| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GUV mit malwarebytes entfernt, probs mit OTLWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.01.2013, 21:22
| #1 | |
| |  GUV mit malwarebytes entfernt, probs mit OTL hallo zusammen, habe heute nachmittag auch dieses netten GUV trojaner auf meinem rechner. nach erster google suche habe ich wie bei chip empfohlen mein system mit kaspersky windowsunlocker, ganz brav so wie´s dort beschrieben wurde, "bearbeitet" ... zwecklos wie sich dann beim reboot leider zeigte. nächster schritt: hijackthis --> KEINE (???) funde !!! dann bin ich hier zu euch gestoßen bin ich wie in diesem beitrag beschrieben vorgegangen. - scan mit malewarebytes Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.09.07 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 TeK :: RAVER [Administrator] 09.01.2013 19:16:43 mbam-log-2013-01-09 (19-16-43).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 384286 Laufzeit: 27 Minute(n), 23 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 6 C:\Users\TeK\wgsdgsdgdsgsd.dll (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\c7d81c-39db0f69 (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\dsgsdgdsgdsgw.bat (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\dsgsdgdsgdsgw.reg (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\TeK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) da ich aber auch wissen möchte ob da noch irgendwas schädliches übrig geblieben ist habe ich die boardsuche benutzt beiträge durchgelesen und wollte dann mit der OTL geschichte weitermachen. OTL runtergeladen, auf den desktop kopiert (später auch direkt dort hin downloaden lassen) und als admin ausführen geklickt ... doch leider ... fehlermeldung !! : Zitat:
wär nett wenn mir jemand von euch hilft ! gruß und danke TeK so, das OTL problem habe ich dann doch lösen können ... habe wohl eine "falsche" OTL.exe runtergeladen  ... als nächstes den pc wie hier geschrieben gescannt und dann folgende *.txt bekommen [CODE=extra.txt]OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 09.01.2013 22:03:36 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\TeK\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 5,96 Gb Available Physical Memory | 74,68% Memory free
15,96 Gb Paging File | 13,84 Gb Available in Paging File | 86,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 139,64 Gb Total Space | 106,13 Gb Free Space | 76,01% Space Free | Partition Type: NTFS
Drive D: | 99,99 Gb Total Space | 72,52 Gb Free Space | 72,52% Space Free | Partition Type: NTFS
Drive E: | 1763,02 Gb Total Space | 1239,88 Gb Free Space | 70,33% Space Free | Partition Type: NTFS
Drive V: | 49,98 Gb Total Space | 46,86 Gb Free Space | 93,75% Space Free | Partition Type: NTFS
Drive W: | 861,52 Gb Total Space | 216,84 Gb Free Space | 25,17% Space Free | Partition Type: NTFS
Computer Name: RAVER | User Name: TeK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{034EE121-1587-4C36-A8AD-F901B073EEAA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0542AD5E-6CDC-475F-8978-EDC90D243105}" = rport=445 | protocol=6 | dir=out | app=system |
"{091D2096-8705-4A1C-BAA0-395D3530A116}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1A6DD1A8-307D-4EB0-8BCC-E7DD8F3B7D21}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{29F0C550-9A04-4F8A-9FA3-1E3B4C0605EF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{37FF9C1F-C17A-4B1F-8832-C4D3061C575D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{384E4578-2D88-49AC-B23B-ED5562E2B400}" = lport=445 | protocol=6 | dir=in | app=system |
"{3F06876D-86AE-4728-8891-EF17C9B6EE9C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{41F4B6A4-172F-43F9-A24F-8FFD38F3855B}" = rport=139 | protocol=6 | dir=out | app=system |
"{42D3DE2E-A4F8-45CB-B297-767BC2AE6932}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4502B09B-4FEB-469A-9664-34ED68225C62}" = lport=139 | protocol=6 | dir=in | app=system |
"{50284C71-9C3A-44FA-8354-335890C20719}" = lport=137 | protocol=17 | dir=in | app=system |
"{5AAEA8A1-4205-484C-BB8B-CA7088C9936A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7E1A44B1-F2D3-441D-824A-EED0014DC481}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{92174A74-66EF-4A30-A444-1A52AF6A057D}" = lport=138 | protocol=17 | dir=in | app=system |
"{A6FDC3D3-A1DD-463C-8EA5-36A00971E423}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AB3E9173-3AF1-427D-B4DD-823C0A48CE91}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{AE18D5C2-478F-465D-BAEA-D5B3ABF13E8A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B4F975C5-2596-4EDF-BAEA-8EE94FFEAB82}" = rport=138 | protocol=17 | dir=out | app=system |
"{B6A949E0-3713-4F57-AC4D-3E48427A0B49}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BE1B15F7-947D-4AE6-9977-FC8175C1DE94}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C019EA3C-9B98-4451-BF8A-077947C800EE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D007A082-EAB6-4E79-AAC4-AB04D1936F40}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D77B4113-426A-49DB-99EA-2607C57FA5C3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D8137DDA-3683-4BAF-9F9A-784657999803}" = rport=137 | protocol=17 | dir=out | app=system |
"{ED58E487-E076-4CFC-BA2A-1AA4C8D09305}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EFAEFB0C-C55F-4FB2-923E-45AFB94B71AC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F2D8354D-83C6-4D19-A4C2-FF921E916FAF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F2F7C6D8-34E3-4B1B-B229-54DF93AB7352}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F7A6A7B7-3E12-48C0-A1A9-2124D0A08931}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FC99B021-9EA3-4E45-B451-F733C4AA04C3}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0677844B-7CF0-44A0-8216-0A686631B18F}" = protocol=17 | dir=in | app=d:\-- games_install\farcry3\bin\fc3updater.exe |
"{1090B7DB-A310-4601-A6C7-9C775AD26790}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{281CDD1B-D59A-4A88-8D3F-5B282898BD5C}" = protocol=6 | dir=in | app=d:\-- games_install\farcry3\bin\farcry3.exe |
"{308689D0-44D7-4F9A-B2A7-8554B7E36DBC}" = protocol=17 | dir=in | app=d:\-- games_install\farcry3\bin\farcry3.exe |
"{38614B97-568D-46F9-9B51-695A32C168F5}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3C8CDE4E-8A33-48AA-BF9F-F6B29EA4330E}" = dir=out | app=e:\-- games\-- inst\anno.2070\anno5.exe |
"{3DD0C7C4-2B6A-47E2-A840-E4AAB2226145}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{46E84C19-3665-406B-98A7-929A95BED0C8}" = protocol=6 | dir=in | app=d:\-- games_install\farcry3\bin\fc3updater.exe |
"{4CB41533-4F6D-4FC5-A63F-1F74FC83D5E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{56CA292D-FE2D-4B02-93BB-8A0F6581AC88}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{5C02A69C-603F-48D4-88C7-0A1971739389}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5EBB350D-B02C-43FF-9CBA-75910FBED191}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5FDFB594-D512-4452-8AD4-09FEA3E721BC}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{6180A14D-3BF0-4232-B78F-0D47026B2BF3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{629D1A9B-F87A-4E58-8E6A-DC7741DC26A4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{67AFDBF4-35FB-447E-B344-0810A13A381A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{75A71157-7FF1-433C-8444-2C7A16F864EB}" = protocol=6 | dir=in | app=d:\-- games_install\farcry3\bin\fc3editor.exe |
"{8F8303D0-194E-480F-9A64-BE6160DE015F}" = protocol=17 | dir=in | app=d:\-- games_install\farcry3\bin\fc3editor.exe |
"{948DA2B2-A766-4E53-B66B-87A63BE8D708}" = protocol=17 | dir=in | app=d:\-- games_install\farcry3\bin\farcry3_d3d11.exe |
"{97614784-765B-43B5-9734-2CF602CA325A}" = protocol=17 | dir=in | app=e:\-- games\-- inst\may.payne.3\playmaxpayne3.exe |
"{9AB9493B-9192-4B1F-A206-EBF4DE2E0E48}" = protocol=6 | dir=out | app=system |
"{A418A42F-7F80-4BBB-83BD-E8482EF7729A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A73A8CEE-AB80-4546-BA2D-9C9B8359761D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AA8C7978-916D-41F4-9DE0-2BB1BBE16AD7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AF0D158C-EA0E-4701-889A-BAA127AC6C33}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B6D85D6D-1AD6-4AE2-A2B2-51D01AB35130}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BD2B0F73-6255-467F-9915-C25DC3A21D3F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C1818E76-E3C5-46F4-B907-EDB8302B26B2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D6C9A902-C0C7-4446-873D-AAF7D27C1B34}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DD3F9B4E-09AB-4C59-8051-90CCCD346712}" = protocol=6 | dir=in | app=d:\-- games_install\farcry3\bin\farcry3_d3d11.exe |
"{F2B079E0-0D6A-41DA-9F24-7B1CD9558234}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F3FC573E-BB26-4167-A0CD-EC74E3AAF324}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FCB96101-F966-4190-A573-E979A0AC49C8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FCE5C13D-5277-44A8-B928-341CA69E2891}" = protocol=6 | dir=in | app=e:\-- games\-- inst\may.payne.3\playmaxpayne3.exe |
"{FD1CC971-DC3A-479F-92FA-9BCEFD27C588}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"TCP Query User{1564BD5F-55E2-482E-82D0-0DA3DA92E920}E:\-- games\-- inst\may.payne.3\maxpayne3.exe" = protocol=6 | dir=in | app=e:\-- games\-- inst\may.payne.3\maxpayne3.exe |
"TCP Query User{185F5B51-F9A7-4D85-937F-74654DF1F300}E:\-- games\-- inst\need for speed the run\need for speed the run.exe" = protocol=6 | dir=in | app=e:\-- games\-- inst\need for speed the run\need for speed the run.exe |
"TCP Query User{193E20D9-6C6C-454E-BB37-8EC88066F3B8}D:\installierte_progs\trillian\trillian.exe" = protocol=6 | dir=in | app=d:\installierte_progs\trillian\trillian.exe |
"TCP Query User{52D3EAD4-30C0-4AFE-9ACA-1EA3D22D87CA}E:\-- games\-- inst\shift.2.-.unleashed\shift2u.exe" = protocol=6 | dir=in | app=e:\-- games\-- inst\shift.2.-.unleashed\shift2u.exe |
"TCP Query User{5689C29A-5BA5-41D6-8ACE-13D581398F87}D:\-- games_install\farcry.3\bin\farcry3_d3d11.exe" = protocol=6 | dir=in | app=d:\-- games_install\farcry.3\bin\farcry3_d3d11.exe |
"TCP Query User{A45F1996-E0D9-42EA-AAEB-2A33751CDBD1}D:\-- games_install\call.of.duty.-.black.ops.2\t6sp.exe" = protocol=6 | dir=in | app=d:\-- games_install\call.of.duty.-.black.ops.2\t6sp.exe |
"TCP Query User{BB3E3A42-65C5-46BF-B71C-EAD581C955F5}E:\-- games\-- inst\call of duty black ops ii\t6sp.exe" = protocol=6 | dir=in | app=e:\-- games\-- inst\call of duty black ops ii\t6sp.exe |
"TCP Query User{E6DFDCC5-6AF8-464F-B643-85A1CCCA3E11}D:\-- games_install\call.of.duty.-.black.ops.2\t6mp.exe" = protocol=6 | dir=in | app=d:\-- games_install\call.of.duty.-.black.ops.2\t6mp.exe |
"TCP Query User{EF871C87-2360-40FD-B6B9-786E5C4933E6}E:\-- games\-- inst\call of duty black ops\blackops.exe" = protocol=6 | dir=in | app=e:\-- games\-- inst\call of duty black ops\blackops.exe |
"TCP Query User{F2AE87D2-63E0-4486-B429-5A637B0A0BF1}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{21DC44AD-9B8C-42C5-94E7-96A1C0915D00}E:\-- games\-- inst\may.payne.3\maxpayne3.exe" = protocol=17 | dir=in | app=e:\-- games\-- inst\may.payne.3\maxpayne3.exe |
"UDP Query User{227BD34C-584E-4735-BB28-F67610D5F7F2}D:\installierte_progs\trillian\trillian.exe" = protocol=17 | dir=in | app=d:\installierte_progs\trillian\trillian.exe |
"UDP Query User{40263563-848F-446D-8A65-E72F130C0E54}D:\-- games_install\call.of.duty.-.black.ops.2\t6mp.exe" = protocol=17 | dir=in | app=d:\-- games_install\call.of.duty.-.black.ops.2\t6mp.exe |
"UDP Query User{9730E511-3C66-4366-B2C3-17C677657995}E:\-- games\-- inst\shift.2.-.unleashed\shift2u.exe" = protocol=17 | dir=in | app=e:\-- games\-- inst\shift.2.-.unleashed\shift2u.exe |
"UDP Query User{9ED323C5-6D59-4002-90D7-FD458217BF93}D:\-- games_install\farcry.3\bin\farcry3_d3d11.exe" = protocol=17 | dir=in | app=d:\-- games_install\farcry.3\bin\farcry3_d3d11.exe |
"UDP Query User{BFC046B1-C9A7-4B28-9672-906899411142}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{C145F9AF-F860-42A3-B1D9-4FAAEEA78321}E:\-- games\-- inst\need for speed the run\need for speed the run.exe" = protocol=17 | dir=in | app=e:\-- games\-- inst\need for speed the run\need for speed the run.exe |
"UDP Query User{C78E946B-E69B-4128-B84E-BA3EEF8313C7}E:\-- games\-- inst\call of duty black ops ii\t6sp.exe" = protocol=17 | dir=in | app=e:\-- games\-- inst\call of duty black ops ii\t6sp.exe |
"UDP Query User{D4561D08-4489-4FCF-928A-F49A65A4199A}D:\-- games_install\call.of.duty.-.black.ops.2\t6sp.exe" = protocol=17 | dir=in | app=d:\-- games_install\call.of.duty.-.black.ops.2\t6sp.exe |
"UDP Query User{EA6ED9D4-62FD-429B-861B-6F7F61CB8DFF}E:\-- games\-- inst\call of duty black ops\blackops.exe" = protocol=17 | dir=in | app=e:\-- games\-- inst\call of duty black ops\blackops.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = IB Updater 2.0.0.550
"{3850334B-82B7-4875-BEFD-CB91F2527565}" = 64 Bit HP CIO Components Installer
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{62140B07-129A-2BD0-81D2-2A1A7408ADC8}" = ATI Catalyst Install Manager
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"sp6" = Logitech SetPoint 6.51
"TeraCopy_is1" = TeraCopy 2.27
"VLC media player" = VLC media player 2.0.4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{05A6B1CD-AA10-46A0-8D5C-6AD2A9EEFC8B}" = Nero Burning ROM 11
"{0EFDE8F4-691D-4CB0-B4C1-0BD63B0907FF}" = IncrediMail
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{31B5B620-CA8A-4F99-A64E-7DDB3D1BBB69}_is1" = appleJuice Client
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{9013721D-0440-4CCF-81FC-D60DC138D412}" = Angry Birds Star Wars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A00F8237-F496-44D2-0001-E3CCF8CD58AE}" = Photomizer
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{a1f89c34-f061-447d-ac10-b5f1896a5923}" = C4380_Help
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B29051F5-5D7D-443e-ABE9-7CBB29EAC200}" = C4380
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C457BA5F-35F9-480C-90F8-5C91DB443A15}_is1" = Shutdown Manager
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E8C37E27-5205-4C8A-BECB-B00533045AAE}" = SHIFT 2 UNLEASHED™
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{FC279721-37A6-4777-AFD8-7A56681EBA14}" = PDF Experte 8 Ultimate
"3Planesoft Screensaver Manager_is1" = 3Planesoft Screensaver Manager 1.4
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced SystemCare 6_is1" = Advanced SystemCare 6
"Ashampoo MP3 AudioCenter" = Ashampoo MP3 AudioCenter
"Avira AntiVir Desktop" = Avira Free Antivirus
"CloneCD" = CloneCD
"DAEMON Tools Lite" = DAEMON Tools Lite
"FilesFrog Update Checker" = FilesFrog Update Checker
"Free Image Convert and Resize_is1" = Free Image Convert and Resize version 2.1.22.1212
"HelDecPack" = HelDecPack
"IncrediMail" = IncrediMail 2.0
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"PTBSync" = PTBSync (Atomuhr Synchronisation & Terminkalender)
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"Uplay" = Uplay
"White Christmas 3D Screensaver and Animated Wallpaper_is1" = White Christmas 3D Screensaver and Animated Wallpaper 1.0
"Winamp" = Winamp (nur entfernen)
"WinRAR archiver" = WinRAR
"XviD" = XviD MPEG-4 Codec
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06.01.2013 20:03:44 | Computer Name = Raver | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 06.01.2013 20:03:44 | Computer Name = Raver | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 06.01.2013 20:49:05 | Computer Name = Raver | Source = Application Hang | ID = 1002
Description = Programm vlc.exe, Version 2.0.4.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1230 Startzeit:
01cdec70c3bf4617 Endzeit: 5 Anwendungspfad: C:\Program Files\VideoLAN\VLC\vlc.exe
Berichts-ID:
075fdc22-5864-11e2-8d15-c8600057eb02
Error - 07.01.2013 01:08:53 | Computer Name = Raver | Source = WinMgmt | ID = 10
Description =
Error - 07.01.2013 01:11:23 | Computer Name = Raver | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 07.01.2013 01:11:23 | Computer Name = Raver | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 07.01.2013 01:11:23 | Computer Name = Raver | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 07.01.2013 04:07:55 | Computer Name = Raver | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 07.01.2013 04:07:55 | Computer Name = Raver | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 07.01.2013 04:07:55 | Computer Name = Raver | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
[ System Events ]
Error - 09.01.2013 15:02:55 | Computer Name = Raver | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.01.2013 15:02:55 | Computer Name = Raver | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.01.2013 15:05:03 | Computer Name = Raver | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.01.2013 15:05:03 | Computer Name = Raver | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.01.2013 15:05:03 | Computer Name = Raver | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.01.2013 15:10:03 | Computer Name = Raver | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.01.2013 15:10:03 | Computer Name = Raver | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.01.2013 15:10:03 | Computer Name = Raver | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.01.2013 15:14:27 | Computer Name = Raver | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht richtig gestartet.
Error - 09.01.2013 17:00:30 | Computer Name = Raver | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht richtig gestartet.
< End of report >
|
|
09.01.2013, 22:27
| #2 |
| | GUV mit malwarebytes entfernt, probs mit OTL und dann hier noch die
__________________[CODE=otl.txt]OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.01.2013 22:03:36 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\TeK\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 5,96 Gb Available Physical Memory | 74,68% Memory free 15,96 Gb Paging File | 13,84 Gb Available in Paging File | 86,71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 139,64 Gb Total Space | 106,13 Gb Free Space | 76,01% Space Free | Partition Type: NTFS Drive D: | 99,99 Gb Total Space | 72,52 Gb Free Space | 72,52% Space Free | Partition Type: NTFS Drive E: | 1763,02 Gb Total Space | 1239,88 Gb Free Space | 70,33% Space Free | Partition Type: NTFS Drive V: | 49,98 Gb Total Space | 46,86 Gb Free Space | 93,75% Space Free | Partition Type: NTFS Drive W: | 861,52 Gb Total Space | 216,84 Gb Free Space | 25,17% Space Free | Partition Type: NTFS Computer Name: RAVER | User Name: TeK | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.09 21:39:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TeK\Desktop\OTL.exe PRC - [2013.01.07 21:48:14 | 000,201,808 | ---- | M] (Somoto) -- C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe PRC - [2012.12.16 23:34:07 | 000,103,736 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe PRC - [2012.12.16 23:34:00 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.12.11 22:19:38 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.12.11 22:19:26 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.12.11 22:19:26 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.12.05 20:05:43 | 001,581,568 | ---- | M] (ElmüSoft) -- C:\Program Files (x86)\PTBSync\PTBSync.exe PRC - [2012.12.03 15:35:18 | 000,843,704 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012.12.03 15:35:12 | 000,309,688 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2012.12.03 15:35:10 | 000,967,608 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe PRC - [2012.11.20 15:09:00 | 000,188,760 | ---- | M] () -- C:\Programme\IB Updater\ExtensionUpdaterService.exe PRC - [2012.10.31 15:52:30 | 000,464,256 | ---- | M] (IObit) -- C:\Program Files (x86)\Advanced SystemCare 6\ASCService.exe PRC - [2012.10.02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe PRC - [2012.04.23 14:42:36 | 006,082,560 | ---- | M] (Visagesoft) -- C:\Program Files (x86)\PDF Experte 8 Ultimate\vspdfprsrv.exe ========== Modules (No Company Name) ========== MOD - [2013.01.09 21:57:15 | 018,524,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\818c1629889db7b4a7107a3dc1ba55ad\PresentationFramework.ni.dll MOD - [2013.01.09 21:57:05 | 010,914,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\1d4307e00c2e12cb39c51f61cc89007f\PresentationCore.ni.dll MOD - [2013.01.09 21:56:57 | 007,559,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\ece6e724cdfb1f23e19290197a1f7c72\System.Xml.ni.dll MOD - [2013.01.09 21:56:57 | 006,995,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\df42ec6538ae341f7fb48c54c17b980b\System.Core.ni.dll MOD - [2013.01.09 21:56:57 | 001,879,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\7eb2329e1ab0676867b03a74203b5544\System.Xaml.ni.dll MOD - [2013.01.09 21:56:56 | 003,905,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\78caba2b0b1fb9a32ca777215b5beb55\WindowsBase.ni.dll MOD - [2013.01.09 21:56:56 | 000,786,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\46d19039fc4ce87d36d1b2f9daad47c6\System.Runtime.Remoting.ni.dll MOD - [2013.01.09 21:56:52 | 000,958,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\08fb32af433eb5269c9412ed774c1826\System.Configuration.ni.dll MOD - [2013.01.09 21:56:52 | 000,220,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\7a9d8aa775173655e2ee775139651367\System.ServiceProcess.ni.dll MOD - [2013.01.09 21:56:51 | 009,927,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e6468ec204327effc167f978fbfe741c\System.ni.dll MOD - [2012.12.05 12:42:28 | 016,501,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\51e2934144ba15628ba5a31be2dae7dc\mscorlib.ni.dll MOD - [2012.04.11 19:06:12 | 000,517,120 | ---- | M] () -- C:\Program Files (x86)\PDF Experte 8 Ultimate\vspdfeditor160.bpl MOD - [2012.04.11 19:06:12 | 000,097,280 | ---- | M] () -- C:\Program Files (x86)\PDF Experte 8 Ultimate\expertpdfcore160.bpl MOD - [2012.04.11 19:06:10 | 004,680,704 | ---- | M] () -- C:\Program Files (x86)\PDF Experte 8 Ultimate\vspdfcore160.bpl MOD - [2012.04.11 19:06:08 | 002,478,080 | ---- | M] () -- C:\Program Files (x86)\PDF Experte 8 Ultimate\vsvector160.bpl MOD - [2012.04.11 19:06:08 | 000,064,512 | ---- | M] () -- C:\Program Files (x86)\PDF Experte 8 Ultimate\vsprinters160.bpl MOD - [2012.04.11 19:06:08 | 000,064,512 | ---- | M] () -- C:\Program Files (x86)\PDF Experte 8 Ultimate\vspdfprinter160.bpl MOD - [2012.04.11 19:06:06 | 000,087,552 | ---- | M] () -- C:\Program Files (x86)\PDF Experte 8 Ultimate\vspropsaver160.bpl MOD - [2012.04.11 19:06:04 | 002,693,120 | ---- | M] () -- C:\Program Files (x86)\PDF Experte 8 Ultimate\BBlite160.bpl MOD - [2012.04.11 19:06:04 | 002,253,824 | ---- | M] () -- C:\Program Files (x86)\PDF Experte 8 Ultimate\PKIECtrl160.bpl MOD - [2012.04.11 19:06:02 | 001,186,816 | ---- | M] () -- C:\Program Files (x86)\PDF Experte 8 Ultimate\TMSlite160.bpl MOD - [2012.02.23 15:11:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\PDF Experte 8 Ultimate\vstrees160.bpl MOD - [2011.09.30 18:10:22 | 000,684,032 | ---- | M] () -- C:\Program Files (x86)\PDF Experte 8 Ultimate\js32.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.12.16 23:34:07 | 000,103,736 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB) SRV - [2012.12.16 23:34:00 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.12.11 22:19:38 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.12.11 22:19:26 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.12.05 20:05:43 | 001,581,568 | ---- | M] (ElmüSoft) [On_Demand | Stopped] -- C:\Program Files (x86)\PTBSync\PTBSync.exe -- (PTBSync) SRV - [2012.11.29 09:26:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.20 15:09:00 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Programme\IB Updater\ExtensionUpdaterService.exe -- (IB Updater) SRV - [2012.10.31 15:52:30 | 000,464,256 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6) SRV - [2012.10.02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.10.01 08:22:52 | 000,359,224 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2011.11.25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2009.11.06 13:24:54 | 000,282,728 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService) SRV - [2009.11.06 13:13:20 | 000,276,584 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.24 02:42:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.12.24 02:42:04 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.12.24 02:42:04 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012.12.24 02:42:04 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.12.11 22:19:41 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.11 22:19:41 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.12.05 20:05:43 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ptbring0.sys -- (WinRing0_1_2_0) DRV:64bit: - [2012.12.05 12:26:19 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.11.16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.09.18 10:32:44 | 000,042,808 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2012.09.18 10:32:32 | 000,075,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2012.09.18 10:32:32 | 000,061,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.06.27 09:37:56 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2012.06.27 09:37:56 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:64bit: - [2012.06.27 09:37:56 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.21 14:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.24 10:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.02.24 10:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010.11.21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.10.01 20:41:00 | 001,349,232 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2010.05.20 08:30:58 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2009.11.23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.09.15 13:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvoclk64.sys -- (nvoclk64) DRV:64bit: - [2009.07.17 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.02.17 18:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2007.02.16 01:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2007.02.16 01:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EC 59 51 73 DF ED CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: autocopy2%40teo.pl:1.2.6 FF - prefs.js..extensions.enabledAddons: autoformer2%40mozilla.org:1.1.0 FF - prefs.js..extensions.enabledAddons: Noia4Options%40ArisT2:1.7.6 FF - prefs.js..extensions.enabledAddons: NoiaFoxoption%40davidvincent.tld:2.0.6 FF - prefs.js..extensions.enabledAddons: notreal.ccoptions%40environmentalchemistry.com:16.0.1 FF - prefs.js..extensions.enabledAddons: %7B02450914-cdd9-410f-b1da-db004e18c671%7D:0.96.8c FF - prefs.js..extensions.enabledAddons: %7BF003DA68-8256-4b37-A6C4-350FA04494DF%7D:6.5 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=12040ac0-2641-48cf-9a3c-1264ce72ad6f&searchtype=ds&q=" FF - user.js..browser.search.openintab: false FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2012.12.16 22:12:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012.12.05 11:56:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2012.12.16 22:12:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 12:21:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.05 12:22:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TeK\AppData\Roaming\mozilla\Extensions [2012.12.24 23:31:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TeK\AppData\Roaming\mozilla\Firefox\Profiles\xipnt923.default\extensions [2012.12.23 18:50:44 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\TeK\AppData\Roaming\mozilla\Firefox\Profiles\xipnt923.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2012.10.03 00:09:12 | 000,103,455 | ---- | M] () (No name found) -- C:\Users\TeK\AppData\Roaming\mozilla\firefox\profiles\xipnt923.default\extensions\autocopy2@teo.pl.xpi [2012.03.27 02:50:30 | 000,031,289 | ---- | M] () (No name found) -- C:\Users\TeK\AppData\Roaming\mozilla\firefox\profiles\xipnt923.default\extensions\autoformer2@mozilla.org.xpi [2012.09.11 11:28:02 | 000,077,464 | ---- | M] () (No name found) -- C:\Users\TeK\AppData\Roaming\mozilla\firefox\profiles\xipnt923.default\extensions\ciuvo-extension@billiger.de.xpi [2012.11.30 00:06:08 | 000,126,836 | ---- | M] () (No name found) -- C:\Users\TeK\AppData\Roaming\mozilla\firefox\profiles\xipnt923.default\extensions\Noia4Options@ArisT2.xpi [2012.11.30 00:06:08 | 000,065,957 | ---- | M] () (No name found) -- C:\Users\TeK\AppData\Roaming\mozilla\firefox\profiles\xipnt923.default\extensions\NoiaFoxoption@davidvincent.tld.xpi [2012.12.02 19:26:00 | 000,159,639 | ---- | M] () (No name found) -- C:\Users\TeK\AppData\Roaming\mozilla\firefox\profiles\xipnt923.default\extensions\notreal.ccoptions@environmentalchemistry.com.xpi [2012.10.06 05:20:28 | 000,094,079 | ---- | M] () (No name found) -- C:\Users\TeK\AppData\Roaming\mozilla\firefox\profiles\xipnt923.default\extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2012.12.24 23:31:43 | 000,347,856 | ---- | M] () (No name found) -- C:\Users\TeK\AppData\Roaming\mozilla\firefox\profiles\xipnt923.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2012.11.23 08:47:46 | 000,269,905 | ---- | M] () (No name found) -- C:\Users\TeK\AppData\Roaming\mozilla\firefox\profiles\xipnt923.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2012.11.24 09:25:08 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\TeK\AppData\Roaming\mozilla\firefox\profiles\xipnt923.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.03.27 02:45:16 | 000,002,354 | ---- | M] () -- C:\Users\TeK\AppData\Roaming\mozilla\firefox\profiles\xipnt923.default\searchplugins\aol-web-search.xml [2012.11.29 20:17:38 | 000,002,389 | ---- | M] () -- C:\Users\TeK\AppData\Roaming\mozilla\firefox\profiles\xipnt923.default\searchplugins\Web Search.xml [2012.12.05 19:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.05 19:32:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.12.05 11:56:26 | 000,000,000 | ---D | M] (Logitech SetPoint) -- C:\PROGRAM FILES\LOGITECH\SETPOINTP\LOGISMOOTHFIREFOXEXT [2012.11.29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\IB Updater\Extension64.dll () O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\IB Updater\Extension32.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [PTBSync] C:\Program Files (x86)\PTBSync\PTBSync.exe (ElmüSoft) O4 - HKLM..\Run: [vspdfprsrv.exe] C:\Program Files (x86)\PDF Experte 8 Ultimate\vspdfprsrv.exe (Visagesoft) O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKCU..\Run: [SDP] C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe (Somoto) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6672D22A-E832-49AD-9AFF-2E118152A958}: NameServer = 192.168.113.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.05.05 13:47:44 | 000,000,000 | ---- | M] () - V:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1} - .NET Framework ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1} - .NET Framework ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\PROGRA~2\HP\DIGITA~1\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig:64bit - StartUpReg: CloneCDTray - hkey= - key= - C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard) MsConfig:64bit - StartUpReg: hpqSRMon - hkey= - key= - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard) MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.01.09 22:01:24 | 000,000,000 | ---D | C] -- D:\Eigene Dateien\PDF Files [2013.01.09 21:56:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\TeK\Desktop\OTL.exe [2013.01.09 21:50:47 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013.01.09 21:50:46 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.01.09 21:50:45 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.01.09 21:50:44 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013.01.09 20:07:43 | 000,000,000 | ---D | C] -- C:\Users\TeK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker [2013.01.09 20:07:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FilesFrog Update Checker [2013.01.09 19:15:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup [2013.01.09 18:28:46 | 000,000,000 | ---D | C] -- C:\Users\TeK\AppData\Roaming\Malwarebytes [2013.01.09 18:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.09 18:28:36 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.09 18:28:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.09 18:28:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.09 17:48:31 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2013.01.08 02:49:22 | 000,000,000 | ---D | C] -- C:\Users\TeK\AppData\Local\Chromium [2013.01.08 02:05:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games [2013.01.08 01:48:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Rockstar Games [2013.01.07 00:27:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2013.01.07 00:27:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2013.01.07 00:27:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Image Convert and Resize [2013.01.07 00:27:29 | 000,000,000 | ---D | C] -- C:\Users\TeK\AppData\Roaming\DVDVideoSoft [2013.01.05 11:12:40 | 000,000,000 | ---D | C] -- C:\Users\TeK\Application Data [2013.01.05 06:52:40 | 000,000,000 | ---D | C] -- C:\Users\TeK\AppData\Roaming\Rovio [2013.01.05 06:52:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rovio [2013.01.05 06:52:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rovio [2013.01.03 19:53:39 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [2013.01.03 14:20:32 | 000,000,000 | ---D | C] -- D:\Eigene Dateien\SHIFT 2 UNLEASHED [2013.01.03 14:13:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield [2012.12.29 15:52:32 | 000,000,000 | ---D | C] -- C:\Users\TeK\AppData\Local\Activision [2012.12.28 19:15:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games [2012.12.27 23:26:59 | 000,000,000 | ---D | C] -- C:\Users\TeK\Desktop\sd_karten [2012.12.27 18:47:33 | 000,000,000 | ---D | C] -- C:\Users\TeK\AppData\Local\HP [2012.12.24 05:03:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2012.12.24 05:03:47 | 000,000,000 | ---D | C] -- C:\Users\TeK\AppData\Roaming\Bioshock2 [2012.12.24 03:09:52 | 000,000,000 | ---D | C] -- C:\Users\TeK\AppData\Local\Razer [2012.12.24 03:09:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer Game Booster [2012.12.24 03:09:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer [2012.12.24 02:43:31 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012.12.24 02:43:31 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012.12.24 02:43:31 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012.12.24 02:43:31 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012.12.24 02:43:15 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012.12.24 02:43:15 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012.12.24 02:42:49 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012.12.24 02:42:49 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012.12.24 02:42:49 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012.12.24 02:42:30 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012.12.24 02:42:30 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012.12.24 02:42:30 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012.12.24 02:42:30 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012.12.24 02:42:30 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012.12.24 02:42:30 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012.12.24 02:42:04 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2012.12.24 02:42:04 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2012.12.24 02:42:04 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2012.12.24 02:42:04 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2012.12.24 02:42:04 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2012.12.24 02:42:04 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2012.12.24 02:42:04 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2012.12.24 02:42:04 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2012.12.24 02:42:04 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2012.12.24 02:42:04 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2012.12.24 02:42:04 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2012.12.24 02:42:04 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2012.12.24 02:42:04 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2012.12.24 02:42:04 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2012.12.24 02:42:04 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2012.12.24 02:42:04 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2012.12.24 02:42:04 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2012.12.24 02:42:04 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2012.12.24 02:42:04 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys [2012.12.24 02:42:04 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\terminpt.sys [2012.12.24 02:42:04 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2012.12.24 02:42:04 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2012.12.24 02:42:04 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2012.12.24 02:42:04 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2012.12.24 02:42:04 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2012.12.24 02:42:04 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2012.12.24 02:41:38 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2012.12.24 02:41:03 | 000,025,472 | ---- | C] (IObit) -- C:\Windows\SysNative\RegistryDefragBootTime.exe [2012.12.24 02:24:05 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit [2012.12.24 02:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 6 [2012.12.24 02:24:02 | 000,000,000 | ---D | C] -- C:\Users\TeK\AppData\Roaming\IObit [2012.12.24 02:23:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced SystemCare 6 [2012.12.22 02:39:18 | 000,000,000 | ---D | C] -- C:\Users\TeK\AppData\Roaming\NVIDIA [2012.12.21 22:22:20 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.21 22:22:20 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.21 22:22:20 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.21 22:22:20 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.21 14:31:36 | 000,749,088 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\3Planesoft_Screensaver_Manager.scr [2012.12.21 14:31:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\3Planesoft Screensaver Manager [2012.12.21 14:31:36 | 000,000,000 | ---D | C] -- C:\ProgramData\3Planesoft [2012.12.21 14:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3Planesoft [2012.12.21 14:31:31 | 002,343,968 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\White_Christmas_3D_Screensaver.scr [2012.12.21 14:31:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\White Christmas 3D Screensaver [2012.12.19 04:34:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BVRP Software [2012.12.19 04:34:18 | 000,000,000 | ---D | C] -- C:\Users\TeK\AppData\Roaming\PDF Experte 8 [2012.12.19 04:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest Software [2012.12.19 04:33:57 | 000,023,552 | ---- | C] (Visagesoft) -- C:\Windows\SysNative\vsmon1.dll [2012.12.19 04:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Experte 8 Ultimate [2012.12.19 04:33:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Avanquest Software [2012.12.19 04:33:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Experte 8 Ultimate [2012.12.19 04:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Expert PDF Jobs [2012.12.19 04:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Expert PDF 8 [2012.12.19 04:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest [2012.12.19 00:18:19 | 000,000,000 | ---D | C] -- C:\Users\TeK\AppData\Roaming\TeraCopy [2012.12.19 00:18:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy [2012.12.19 00:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\TeraCopy [2012.12.17 20:45:31 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images [2012.12.17 20:38:39 | 000,177,640 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdm.sys [2012.12.17 20:38:39 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwhnt.sys [2012.12.17 20:38:38 | 000,157,672 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadbus.sys [2012.12.17 20:38:38 | 000,016,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdfl.sys [2012.12.17 20:38:38 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcmnt.sys [2012.12.17 20:36:41 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2012.12.17 18:57:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech [2012.12.17 18:32:09 | 000,000,000 | ---D | C] -- C:\Users\TeK\AppData\Local\Logitech [2012.12.17 03:08:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses [2012.12.17 03:06:40 | 000,000,000 | ---D | C] -- C:\Users\TeK\AppData\Roaming\Engelmann Media [2012.12.17 03:06:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HDX4 [2012.12.17 03:06:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Engelmann Media [2012.12.17 03:06:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Engelmann Media [2012.12.16 23:13:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games [2012.12.16 23:13:34 | 000,000,000 | ---D | C] -- C:\Users\TeK\AppData\Roaming\Origin [2012.12.16 23:13:32 | 000,000,000 | ---D | C] -- C:\Users\TeK\AppData\Local\Origin [2012.12.16 23:13:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2012.12.16 23:13:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2012.12.16 23:12:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin [2012.12.16 22:39:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyFree Codec [2012.12.16 22:37:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny [2012.12.16 22:13:47 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM [2012.12.16 22:13:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE [2012.12.16 22:13:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2012.12.16 22:13:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2012.12.16 22:12:18 | 000,000,000 | ---D | C] -- C:\Program Files\IB Updater [2012.12.16 21:46:13 | 000,000,000 | ---D | C] -- C:\Users\TeK\AppData\Local\SKIDROW [2012.12.16 13:55:54 | 000,000,000 | ---D | C] -- C:\Users\TeK\AppData\Local\id Software [2012.12.16 04:16:50 | 000,000,000 | ---D | C] -- C:\Temp [2012.12.16 04:15:47 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log [2012.12.16 04:15:40 | 000,000,000 | ---D | C] -- C:\Users\TeK\AppData\Local\Samsung [2012.12.16 04:15:36 | 000,000,000 | ---D | C] -- C:\Users\TeK\AppData\Roaming\Samsung [2012.12.16 04:10:14 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012.12.16 04:09:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.12.16 04:09:47 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.12.15 01:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo [2012.12.15 01:58:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo MP3 AudioCenter [2012.12.15 01:11:17 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.12.15 01:11:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.12.15 01:11:16 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.12.15 01:11:15 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.12.15 01:11:15 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.12.15 01:11:15 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.12.15 01:11:15 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.12.15 01:11:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.12.15 01:11:14 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.12.15 01:11:14 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.12.15 01:11:13 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.12.15 01:11:13 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.12.15 01:11:11 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.12.15 01:11:11 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.12.15 01:11:11 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.12.15 01:10:08 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012.12.15 01:10:08 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012.12.15 01:09:49 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.12.15 01:09:49 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.12.15 01:09:49 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.12.15 01:09:48 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.12.15 01:09:48 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.12.15 01:09:48 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.12.15 01:09:48 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.12.15 01:09:48 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.12.15 01:09:48 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.12.15 01:09:48 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.12.15 01:09:48 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.12.15 01:09:48 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.12.15 01:09:48 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.12.15 01:09:48 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.12.15 01:09:48 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.12.15 01:09:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.15 01:09:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.15 01:09:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.15 01:09:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.15 01:09:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.15 01:09:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.12.15 01:09:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.12.15 01:09:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.15 01:09:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.15 01:09:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.15 01:09:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.15 01:09:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.15 01:09:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.15 01:09:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.15 01:09:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.12.15 01:09:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.12.15 01:09:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.12.15 01:09:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.12.15 01:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.12.15 01:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.12.15 01:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.12.15 01:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.12.15 01:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.15 01:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.12.15 01:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.12.15 01:09:47 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.12.15 01:09:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.15 01:09:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.12.15 01:09:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.12.15 01:09:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.12.15 01:09:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.12.15 01:09:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.15 01:09:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.15 01:09:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.15 01:09:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.12.15 01:09:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.12.15 01:09:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.12.15 01:09:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.12.15 01:09:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.15 01:09:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.12.15 01:09:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.12.15 01:09:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.12.15 01:09:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.12.15 01:09:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.15 01:09:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.15 01:09:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.12.15 01:09:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.12.15 01:09:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.12.15 01:09:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.12.15 01:09:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.12.15 01:09:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.12.15 01:09:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.12.15 01:09:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.12.15 01:09:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe ========== Files - Modified Within 30 Days ========== [2013.01.09 22:07:34 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.09 22:07:34 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.09 22:04:05 | 002,210,280 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.09 22:04:05 | 000,618,480 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.09 22:04:05 | 000,446,462 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.09 22:04:05 | 000,426,302 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.09 22:04:05 | 000,006,248 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.09 22:01:11 | 000,001,356 | ---- | M] () -- D:\Eigene Dateien\PTBSync-AutoExport-Tek.ini [2013.01.09 21:58:57 | 000,294,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.09 21:58:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.09 21:58:32 | 2133,417,983 | -HS- | M] () -- C:\hiberfil.sys [2013.01.09 21:39:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TeK\Desktop\OTL.exe [2013.01.09 20:14:38 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys [2013.01.09 20:07:43 | 000,001,179 | ---- | M] () -- C:\Users\TeK\Desktop\Check for Updates.lnk [2013.01.09 19:15:05 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\MozBackup.lnk [2013.01.09 18:28:37 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.08 21:33:37 | 000,002,842 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2013.01.08 00:21:07 | 000,001,068 | ---- | M] () -- C:\Windows\x-rename.ndo [2013.01.07 04:23:28 | 000,000,095 | ---- | M] () -- C:\Windows\winamp.ini [2013.01.05 06:52:33 | 000,001,190 | ---- | M] () -- C:\Users\Public\Desktop\Angry Birds Star Wars.lnk [2013.01.03 14:20:26 | 000,001,244 | ---- | M] () -- C:\Users\TeK\Desktop\shift2u.lnk [2013.01.02 17:48:30 | 000,015,999 | ---- | M] () -- D:\Eigene Dateien\Abfuhrkalender_2013_Hierscheid_Humes.pdf [2012.12.28 19:13:25 | 000,128,758 | ---- | M] () -- D:\Eigene Dateien\_cm121228_1639551.pdf [2012.12.28 18:54:47 | 000,000,975 | ---- | M] () -- C:\Users\TeK\Desktop\BlackOps.lnk [2012.12.28 17:07:08 | 000,030,868 | ---- | M] () -- D:\Eigene Dateien\Ueberweisung_1356710815510.png [2012.12.28 00:22:38 | 000,007,605 | ---- | M] () -- C:\Users\TeK\AppData\Local\Resmon.ResmonCfg [2012.12.24 05:49:05 | 000,000,454 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2012.12.24 04:49:35 | 000,000,832 | ---- | M] () -- C:\Users\TeK\Desktop\Games.lnk [2012.12.24 03:27:03 | 000,001,141 | ---- | M] () -- C:\Users\TeK\Desktop\Neuer Ordner - Verknüpfung.lnk [2012.12.24 02:48:24 | 000,000,000 | ---- | M] () -- C:\asc_rdflag [2012.12.24 02:43:31 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012.12.24 02:43:31 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012.12.24 02:43:31 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012.12.24 02:43:31 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012.12.24 02:43:31 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.12.24 02:43:15 | 000,054,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012.12.24 02:43:15 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012.12.24 02:43:15 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wdf01000.sys.mui [2012.12.24 02:43:15 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.12.24 02:42:49 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012.12.24 02:42:49 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012.12.24 02:42:49 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012.12.24 02:42:30 | 000,246,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012.12.24 02:42:30 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012.12.24 02:42:30 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012.12.24 02:42:30 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012.12.24 02:42:30 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012.12.24 02:42:30 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012.12.24 02:42:04 | 005,773,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2012.12.24 02:42:04 | 004,916,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2012.12.24 02:42:04 | 003,174,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2012.12.24 02:42:04 | 001,123,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2012.12.24 02:42:04 | 001,048,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2012.12.24 02:42:04 | 000,384,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2012.12.24 02:42:04 | 000,322,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2012.12.24 02:42:04 | 000,269,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2012.12.24 02:42:04 | 000,243,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2012.12.24 02:42:04 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2012.12.24 02:42:04 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2012.12.24 02:42:04 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2012.12.24 02:42:04 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2012.12.24 02:42:04 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2012.12.24 02:42:04 | 000,046,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2012.12.24 02:42:04 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2012.12.24 02:42:04 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2012.12.24 02:42:04 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2012.12.24 02:42:04 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys [2012.12.24 02:42:04 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\terminpt.sys [2012.12.24 02:42:04 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2012.12.24 02:42:04 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2012.12.24 02:42:04 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2012.12.24 02:42:04 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2012.12.24 02:42:04 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2012.12.24 02:42:04 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2012.12.24 02:42:04 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tsusbflt.sys.mui [2012.12.24 02:41:38 | 001,448,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2012.12.23 18:15:18 | 001,944,979 | ---- | M] () -- D:\Eigene Dateien\70209-A1_Paris.pdf [2012.12.23 12:41:28 | 000,031,465 | ---- | M] () -- D:\Eigene Dateien\buchungspdf.pdf [2012.12.22 16:44:12 | 000,001,582 | ---- | M] () -- C:\Users\TeK\Desktop\White_Cloude.lnk [2012.12.22 03:00:09 | 000,002,058 | -H-- | M] () -- D:\Eigene Dateien\Default.rdp [2012.12.20 18:04:15 | 000,000,032 | ---- | M] () -- C:\Windows\Menu.INI [2012.12.16 23:34:07 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.12.16 23:34:00 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.12.16 22:03:33 | 000,001,320 | ---- | M] () -- C:\Users\TeK\Desktop\..wunschzettel detlev.lnk [2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.16 11:54:35 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.12.16 10:18:04 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.12.16 04:16:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.12.16 04:09:41 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012.12.16 04:09:41 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.12.16 04:09:41 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.12.16 04:09:41 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.12.16 04:09:41 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.13 11:49:30 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.12.13 11:49:30 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.12.11 22:19:41 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.12.11 22:19:41 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys ========== Files Created - No Company Name ========== [2013.01.09 20:07:43 | 000,001,179 | ---- | C] () -- C:\Users\TeK\Desktop\Check for Updates.lnk [2013.01.09 19:15:05 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\MozBackup.lnk [2013.01.09 18:28:37 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.08 21:33:37 | 000,002,842 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2013.01.05 06:52:33 | 000,001,190 | ---- | C] () -- C:\Users\Public\Desktop\Angry Birds Star Wars.lnk [2013.01.03 14:20:26 | 000,001,244 | ---- | C] () -- C:\Users\TeK\Desktop\shift2u.lnk [2013.01.02 17:48:30 | 000,015,999 | ---- | C] () -- D:\Eigene Dateien\Abfuhrkalender_2013_Hierscheid_Humes.pdf [2012.12.28 19:13:25 | 000,128,758 | ---- | C] () -- D:\Eigene Dateien\_cm121228_1639551.pdf [2012.12.28 18:54:47 | 000,000,975 | ---- | C] () -- C:\Users\TeK\Desktop\BlackOps.lnk [2012.12.28 17:07:08 | 000,030,868 | ---- | C] () -- D:\Eigene Dateien\Ueberweisung_1356710815510.png [2012.12.28 00:22:38 | 000,007,605 | ---- | C] () -- C:\Users\TeK\AppData\Local\Resmon.ResmonCfg [2012.12.24 04:49:35 | 000,000,832 | ---- | C] () -- C:\Users\TeK\Desktop\Games.lnk [2012.12.24 03:27:03 | 000,001,141 | ---- | C] () -- C:\Users\TeK\Desktop\Neuer Ordner - Verknüpfung.lnk [2012.12.24 02:48:24 | 000,000,000 | ---- | C] () -- C:\asc_rdflag [2012.12.24 02:43:31 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.12.24 02:43:15 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.12.23 18:15:18 | 001,944,979 | ---- | C] () -- D:\Eigene Dateien\70209-A1_Paris.pdf [2012.12.23 12:41:28 | 000,031,465 | ---- | C] () -- D:\Eigene Dateien\buchungspdf.pdf [2012.12.22 16:44:12 | 000,001,582 | ---- | C] () -- C:\Users\TeK\Desktop\White_Cloude.lnk [2012.12.22 02:58:49 | 000,002,058 | -H-- | C] () -- D:\Eigene Dateien\Default.rdp [2012.12.20 18:04:15 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2012.12.16 04:16:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.12.15 02:04:12 | 000,001,068 | ---- | C] () -- C:\Windows\x-rename.ndo [2012.12.15 02:04:01 | 000,013,221 | ---- | C] () -- C:\Windows\x-rename.vbs [2012.12.08 07:37:58 | 000,000,080 | ---- | C] () -- C:\Windows\wiso.ini [2012.12.07 07:46:31 | 000,000,454 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.12.06 13:16:49 | 000,186,915 | ---- | C] () -- C:\Windows\hpoins21.dat [2012.12.06 13:16:49 | 000,007,262 | ---- | C] () -- C:\Windows\hpomdl21.dat [2012.12.05 20:30:35 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.12.05 20:30:34 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.12.05 20:23:51 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2012.12.05 19:01:58 | 000,087,040 | ---- | C] () -- C:\Windows\SysWow64\TrayIcon12.dll [2012.12.05 19:01:58 | 000,061,952 | ---- | C] () -- C:\Windows\SysWow64\ajnetmask.dll [2012.12.05 12:38:45 | 000,000,095 | ---- | C] () -- C:\Windows\winamp.ini [2012.12.05 11:09:43 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll [2012.12.05 11:09:43 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2012.12.05 11:09:40 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2012.12.05 11:09:40 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2012.12.05 11:05:56 | 000,042,242 | ---- | C] () -- C:\Windows\Ascd_log.ini [2012.12.05 11:05:14 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.12.05 11:05:08 | 000,033,165 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012.10.29 12:09:28 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.10.29 12:09:28 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.10.29 12:09:28 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.10.29 12:09:28 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.10.29 12:09:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.10.10 23:07:35 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.01.20 15:10:52 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\EMRegSys.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.12.07 11:19:33 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2013.01.09 21:58:31 | 000,000,000 | -H-D | M] -- C:\Config.Msi [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.12.05 11:00:50 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2013.01.09 17:53:33 | 000,000,000 | ---D | M] -- C:\Kaspersky Rescue Disk 10.0 [2012.12.05 11:34:18 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.12.19 00:18:14 | 000,000,000 | R--D | M] -- C:\Program Files [2013.01.09 20:07:43 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.01.09 19:50:41 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.12.05 11:00:50 | 000,000,000 | -HSD | M] -- C:\Programme [2012.12.05 11:00:51 | 000,000,000 | -HSD | M] -- C:\Recovery [2013.01.09 22:05:38 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.12.17 20:46:37 | 000,000,000 | ---D | M] -- C:\Temp [2012.12.05 11:36:37 | 000,000,000 | R--D | M] -- C:\Users [2013.01.09 15:32:55 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.01.09 22:15:08 | 003,670,016 | ---- | M] () -- C:\Users\TeK\NTUSER.DAT [2013.01.09 22:15:08 | 000,262,144 | -HS- | M] () -- C:\Users\TeK\ntuser.dat.LOG1 [2012.12.05 11:01:23 | 000,000,000 | -HS- | M] () -- C:\Users\TeK\ntuser.dat.LOG2 [2012.12.05 11:01:26 | 000,065,536 | -HS- | M] () -- C:\Users\TeK\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.12.05 11:01:26 | 000,524,288 | -HS- | M] () -- C:\Users\TeK\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.12.05 11:01:26 | 000,524,288 | -HS- | M] () -- C:\Users\TeK\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.12.05 11:01:23 | 000,000,020 | -HS- | M] () -- C:\Users\TeK\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ========== Files - Unicode (All) ========== [2012.12.16 22:15:58 | 000,000,000 | ---D | M](D:\Eigene Dateien\??????????) -- D:\Eigene Dateien\ТАТУИРОВКИ [2012.12.05 12:59:42 | 000,000,000 | ---D | C](D:\Eigene Dateien\??????????) -- D:\Eigene Dateien\ТАТУИРОВКИ ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> C:\Windows:1FF739C9FE5A7588 < End of report > ... ich hoffe das die kiste zumindest halbwegs sauber ist  nochmals danke fürs auswerten... gruß TeK |
|
10.01.2013, 07:18
| #3 |
| /// Helfer-Team  | GUV mit malwarebytes entfernt, probs mit OTL Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
MOD - [2013.01.09 21:56:56 | 000,786,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\46d19039fc4ce87d36d1b2f9daad47c6\System.Runtime.Remoting.ni.dll
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
[2013.01.08 21:33:37 | 000,002,842 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
@Alternate Data Stream - 24 bytes -> C:\Windows:1FF739C9FE5A7588
[2012.10.29 12:09:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\TeK\*.tmp
C:\Users\TeK\AppData\Local\Temp\*.exe
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup unctf.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers danach: 3. Schritt Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ |
|
10.01.2013, 17:50
| #4 |
| | GUV mit malwarebytes entfernt, probs mit OTL hallo, habe jetzt alle scans so wie du´s hier beschrieben hast durchgeführt ! lief alles problemlos und Malwarebytes hat sogar keine funde gehabt. hier nun die drei *.txt´s Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
C:\ProgramData\dsgsdgdsgdsgw.js moved successfully.
ADS C:\Windows:1FF739C9FE5A7588 deleted successfully.
C:\Windows\MusiccityDownload.exe moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\TeK\*.tmp not found.
C:\Users\TeK\AppData\Local\Temp\MP3_Launcher_1_27_0_0.exe moved successfully.
C:\Users\TeK\AppData\Local\Temp\UpdateCheckerSetup.exe moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\TeK\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\TeK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup unctf.lnk not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\TeK\Desktop\cmd.bat deleted successfully.
C:\Users\TeK\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: TeK
->Temp folder emptied: 92347223 bytes
->Temporary Internet Files folder emptied: 17660785 bytes
->FireFox cache emptied: 364512955 bytes
->Flash cache emptied: 5486 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2693980 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 455,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01102013_171524
Files\Folders moved on Reboot...
C:\Users\TeK\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org
Database version: v2013.01.10.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
TeK :: RAVER [administrator]
10.01.2013 17:30:30
mbar-log-2013-01-10 (17-30-30).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29466
Time elapsed: 5 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter # AdwCleaner v2.105 - Datei am 10/01/2013 um 17:42:30 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : TeK - RAVER
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\TeK\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : IB Updater
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\TeK\AppData\Roaming\Mozilla\Firefox\Profiles\xipnt923.default\searchplugins\aol-web-search.xml
Datei Gelöscht : C:\Users\TeK\AppData\Roaming\Mozilla\Firefox\Profiles\xipnt923.default\searchplugins\Web Search.xml
Datei Gelöscht : C:\Users\TeK\Desktop\Check for Updates.lnk
Ordner Gelöscht : C:\Program Files (x86)\FilesFrog Update Checker
Ordner Gelöscht : C:\Program Files\IB Updater
Ordner Gelöscht : C:\Users\TeK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Somoto
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gelöscht : HKLM\Software\IB Updater
Schlüssel Gelöscht : HKLM\Software\ImInstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run []
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\TeK\AppData\Roaming\Mozilla\Firefox\Profiles\xipnt923.default\prefs.js
C:\Users\TeK\AppData\Roaming\Mozilla\Firefox\Profiles\xipnt923.default\user.js ... Gelöscht !
Gelöscht : user_pref("aol_toolbar.surf.date", "6");
Gelöscht : user_pref("aol_toolbar.surf.lastDate", "27");
Gelöscht : user_pref("aol_toolbar.surf.lastMonth", "2");
Gelöscht : user_pref("aol_toolbar.surf.lastYear", "2012");
Gelöscht : user_pref("aol_toolbar.surf.month", "6");
Gelöscht : user_pref("aol_toolbar.surf.prevMonth", "0");
Gelöscht : user_pref("aol_toolbar.surf.total", "6");
Gelöscht : user_pref("aol_toolbar.surf.week", "6");
Gelöscht : user_pref("aol_toolbar.surf.year", "6");
Gelöscht : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Gelöscht : user_pref("browser.search.order.1", "Search the web (Babylon)");
Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Gelöscht : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Gelöscht : user_pref("extensions.BabylonToolbar.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar.babTrack", "affID=112542&tt=040912_mnt_3712_1");
Gelöscht : user_pref("extensions.BabylonToolbar.bbDpng", "11");
Gelöscht : user_pref("extensions.BabylonToolbar.cntry", "DE");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gelöscht : user_pref("extensions.BabylonToolbar.dpkLst", "1169821598,3855095921,302281469,2400444324,3654782829[...]
Gelöscht : user_pref("extensions.BabylonToolbar.envrmnt", "production");
Gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar.hdrMd5", "9C8277273117E9D25B1A3F09F0691624");
Gelöscht : user_pref("extensions.BabylonToolbar.hmpg", false);
Gelöscht : user_pref("extensions.BabylonToolbar.id", "04e29d39000000000000c8600057eb02");
Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15594");
Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar.isdcmntcmplt", true);
Gelöscht : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.7.2.08:48:59");
Gelöscht : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");
Gelöscht : user_pref("extensions.BabylonToolbar.newTab", false);
Gelöscht : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"26\",\"lastVrsn\":\"26\",\"vrsnLoad\[...]
Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar.sg", "none");
Gelöscht : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.7.2.0");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsnTs", "1.7.2.08:48:59");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.7.2.0");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112542&tt=040912_mnt_3712_1");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", false);
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.7.2.08:48:59");
Gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Gelöscht : user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=120[...]
*************************
AdwCleaner[S1].txt - [7828 octets] - [10/01/2013 17:42:30]
########## EOF - C:\AdwCleaner[S1].txt - [7888 octets] ##########
|
|
11.01.2013, 07:11
| #5 |
| /// Helfer-Team | GUV mit malwarebytes entfernt, probs mit OTL Sehr gut!  Wie laeuft der Rechner? Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
03.03.2013, 11:51
| #6 |
| /// Helfer-Team | GUV mit malwarebytes entfernt, probs mit OTL Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________ --> GUV mit malwarebytes entfernt, probs mit OTL |
|
| Themen zu GUV mit malwarebytes entfernt, probs mit OTL |
| administrator, adobe reader xi, anti-malware, appdata, autostart, code, dateien, desktop, explorer, fehlermeldung, gelöscht, gesperrt, google, hijack, hijackthis, install.exe, java, kaspersky, malwarebytes, microsoft, neustart, nvidia update, ordner, origin, roaming, scan, suche, system, systemcare, trojaner, uplay |
Linear-Darstellung
