| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: LicenseValidator.exe/UpdateChecker.exe, TR/ATRAPS.Gen und TR/ATRAPS.Gen2Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
31.07.2012, 01:46
| #1 |
 |  LicenseValidator.exe/UpdateChecker.exe, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 Hallo liebe Trojaner-Boardler, ich habe seit einigen Stunden ein merkwürdiges Verhalten auf meinem Computer. Begonnen hat alles mit dem Update des Flash Players auf die neueste Version - zumindest gehe ich davon aus, dass es damit losging, da ich in den Tagen und Stunden davor sonst nichts heruntergeladen habe. Anfangs kam unbekannte Musik durch die Boxen. Als ich den TaskManager gestartet habe, um zu schauen, was das verursacht, hat es aufgehört. Ich wollte hierauf Chrome starten, um nach diesem Vorfall zu googlen. Chrome ist allerdings mitsamt aller Erweiterungen abgestürzt. Nun habe ich mithilfe von Firefox ein wenig recherchiert, auch in einem Threads in diesem Forum, die ich über Google erreicht habe und habe mal MBAM laufen lassen. Gefunden wurde die LicenseValidator.exe.. Löschen lassen, Neustart musste ich hinauszögern, da ich noch etwas wichtiges hochgeladen habe. Währenddessen noch einige Male MBAM durchlaufen lassen, unterschiedliche Ergebnisse in immer wechselnden Ordnern. Unter anderem kam die UpdateChecker.exe hinzu. Seit knapp einer Stunde ist zumindest mit den beiden Dateien Ruhe. Zudem ist mir aufgefallen, dass immer zwei unsichtbare iexplore.exe-Instanzen gestartet werden. Ich gehe davon aus, dass die Musik von denen kam. Das war aber insgesamt nur zweimal der Fall und seitdem nicht mehr. Nur die beiden iexplore.exe sind noch eine Weile immer von alleine gestartet. Seit etwa 30 Minuten Ruhe. Auch Chrome startet wieder wie gewohnt. Nach dem Upload habe ich den PC endlich neugestartet und seitdem meldet Avira Antivir etwa alle 2 Minuten, dass er "TR/ATRAPS.Gen" und "TR/ATRAPS.Gen2" in C:\Windows\Installer gefunden hat. Quarantäne/Löschen scheinen keinen Erfolg zu bringen. Scheinbar handelt es sich hierbei um ein Rootkit.. Nun, da in allen Threads angegeben worden ist, dass man nicht eigenständig rumprobieren soll, da dadurch womöglich die Säuberung erschwert wird, habe ich mich nun entschlossen, ohne eigenmächtiges Handeln hier um Hilfe zu bitten. Sobald ich weiß, welche Logs ich posten soll, werde ich das sofort nachholen. Grüße, Sinan [edit] Achja, nach dem Neustart war eingestellt, dass Erweiterungen bei bekannten Dateitypen ausgeblendet werden. Normal habe ich immer alle Dateiendungen an! Hier schon mal die Logs von OTL. OTL.txt Code:
ATTFilter OTL logfile created on: 31.07.2012 02:29:59 - Run 2 OTL by OldTimer - Version 3.2.55.0 Folder = D:\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,17 Gb Available Physical Memory | 77,33% Memory free 15,97 Gb Paging File | 13,91 Gb Available in Paging File | 87,10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,14 Gb Total Space | 31,82 Gb Free Space | 26,70% Space Free | Partition Type: NTFS Drive D: | 298,09 Gb Total Space | 278,63 Gb Free Space | 93,47% Space Free | Partition Type: NTFS Drive E: | 1863,01 Gb Total Space | 1566,38 Gb Free Space | 84,08% Space Free | Partition Type: NTFS Drive F: | 680,71 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: SINAN-PC | User Name: Sinan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Tools\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) PRC - C:\Users\Sinan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Users\Sinan\AppData\Local\Apps\2.0\WJ9XW3JD.Q96\OTJDQ9CX.66J\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe (AVM Berlin) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\ASUS Xonar DS Audio\Customapp\AsusAudioCenter.exe (CMedia) PRC - C:\Windows\SysWOW64\HsMgr.exe () ========== Modules (No Company Name) ========== MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\wx._core_.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\wx._controls_.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\windows._cacheinvalidation.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\wx._windows_.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\wx._gdi_.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\wx._misc_.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\_ssl.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\unicodedata.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\pysqlite2._sqlite.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\pythoncom26.dll () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\_hashlib.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\win32com.shell.shell.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\pyexpat.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\wx._wizard.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\win32file.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\pywintypes26.dll () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\win32api.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\_elementtree.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\_ctypes.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\wx._html2.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\_socket.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\win32inet.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\win32process.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\win32pdh.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\win32event.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\win32crypt.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\select.pyd () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c764ad83cd3287fc59a3dc02e08ad1ea\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Users\Sinan\AppData\Local\Apps\2.0\WJ9XW3JD.Q96\OTJDQ9CX.66J\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\managedupnp.DLL () MOD - C:\Programme\ASUS Xonar DS Audio\Customapp\VmixP8.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll () MOD - C:\Windows\SysWOW64\HsMgr.exe () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (avmaudio) -- C:\Windows\SysNative\drivers\avmaudio.sys (AVM Berlin) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc) DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (cmudaxp) -- C:\Windows\SysNative\drivers\cmudaxp.sys (C-Media Inc) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 00 F5 10 6B FC CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.youtube.com" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Tools\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sinan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sinan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Sinan\AppData\Local\Facebook\Messenger\2.1.4590.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.04.10 23:46:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 12:48:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.26 16:48:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.04.10 23:46:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 12:48:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.26 16:48:07 | 000,000,000 | ---D | M] [2012.03.06 14:00:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sinan\AppData\Roaming\mozilla\Extensions [2012.05.02 12:59:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sinan\AppData\Roaming\mozilla\Firefox\Profiles\pdp3sgpr.default\extensions [2012.05.04 10:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.05.04 10:15:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.07.18 12:48:25 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.04.27 10:00:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.27 10:00:13 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.27 10:00:13 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.27 10:00:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.27 10:00:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.27 10:00:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.de/ig CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - homepage: hxxp://www.google.de/ig CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Sinan\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sinan\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sinan\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Tools\VLC\npvlc.dll CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Sinan\AppData\Local\Facebook\Messenger\2.0.4478.0\npFbDesktopPlugin.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll CHR - Extension: Brushed = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg\1.0_0\ CHR - Extension: YouTube = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Tampermonkey = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\2.5.29_0\ CHR - Extension: Usability Boost for Google Plus\u2122 = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkcppcocablbakkaboahjmljpodddkcp\1.6_0\ CHR - Extension: FB Photo Zoom = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1206.11.1_0\ CHR - Extension: Vanilla Cookie Manager = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gieohaicffldbmiilohhggbidhephnjj\1.2.0_0\ CHR - Extension: AdBlock = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.38_0\ CHR - Extension: Downloads = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb\1_0\ CHR - Extension: Beautify G+ = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbkpajolelcpmhkbcnmoaafpmfkepohl\0.1.1_0\ CHR - Extension: +1 Button - Plus One Button = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmonhedbcpagbphilnoajiencllnpoii\0.3.0_0\ CHR - Extension: Google Mail-Checker = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\ CHR - Extension: Google Mail = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.03.08 23:21:51 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: <-- habe das mal zensiert, enthält nur einen Eintrag, der seit Ewigkeiten drin ist und daher nicht von Belang --> O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation) O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe () O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe () O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [WinampAgent] C:\Tools\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\Sinan\AppData\Local\Apps\2.0\WJ9XW3JD.Q96\OTJDQ9CX.66J\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [Dxtory Update Checker 2.0] C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe (Dxtory Software) O4 - HKCU..\Run: [Facebook Update] C:\Users\Sinan\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) O4 - Startup: C:\Users\Sinan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sinan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Sinan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Sinan\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe (Facebook) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50FF9B21-0184-40E3-A709-7E97749BB03D}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2000.12.06 18:02:42 | 000,000,042 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{1430c240-68b3-11e1-99ad-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1430c240-68b3-11e1-99ad-806e6f6e6963}\Shell\AutoRun\command - "" = F:\TOPSTART.EXE -- [1998.07.06 15:47:10 | 000,214,528 | R--- | M] (TopWare) O33 - MountPoints2\{7fa84bd2-9112-11e1-ac52-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{7fa84bd2-9112-11e1-ac52-806e6f6e6963}\Shell\AutoRun\command - "" = F:\TOPSTART.EXE -- [1998.07.06 15:47:10 | 000,214,528 | R--- | M] (TopWare) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.31 01:29:52 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\Google Inc [2012.07.31 01:00:26 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\Malwarebytes [2012.07.31 01:00:20 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.31 01:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.31 00:06:04 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA% [2012.07.31 00:01:25 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\Help [2012.07.30 23:57:17 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\TeamViewer [2012.07.27 11:24:32 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook [2012.07.26 16:48:07 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in [2012.07.26 16:48:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2012.07.26 16:48:03 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\Winamp [2012.07.26 15:29:59 | 000,000,000 | ---D | C] -- C:\Users\Sinan\Desktop\minecraft [2012.07.20 13:11:59 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.07.19 19:05:11 | 000,000,000 | --SD | C] -- C:\Users\Sinan\Google Drive [2012.07.19 19:03:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive [2012.07.17 18:19:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2012.07.17 18:19:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012.07.13 18:15:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2012.07.13 18:15:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2012.07.11 20:03:50 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse [2012.07.11 20:02:57 | 000,000,000 | ---D | C] -- C:\Users\Sinan\Documents\My Curse [2012.07.09 23:20:32 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\.minecraft [2012.07.05 20:49:26 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.07.05 20:46:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2012.07.05 20:46:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.07.05 20:46:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2012.07.05 20:46:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2012.07.05 20:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012.07.05 20:46:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2012.07.05 20:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2012.07.05 13:01:48 | 000,000,000 | ---D | C] -- C:\Users\Sinan\SimpleJavaYoutubeUploader ========== Files - Modified Within 30 Days ========== [2012.07.31 02:27:24 | 000,017,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.31 02:27:24 | 000,017,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.31 02:26:18 | 001,612,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.31 02:26:18 | 000,698,514 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.31 02:26:18 | 000,652,496 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.31 02:26:18 | 000,148,570 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.31 02:26:18 | 000,121,428 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.31 02:22:01 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2549378726-1747224767-639920088-1000UA.job [2012.07.31 02:20:02 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.31 02:19:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.31 02:13:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.31 01:36:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2549378726-1747224767-639920088-1000UA.job [2012.07.31 01:36:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2549378726-1747224767-639920088-1000Core.job [2012.07.31 01:00:20 | 000,000,719 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.30 23:22:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2549378726-1747224767-639920088-1000Core.job [2012.07.30 16:08:55 | 000,381,928 | ---- | M] () -- C:\Users\Sinan\Desktop\items.png [2012.07.29 18:55:00 | 000,000,724 | ---- | M] () -- C:\Users\Sinan\Desktop\World of Warcraft.lnk [2012.07.29 17:26:48 | 000,001,126 | ---- | M] () -- C:\Users\Sinan\Desktop\Minecraft.lnk [2012.07.28 23:07:35 | 000,096,199 | ---- | M] () -- C:\Users\Sinan\Desktop\steamspieleahoi.png [2012.07.27 11:24:32 | 000,001,336 | ---- | M] () -- C:\Users\Sinan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2012.07.26 16:48:07 | 000,000,687 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk [2012.07.22 18:27:25 | 000,000,722 | ---- | M] () -- C:\Users\Public\Desktop\So Blonde.lnk [2012.07.20 15:43:15 | 000,001,556 | ---- | M] () -- C:\Users\Sinan\Desktop\Spiele.lnk [2012.07.18 16:43:48 | 000,001,355 | ---- | M] () -- C:\Users\Sinan\Desktop\Simple Java Youtube Uploader.lnk [2012.07.17 18:21:48 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.07.17 18:21:26 | 000,298,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.07.17 18:21:26 | 000,298,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.07.17 18:19:31 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.07.17 16:28:37 | 000,001,345 | ---- | M] () -- C:\Users\Sinan\Desktop\Vorlagen.lnk [2012.07.15 02:02:56 | 003,130,440 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_blr.exe [2012.07.13 18:15:32 | 000,000,697 | ---- | M] () -- C:\Users\Sinan\Desktop\Steam.lnk [2012.07.11 20:03:50 | 000,000,318 | ---- | M] () -- C:\Users\Sinan\Desktop\Curse Client.appref-ms [2012.07.11 15:54:23 | 004,832,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012.07.31 01:00:20 | 000,000,719 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.31 00:02:19 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{29faad88-d494-32dc-20cb-b161cbd02f3f}\U\00000001.@ [2012.07.30 15:50:20 | 000,381,928 | ---- | C] () -- C:\Users\Sinan\Desktop\items.png [2012.07.29 17:26:23 | 000,001,126 | ---- | C] () -- C:\Users\Sinan\Desktop\Minecraft.lnk [2012.07.28 23:05:29 | 000,096,199 | ---- | C] () -- C:\Users\Sinan\Desktop\steamspieleahoi.png [2012.07.26 16:48:07 | 000,000,687 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk [2012.07.22 18:27:25 | 000,000,722 | ---- | C] () -- C:\Users\Public\Desktop\So Blonde.lnk [2012.07.20 15:43:15 | 000,001,556 | ---- | C] () -- C:\Users\Sinan\Desktop\Spiele.lnk [2012.07.17 18:19:23 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe [2012.07.17 16:28:37 | 000,001,345 | ---- | C] () -- C:\Users\Sinan\Desktop\Vorlagen.lnk [2012.07.13 18:15:32 | 000,000,697 | ---- | C] () -- C:\Users\Sinan\Desktop\Steam.lnk [2012.07.11 20:03:50 | 000,000,318 | ---- | C] () -- C:\Users\Sinan\Desktop\Curse Client.appref-ms [2012.07.05 13:01:39 | 000,001,355 | ---- | C] () -- C:\Users\Sinan\Desktop\Simple Java Youtube Uploader.lnk [2012.05.10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.04.18 11:18:37 | 000,007,624 | ---- | C] () -- C:\Users\Sinan\AppData\Local\Resmon.ResmonCfg [2012.04.10 23:44:28 | 000,245,592 | ---- | C] () -- C:\Windows\hpoins19.dat [2012.04.10 23:44:28 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat [2012.03.08 14:33:22 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe [2012.03.08 14:33:22 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll [2012.03.08 14:33:22 | 000,001,990 | ---- | C] () -- C:\Windows\unins000.dat [2012.03.07 15:42:40 | 001,593,186 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.06 13:17:50 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{29faad88-d494-32dc-20cb-b161cbd02f3f}\@ [2012.03.06 13:17:50 | 000,002,048 | -HS- | C] () -- C:\Users\Sinan\AppData\Local\{29faad88-d494-32dc-20cb-b161cbd02f3f}\@ [2012.03.05 22:26:55 | 000,298,016 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.03.05 22:26:55 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.03.05 19:21:55 | 000,000,079 | ---- | C] () -- C:\Users\Sinan\AppData\Local\CrystalDiskMark30.ini [2012.03.05 18:57:47 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe [2012.03.05 18:57:47 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll [2012.03.05 18:57:47 | 000,042,457 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl [2012.03.05 18:57:47 | 000,000,048 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini [2012.03.05 18:57:45 | 000,000,892 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi [2012.03.05 18:57:43 | 000,004,969 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg [2012.03.05 18:57:43 | 000,000,516 | ---- | C] () -- C:\Windows\cmudaxp.ini [2012.03.05 17:49:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.03.22 01:23:54 | 000,007,250 | ---- | C] () -- C:\Windows\SysWow64\dfscacm.dll [2011.03.22 01:23:52 | 000,006,223 | ---- | C] () -- C:\Windows\SysWow64\dfsc.dll ========== LOP Check ========== [2012.07.30 22:52:38 | 000,000,000 | ---D | M] -- C:\Users\Sinan\AppData\Roaming\.minecraft [2012.03.05 18:57:54 | 000,000,000 | ---D | M] -- C:\Users\Sinan\AppData\Roaming\ASUS [2012.07.30 23:28:51 | 000,000,000 | ---D | M] -- C:\Users\Sinan\AppData\Roaming\Audacity [2012.04.23 23:03:11 | 000,000,000 | ---D | M] -- C:\Users\Sinan\AppData\Roaming\benibela [2012.03.08 02:43:06 | 000,000,000 | ---D | M] -- C:\Users\Sinan\AppData\Roaming\DAEMON Tools Lite [2012.07.31 02:20:16 | 000,000,000 | ---D | M] -- C:\Users\Sinan\AppData\Roaming\Dropbox [2012.07.27 02:42:05 | 000,000,000 | ---D | M] -- C:\Users\Sinan\AppData\Roaming\FileZilla [2012.03.08 22:46:32 | 000,000,000 | ---D | M] -- C:\Users\Sinan\AppData\Roaming\Leadertech [2012.03.08 01:20:18 | 000,000,000 | ---D | M] -- C:\Users\Sinan\AppData\Roaming\mkvtoolnix [2012.03.31 15:20:20 | 000,000,000 | ---D | M] -- C:\Users\Sinan\AppData\Roaming\Notepad++ [2012.03.07 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\Sinan\AppData\Roaming\Opera [2012.03.05 19:49:31 | 000,000,000 | ---D | M] -- C:\Users\Sinan\AppData\Roaming\Origin [2012.03.08 23:25:54 | 000,000,000 | ---D | M] -- C:\Users\Sinan\AppData\Roaming\PACE Anti-Piracy [2012.07.20 13:11:59 | 000,000,000 | ---D | M] -- C:\Users\Sinan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.07.31 01:20:53 | 000,000,000 | ---D | M] -- C:\Users\Sinan\AppData\Roaming\TeamViewer [2012.07.30 23:22:00 | 000,001,116 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2549378726-1747224767-639920088-1000Core.job [2012.07.31 02:22:01 | 000,001,138 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2549378726-1747224767-639920088-1000UA.job [2012.07.30 10:50:54 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 1061 bytes -> C:\Users\Sinan\AppData\Local\Temp:XZiEAUssdNqAq02mkh9H5N < End of report > Code:
ATTFilter OTL Extras logfile created on: 31.07.2012 01:19:11 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = D:\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 5,82 Gb Available Physical Memory | 72,95% Memory free
15,97 Gb Paging File | 13,29 Gb Available in Paging File | 83,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 31,75 Gb Free Space | 26,65% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 274,10 Gb Free Space | 91,95% Space Free | Partition Type: NTFS
Drive E: | 1863,01 Gb Total Space | 1502,05 Gb Free Space | 80,62% Space Free | Partition Type: NTFS
Drive F: | 680,71 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: SINAN-PC | User Name: Sinan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}" = AMD Catalyst Install Manager
"{1111706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 (64-bit)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2222706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 SDK (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema 1.6.0.4014 x64
"{42A2440F-7A5D-6956-3EF0-815814399EAA}" = AMD Accelerated Video Transcoding
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4E021D2A-16ED-4FFF-87CB-774F4F62A1A1}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{572788F2-0AB7-FA0E-6E91-B98044F4B7E6}" = AMD Media Foundation Decoders
"{64A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java(TM) SE Development Kit 7 Update 3 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{82EE86D9-60B9-1025-9960-97E9B7C7B4B4}" = AMD Drag and Drop Transcoding
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64)
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3336-2788-8051-8215" = Simple Java Youtube Uploader 2.0 RC 1.3
"C-Media Oxygen HD Audio Driver" = ASUS Xonar DS Audio Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"sp6" = Logitech SetPoint 6.32
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0497EAED-70DA-4BBE-BEB3-AF77FD8788EA}" = Adobe Premiere Pro CS5.5
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{14DDF23F-414A-46DB-4762-56569080292C}" = CCC Help Russian
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F6A1825-474F-4124-9016-1168471D847B}" = Google Drive
"{21D6A73A-48E6-2195-C408-2158273A914E}" = Catalyst Control Center Localization All
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2596DB11-997F-FC5B-F5C2-737623D9D8B6}" = Catalyst Control Center
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28904D9A-13A6-ECA2-48D8-21542759D998}" = CCC Help Polish
"{2C8BBDA6-79A7-B2DE-3E5B-287E7F667C67}" = CCC Help Danish
"{2E119961-E99B-C147-9AC3-A93683172DC1}" = CCC Help Swedish
"{2E87F4AB-99BF-421C-AF7B-365A9C08549A}" = F300
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{44ED90A1-453B-5C9A-D9ED-80D8AB0258B8}" = CCC Help Thai
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45E00595-897E-64B6-28F9-5D0927EBA4A5}" = CCC Help Chinese Standard
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{46DE5F4E-BA8B-AC9E-0EED-05B7D93AD215}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{5B04E832-4530-B8FF-F742-8BE25ADD43BD}" = CCC Help German
"{5D58EACA-0317-4CFF-9E13-53CCD525DE32}" = Catalyst Control Center InstallProxy
"{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help
"{5ED93D68-5EAA-9343-9B74-B1E276217264}" = CCC Help Dutch
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D185295-DE89-9C39-18E6-310C148836EB}" = CCC Help Chinese Traditional
"{71A8F958-D272-E262-7C9A-7B8F713EE0C3}" = CCC Help French
"{7513D3F0-55BC-273C-7A53-488394EDBFCC}" = CCC Help Italian
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{79AA9BFA-F962-A1E9-71CE-D0887A92444C}" = CCC Help Portuguese
"{7ACEF1BF-9306-5AD7-5F30-ECE72A81E924}" = CCC Help Finnish
"{7BB5E925-A3DD-48C2-9A82-017AF5982FFE}" = Facebook Messenger 2.1.4590.0
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9C1EC871-05B9-03B7-96F6-9BD5C0D8F41D}" = Catalyst Control Center Graphics Previews Common
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C4129D57-5C83-3BF0-A11A-3798C008C6C7}" = CCC Help Greek
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D0BC4101-6C30-ECFF-F693-63408134F29B}" = CCC Help Czech
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2402DAD-B180-A4A0-261D-4A8933BFBFEE}" = CCC Help Japanese
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA7E8D81-2B14-415B-8FC5-02CE4CF9F839}" = CCC Help Hungarian
"{DB3FBD3C-A061-34C9-0A2B-6CCDD8C96640}" = CCC Help Turkish
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E086E914-2928-48F9-364B-0C715DFF6A45}" = CCC Help Korean
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E8F30BD6-ABAB-C24E-E9A7-BF67EB96152C}" = CCC Help Norwegian
"{E9A5B6CD-7ABB-F295-2E11-F25BC322FF80}" = CCC Help English
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.27)
"{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Aspell German Dictionary_is1" = Aspell German Dictionary-0.50-2
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"AviSynth" = AviSynth 2.5
"Battlelog Web Plugins" = Battlelog Web Plugins
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"DAEMON Tools Lite" = DAEMON Tools Lite
"DebugMode FrameServer" = DebugMode FrameServer
"Diablo III" = Diablo III
"Dxtory2.0_is1" = Dxtory version 2.0.117
"ESN Sonar-0.70.4" = ESN Sonar
"FileZilla Client" = FileZilla Client 3.5.3
"Fraps" = Fraps (remove only)
"GNU Aspell_is1" = GNU Aspell 0.50-3
"HaaliMkx" = Haali Media Splitter
"Jagged Alliance 2" = Jagged Alliance 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"Opera 12.00.1467" = Opera 12.00
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"So Blonde" = So Blonde
"SpeedFan" = SpeedFan (remove only)
"TexMakerX_is1" = TexMakerX 2.1
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client
"Dropbox" = Dropbox
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.07.2012 16:44:13 | Computer Name = Sinan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_265.exe,
Version: 11.3.300.265, Zeitstempel: 0x4febd5ac Name des fehlerhaften Moduls: NPSWF32_11_3_300_265.dll,
Version: 11.3.300.265, Zeitstempel: 0x4febd798 Ausnahmecode: 0xc0000005 Fehleroffset:
0x001d1e33 ID des fehlerhaften Prozesses: 0x1894 Startzeit der fehlerhaften Anwendung:
0x01cd69095759bc33 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
Berichtskennung:
28c2d888-d507-11e1-816b-50e5493056f6
Error - 25.07.2012 07:39:16 | Computer Name = Sinan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_265.exe,
Version: 11.3.300.265, Zeitstempel: 0x4febd5ac Name des fehlerhaften Moduls: NPSWF32_11_3_300_265.dll,
Version: 11.3.300.265, Zeitstempel: 0x4febd798 Ausnahmecode: 0xc0000005 Fehleroffset:
0x001d1e33 ID des fehlerhaften Prozesses: 0x770 Startzeit der fehlerhaften Anwendung:
0x01cd6a522a8658ff Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
Berichtskennung:
5cc657da-d64d-11e1-991b-50e5493056f6
Error - 25.07.2012 19:13:33 | Computer Name = Sinan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_265.exe,
Version: 11.3.300.265, Zeitstempel: 0x4febd5ac Name des fehlerhaften Moduls: NPSWF32_11_3_300_265.dll,
Version: 11.3.300.265, Zeitstempel: 0x4febd798 Ausnahmecode: 0xc0000005 Fehleroffset:
0x001d1e33 ID des fehlerhaften Prozesses: 0x8c0 Startzeit der fehlerhaften Anwendung:
0x01cd6ab0e3c4ed48 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
Berichtskennung:
5a25bf92-d6ae-11e1-991b-50e5493056f6
Error - 26.07.2012 11:52:43 | Computer Name = Sinan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_265.exe,
Version: 11.3.300.265, Zeitstempel: 0x4febd5ac Name des fehlerhaften Moduls: NPSWF32_11_3_300_265.dll,
Version: 11.3.300.265, Zeitstempel: 0x4febd798 Ausnahmecode: 0xc0000005 Fehleroffset:
0x001d1e33 ID des fehlerhaften Prozesses: 0x528 Startzeit der fehlerhaften Anwendung:
0x01cd6b43d11c7d02 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
Berichtskennung:
ef6efe73-d739-11e1-8fe6-50e5493056f6
Error - 28.07.2012 10:24:15 | Computer Name = Sinan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_265.exe,
Version: 11.3.300.265, Zeitstempel: 0x4febd5ac Name des fehlerhaften Moduls: NPSWF32_11_3_300_265.dll,
Version: 11.3.300.265, Zeitstempel: 0x4febd798 Ausnahmecode: 0xc0000005 Fehleroffset:
0x004923d1 ID des fehlerhaften Prozesses: 0x178c Startzeit der fehlerhaften Anwendung:
0x01cd6cc802beb9e3 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
Berichtskennung:
e85fedbe-d8bf-11e1-8819-50e5493056f6
Error - 28.07.2012 15:09:15 | Computer Name = Sinan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_265.exe,
Version: 11.3.300.265, Zeitstempel: 0x4febd5ac Name des fehlerhaften Moduls: NPSWF32_11_3_300_265.dll,
Version: 11.3.300.265, Zeitstempel: 0x4febd798 Ausnahmecode: 0xc0000005 Fehleroffset:
0x001d1e33 ID des fehlerhaften Prozesses: 0x1620 Startzeit der fehlerhaften Anwendung:
0x01cd6cccb03ea9bb Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
Berichtskennung:
b878743e-d8e7-11e1-8819-50e5493056f6
Error - 29.07.2012 16:44:43 | Computer Name = Sinan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ja2.exe, Version: 1.0.0.1, Zeitstempel:
0x37de9b6b Name des fehlerhaften Moduls: DxtoryCore.dll, Version: 2.0.0.117, Zeitstempel:
0x4fd852bb Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003cd79 ID des fehlerhaften Prozesses:
0x198c Startzeit der fehlerhaften Anwendung: 0x01cd6dcaec88b37e Pfad der fehlerhaften
Anwendung: C:\Games\Jagged Alliance 2\ja2.exe Pfad des fehlerhaften Moduls: C:\Program
Files (x86)\Dxtory Software\Dxtory2.0\DxtoryCore.dll Berichtskennung: 390dab4e-d9be-11e1-89d3-50e5493056f6
Error - 30.07.2012 18:37:49 | Computer Name = Sinan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 20.0.1132.57,
Zeitstempel: 0x4ffb8830 Name des fehlerhaften Moduls: chrome.dll, Version: 20.0.1132.57,
Zeitstempel: 0x4ffb87b1 Ausnahmecode: 0x80000003 Fehleroffset: 0x005477e0 ID des fehlerhaften
Prozesses: 0x20c8 Startzeit der fehlerhaften Anwendung: 0x01cd6ea3f1838022 Pfad der
fehlerhaften Anwendung: C:\Users\Sinan\AppData\Local\Google\Chrome\Application\chrome.exe
Pfad
des fehlerhaften Moduls: C:\Users\Sinan\AppData\Local\Google\Chrome\Application\20.0.1132.57\chrome.dll
Berichtskennung:
304fa224-da97-11e1-88ce-50e5493056f6
Error - 30.07.2012 18:48:54 | Computer Name = Sinan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000633722b000
ID
des fehlerhaften Prozesses: 0x1a10 Startzeit der fehlerhaften Anwendung: 0x01cd6ea55c312561
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: bcfeb174-da98-11e1-88ce-50e5493056f6
Error - 30.07.2012 18:51:49 | Computer Name = Sinan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000633722b000
ID
des fehlerhaften Prozesses: 0x1df8 Startzeit der fehlerhaften Anwendung: 0x01cd6ea5ca27f236
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 24fb95e1-da99-11e1-88ce-50e5493056f6
[ System Events ]
Error - 15.05.2012 15:29:18 | Computer Name = Sinan-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 21.05.2012 07:43:09 | Computer Name = Sinan-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 08.06.2012 08:00:27 | Computer Name = Sinan-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 25.06.2012 09:45:23 | Computer Name = Sinan-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 29.06.2012 06:31:14 | Computer Name = Sinan-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?06.?2012 um 12:29:45 unerwartet heruntergefahren.
Error - 02.07.2012 12:49:24 | Computer Name = Sinan-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?02.?07.?2012 um 18:39:30 unerwartet heruntergefahren.
Error - 03.07.2012 12:48:29 | Computer Name = Sinan-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?03.?07.?2012 um 18:46:17 unerwartet heruntergefahren.
Error - 13.07.2012 12:17:42 | Computer Name = Sinan-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 13.07.2012 12:17:42 | Computer Name = Sinan-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 26.07.2012 18:24:51 | Computer Name = Sinan-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?07.?2012 um 00:23:56 unerwartet heruntergefahren.
< End of report >
Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.30.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Sinan :: SINAN-PC [Administrator] 31.07.2012 01:01:20 mbam-log-2012-07-31 (01-01-20).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 191987 Laufzeit: 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|LicenseValidator (Exploit.Drop.COD) -> Daten: C:\Users\Sinan\AppData\Roaming\Dropbox\{B1C8C9FC-B824-4FCF-9959-9B6D84C69847}\LicenseValidator.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Sinan\AppData\Roaming\Dropbox\{B1C8C9FC-B824-4FCF-9959-9B6D84C69847}\LicenseValidator.exe (Exploit.Drop.COD) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.30.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Sinan :: SINAN-PC [Administrator] 31.07.2012 01:17:50 mbam-log-2012-07-31 (01-17-50).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 191522 Laufzeit: 25 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|LicenseValidator (Exploit.Drop.COD) -> Daten: C:\Users\Sinan\AppData\Roaming\Identities\{498E1ACA-1FDE-4458-BE3B-B8A801B0BE6B}\LicenseValidator.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Sinan\AppData\Roaming\Identities\{498E1ACA-1FDE-4458-BE3B-B8A801B0BE6B}\LicenseValidator.exe (Exploit.Drop.COD) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.30.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Sinan :: SINAN-PC [Administrator] 31.07.2012 01:21:10 mbam-log-2012-07-31 (01-21-10).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 191869 Laufzeit: 26 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|UpgradeChecker (Exploit.Drop.COD) -> Daten: C:\Users\Sinan\AppData\Roaming\TeamViewer\{FDE2AA4E-68BD-4B0B-ADBD-A06F41FF7FAD}\UpgradeChecker.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Sinan\AppData\Roaming\TeamViewer\{FDE2AA4E-68BD-4B0B-ADBD-A06F41FF7FAD}\UpgradeChecker.exe (Exploit.Drop.COD) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.30.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Sinan :: SINAN-PC [Administrator] 31.07.2012 01:29:57 mbam-log-2012-07-31 (01-29-57).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 191524 Laufzeit: 26 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Sinan\AppData\Roaming\Google Inc\{8FB79A28-93D1-4A4D-A005-10F02EDFCDF1}\UpgradeChecker.exe (Exploit.Drop.COD) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Vielen Dank im Voraus! Geändert von Sinan (31.07.2012 um 02:05 Uhr) |
| Themen zu LicenseValidator.exe/UpdateChecker.exe, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 |
| adblock, antivir, avira, avira antivir, c:\windows, dateien, erweiterungen, exploit.drop.cod, fb photo zoom, firefox, forum, google, install.exe, langs, launch, löschen, mbam, musik, neues, neustart, nichts, officejet, ordner, plug-in, starten, taskmanager, tr/atraps.gen, tr/atraps.gen und tr/atraps.gen2, unbekannte, update, upload, version, verursacht, windows |
Baum-Darstellung