-23 12:37 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-05-23 12:37 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2012-05-23 12:37 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2012-05-23 12:37 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2009-07-13 21:59 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 09:29 . 2012-05-23 12:38 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2012-05-23 12:38 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2012-05-23 12:38 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-05-15 09:29 . 2012-05-23 12:38 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2012-05-23 12:38 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2012-05-23 12:38 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 00:21 . 2012-05-15 00:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-14 05:47 . 2012-05-14 05:47 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-05-09 08:21 . 2012-04-24 14:27 55960 ----a-w- c:\windows\system32\drivers\fsbts.sys
2012-03-18 09:25 . 2011-10-18 16:46 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 12:01 . 2011-02-21 23:32 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LicenseValidator"="c:\users\Torialla\AppData\Roaming\Identities\{CEE9E8A4-8F86-46AE-9E7F-BFC723F05243}\LicenseValidator.exe" [2012-08-05 299008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="c:\program files (x86)\Sicherheitspaket\Common\FSM32.EXE" [2009-11-18 201128]
"F-Secure TNB"="c:\program files (x86)\Sicherheitspaket\FSGUI\TNBUtil.exe" [2012-04-24 1655464]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-07-03 1085000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2012-04-24 50384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 253088]
R4 F-Secure Filter;F-Secure File System Filter;c:\program files (x86)\Sicherheitspaket\Anti-Virus\Win2K\FSfilter.sys [2009-11-18 41640]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files (x86)\Sicherheitspaket\Anti-Virus\Win2K\FSrec.sys [2009-11-18 27048]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-05-09 55960]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\Sicherheitspaket\HIPS\drivers\fshs.sys [2009-11-18 59784]
S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-11-18 94024]
S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys [2009-11-18 16768]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys [2012-05-29 199848]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\Sicherheitspaket\ORSP Client\fsorsp.exe [2012-04-24 61088]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 17:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: c:\program files (x86)\Sicherheitspaket\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Torialla\AppData\Roaming\Mozilla\Firefox\Profiles\2huyn2iq.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-McAfee Security Scan - c:\program files (x86)\McAfee Security Scan\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2532041202-1850984711-2960595005-1001\Software\SecuROM\License information*]
"datasecu"=hex:02,3a,e8,a1,dd,a6,b4,82,61,11,62,4a,c4,92,fd,c3,9c,44,6c,ed,be,
0b,91,fa,55,cd,2c,f4,6b,3c,73,7c,3b,15,22,56,e7,e5,6d,59,7e,a6,9e,45,6b,82,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-08-05 14:54:25
ComboFix-quarantined-files.txt 2012-08-05 12:54
.
Vor Suchlauf: 4.148.342.784 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 12.261.146.624 Bytes frei
.
- - End Of File - - E7C825960B8BA02B97894142ACA4F627
Ich hoffe damit kann jemand was anfangen und vielleicht helfen das Problem zu beheben. |
