| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Überall taucht Werbung auf!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.03.2013, 16:08
| #1 |
 |  Überall taucht Werbung auf! Hallo, ich hab seit einigen Tagen das Problem dass Werbung überall auftauch sei es auf Facebook in Youtube oder auch hier im Forum. Das ist immer so ein Mittelgroßes kästchen von AdChoices und ab und zu werden da auch Nachrichtenvideos abgespielt. Ich würde mich freuen wenn ihr mir da weiterhelfen könntet. Evtl. könnte ich auch mehrere viren haben. Ich hab mal die ersten 3 Schritte nach einem älteren Beitrag durchgeführt: Logfiles: OTL Code:
ATTFilter OTL logfile created on: 01.03.2013 12:16:32 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wango90\Desktop 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,25 Gb Available Physical Memory | 81,37% Memory free 7,99 Gb Paging File | 6,45 Gb Available in Paging File | 80,73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1388,77 Gb Total Space | 1221,63 Gb Free Space | 87,96% Space Free | Partition Type: NTFS Drive D: | 4,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: WANGO90-PC | User Name: Wango90 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.28 23:04:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wango90\Desktop\OTL.exe PRC - [2013.02.26 22:09:04 | 000,701,808 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe PRC - [2012.12.11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe PRC - [2012.12.06 17:45:19 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2012.12.02 08:36:50 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.12.02 03:14:28 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.02.27 16:49:34 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2013.02.26 23:08:48 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.02.19 23:17:45 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.06 17:45:19 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012.10.01 20:47:24 | 005,132,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.02 09:29:48 | 011,270,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.12.02 08:13:20 | 000,546,816 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.11.20 18:37:30 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.11.15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2012.10.22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2012.10.15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012.10.02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012.09.21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012.09.21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:64bit: - [2012.09.14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.09.29 10:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.04 17:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2009.04.28 02:03:42 | 000,067,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.04.28 02:03:42 | 000,028,216 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.04.03 06:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV - [2012.04.09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 37 C0 D6 2E D7 09 CE 01 [binary data] IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.19 23:17:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.19 23:17:46 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.20 19:27:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wango90\AppData\Roaming\mozilla\Extensions [2013.02.16 20:34:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wango90\AppData\Roaming\mozilla\Firefox\Profiles\s2xpq4a8.default\extensions [2013.02.16 18:30:59 | 000,216,743 | ---- | M] () (No name found) -- C:\Users\Wango90\AppData\Roaming\mozilla\firefox\profiles\s2xpq4a8.default\extensions\freehdsport@freehdsport.tv.xpi [2013.01.19 16:35:28 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\Wango90\AppData\Roaming\mozilla\firefox\profiles\s2xpq4a8.default\extensions\torntv@torntv.com.xpi [2013.02.19 23:17:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.19 23:17:46 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000..\Run: [Akamai NetSession Interface] "C:\Users\Wango90\AppData\Local\Akamai\netsession_win.exe" File not found O4 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000 File not found O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\..Trusted Domains: aeriagames.com ([]http in Trusted sites) O15 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\..Trusted Domains: aeriagames.com ([]https in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{254C83CF-8C33-4842-93AF-592A0C7279AA}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\osf - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.02.28 23:04:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Wango90\Desktop\OTL.exe [2013.02.28 22:36:00 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin [2013.02.28 22:34:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.02.28 22:20:21 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.02.28 22:13:58 | 005,036,023 | R--- | C] (Swearware) -- C:\Users\Wango90\Desktop\ComboFix.exe [2013.02.28 22:02:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.02.28 22:02:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.02.28 22:02:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.02.28 21:59:08 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.02.28 21:58:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.02.28 21:48:06 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.02.28 21:47:46 | 000,000,000 | ---D | C] -- C:\JRT [2013.02.27 16:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2013.02.27 16:49:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared [2013.02.27 16:24:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO [2013.02.27 16:24:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UltraISO [2013.02.27 16:24:08 | 000,000,000 | ---D | C] -- C:\Users\Wango90\Documents\My ISO Files [2013.02.27 16:24:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EZB Systems [2013.02.26 12:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\OUTLAWS [2013.02.23 13:57:20 | 000,000,000 | ---D | C] -- C:\Webzen [2013.02.22 22:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetmarbleGlobal [2013.02.22 22:07:48 | 000,000,000 | ---D | C] -- C:\NetmarbleGlobal [2013.02.22 21:57:01 | 578,688,216 | ---- | C] (Acresso Software Inc. ) -- C:\Users\Wango90\Desktop\netmarble_d187_v1003_ver2_full_xfire.exe [2013.02.22 21:56:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2013.02.22 21:55:28 | 000,000,000 | ---D | C] -- C:\Users\Wango90\.swt [2013.02.22 15:06:50 | 000,000,000 | ---D | C] -- C:\Users\Wango90\Desktop\Kollegah_und_Farid_Bang-Jung_Brutal_Gutaussehend_2-Premium_Edition-DE-2013-NOiR [2013.02.22 03:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\eMule [2013.02.22 02:53:51 | 000,000,000 | ---D | C] -- C:\Users\Wango90\AppData\Roaming\vlc [2013.02.22 02:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.02.22 02:52:49 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2013.02.22 02:40:16 | 000,000,000 | ---D | C] -- C:\Users\Wango90\Desktop\Neuer Ordner (4) [2013.02.22 02:27:49 | 000,000,000 | ---D | C] -- C:\Users\Wango90\AppData\Local\Shareaza [2013.02.22 02:27:35 | 000,000,000 | ---D | C] -- C:\Users\Wango90\AppData\Roaming\Shareaza [2013.02.22 02:27:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shareaza [2013.02.22 02:15:00 | 000,000,000 | ---D | C] -- C:\Users\Wango90\FrostWire [2013.02.22 02:14:58 | 000,000,000 | ---D | C] -- C:\Users\Wango90\.frostwire5 [2013.02.19 23:17:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.16 20:36:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2013.02.16 18:30:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATDheNetTVApp.com [2013.02.14 03:01:25 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.02.14 03:01:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.02.14 03:01:25 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.02.14 03:01:25 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.02.14 03:01:24 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.02.14 03:01:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.02.14 03:01:23 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.02.14 03:01:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.02.14 03:01:23 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.02.14 03:01:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.02.14 03:01:22 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.02.14 03:01:22 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.02.14 03:01:21 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.02.14 03:01:21 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.02.14 03:01:21 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.02.13 11:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013.02.13 11:38:33 | 005,500,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.02.13 11:38:32 | 003,957,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.02.13 11:38:32 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.02.13 11:38:12 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.02.13 11:38:12 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.02.13 11:38:11 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.02.13 11:38:11 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.02.13 11:38:11 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.02.13 11:38:11 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.02.13 11:38:11 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.02.13 11:38:11 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.02.13 11:38:11 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.02.13 11:38:11 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.02.13 11:38:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.02.13 11:38:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.02.13 11:38:10 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.02.13 11:38:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.02.13 11:38:09 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.02.13 11:38:09 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.02.13 11:38:09 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.02.13 11:38:09 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.02.13 11:38:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.02.13 11:38:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.02.13 11:38:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.02.13 11:38:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.02.13 11:38:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.02.13 11:38:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.02.13 11:38:03 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.02.05 11:53:26 | 000,000,000 | ---D | C] -- C:\Users\Wango90\Desktop\Neuer Ordner (2) [2013.02.05 11:51:45 | 000,000,000 | ---D | C] -- C:\Users\Wango90\Desktop\ALLES ========== Files - Modified Within 30 Days ========== [2013.03.01 12:08:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.01 11:22:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.28 23:04:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wango90\Desktop\OTL.exe [2013.02.28 23:01:39 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.28 23:01:39 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.28 23:01:39 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.28 23:01:39 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.28 23:01:39 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.28 22:55:49 | 000,371,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.28 22:55:25 | 3218,202,624 | -HS- | M] () -- C:\hiberfil.sys [2013.02.28 22:14:04 | 005,036,023 | R--- | M] (Swearware) -- C:\Users\Wango90\Desktop\ComboFix.exe [2013.02.28 21:32:30 | 000,009,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.28 21:32:30 | 000,009,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.28 12:50:45 | 000,172,835 | ---- | M] () -- C:\Users\Wango90\Desktop\tumblr_m8o6g0gkUp1r7wh28o1_1280.jpg [2013.02.28 12:45:22 | 000,004,814 | ---- | M] () -- C:\Users\Wango90\Desktop\shisha_and_more.GIF [2013.02.27 16:24:11 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\UltraISO.lnk [2013.02.27 04:04:39 | 000,005,120 | ---- | M] () -- C:\Users\Wango90\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.02.26 23:08:48 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.02.26 23:08:48 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.02.22 22:07:01 | 578,688,216 | ---- | M] (Acresso Software Inc. ) -- C:\Users\Wango90\Desktop\netmarble_d187_v1003_ver2_full_xfire.exe [2013.02.22 16:49:30 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.02.22 16:49:30 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.02.22 13:15:00 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.02.22 02:53:16 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.02.13 11:39:27 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk ========== Files Created - No Company Name ========== [2013.02.28 22:02:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.02.28 22:02:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.02.28 22:02:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.02.28 22:02:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.02.28 22:02:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.02.28 12:50:45 | 000,172,835 | ---- | C] () -- C:\Users\Wango90\Desktop\tumblr_m8o6g0gkUp1r7wh28o1_1280.jpg [2013.02.28 12:45:17 | 000,004,814 | ---- | C] () -- C:\Users\Wango90\Desktop\shisha_and_more.GIF [2013.02.27 16:24:11 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\UltraISO.lnk [2013.02.23 02:22:55 | 000,005,120 | ---- | C] () -- C:\Users\Wango90\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.02.22 02:53:16 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.02.07 01:07:39 | 268,435,456 | ---- | C] () -- C:\Users\Wango90\Desktop\5589.nds [2013.02.05 11:36:54 | 067,108,864 | ---- | C] () -- C:\Users\Wango90\Desktop\Pokémon Diamant Edition.nds [2012.11.20 23:51:20 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.11.20 23:51:18 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.11.20 23:32:40 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.11.20 18:10:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.09.28 02:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.09.28 02:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Custom Scans ========== < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013.02.19 23:17:45 | 000,867,664 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013.02.19 23:17:45 | 000,867,664 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013.02.19 23:17:45 | 000,867,664 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2013.02.19 23:17:46 | 000,917,400 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2013.02.19 23:17:46 | 000,917,400 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2013.02.19 23:17:46 | 000,917,400 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012.11.20 18:49:15 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012.11.20 18:49:15 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012.11.20 18:49:15 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2013.01.08 23:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2013.01.08 23:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2013.02.19 23:17:45 | 000,867,664 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2013.02.19 23:17:45 | 000,867,664 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2013.02.19 23:17:45 | 000,867,664 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2013.02.19 23:17:46 | 000,917,400 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2013.02.19 23:17:46 | 000,917,400 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2013.02.19 23:17:46 | 000,917,400 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012.11.20 18:49:14 | 000,089,088 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012.11.20 18:49:14 | 000,089,088 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012.11.20 18:49:14 | 000,089,088 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2013.01.08 23:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2013.01.08 23:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) ========== Alternate Data Streams ========== @Alternate Data Stream - 16 bytes -> C:\Users\Wango90\Downloads:Shareaza.GUID < End of report > Code:
ATTFilter OTL Extras logfile created on: 01.03.2013 12:16:36 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wango90\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,25 Gb Available Physical Memory | 81,37% Memory free
7,99 Gb Paging File | 6,45 Gb Available in Paging File | 80,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1388,77 Gb Total Space | 1221,63 Gb Free Space | 87,96% Space Free | Partition Type: NTFS
Drive D: | 4,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: WANGO90-PC | User Name: Wango90 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1912176476-229640534-1509025152-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CE3D965F-1E25-4D47-AFBE-7A90565C3B58}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02CD3864-1F26-4D62-8BD0-F63BFCCB08C6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{0AE888FC-957F-46CC-B92C-ABB3191D7137}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{0DF4ACF9-2463-4397-B3FD-1EDD00E46223}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{13BF4763-F92B-4845-BE7E-C5DE42A0D19E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe |
"{173C40E6-D43C-48E9-BCE5-5F8AB7CE98F5}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe |
"{1A0B68CC-042C-41E9-8F84-8F82D733618E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe |
"{23646371-714B-4CF5-B3C9-43A0BCEE86EF}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe |
"{23D5FCB8-447A-4A6B-86A0-DEE6DF9B4485}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{248DB0B8-F428-4D2A-B889-833EC3348D57}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{27234DBF-1C2A-4048-AD86-A41E6ABE2B1B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{2B5C9793-C0EC-46ED-BA2F-545F9259FB54}" = protocol=6 | dir=in | app=c:\webzen\arcticcombat\system\arcticcombat.exe |
"{2F984ACB-C539-4245-A952-7C13531A782A}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe |
"{33D68D35-15BB-404C-AAD6-498A4D0B6AD2}" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 13\game\fifa13.exe |
"{3D8C6A59-EA1B-4AA9-B32A-5BE3B2B90152}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{45BF5F2D-17F3-474C-92D6-B58F998E4160}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{4BA22568-9A13-433E-A05C-07786ACB36FE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{4F94FF05-897F-45E1-B14B-506D18C0882F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{52728B53-FC91-4DE8-8CC5-D15C4A265B29}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{5D464D61-35F6-4116-AF90-191A16612CA4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{60856B82-5902-4512-BB7A-65DB9FD309D4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{65ED4986-291D-4183-9E4C-8B0438A26F78}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{6AC379CF-7EC1-4EC8-A698-31FC6F0CD156}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{73B06A35-3B1E-406C-B3CF-02A84525F5A1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{74350D88-16C2-460B-A2A1-4F0622ED4789}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{74BA5AEB-7CFC-4BC4-8663-7E185CA042A7}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{7B33B8FD-4268-45CA-B836-F8BEA1CCCD05}" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 13\game\fifa13.exe |
"{7BDA9AED-2217-4EAA-8FA1-0E839960E540}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe |
"{8A3164CC-7AC1-4BFA-B70C-D96FD2430818}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{8E8BF489-06D0-4990-BD77-553200DBEEDF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe |
"{8EF8EE83-AB78-4A3F-B82F-BD9FBEBA8F3E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{A0AF8C91-E2C9-4A7C-B136-5390868221AD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A1FE7794-9E33-4EED-9405-E13854F8E268}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{C8F1A035-EE5A-4B73-A9C5-8F892357710B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{D73F21D7-B7A6-4293-B1FE-AB72F3826476}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe |
"{DC303069-7D0A-47A6-97F2-32E55C4FCF0D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{E6AE3CC4-DDFF-4BBD-8306-780EA465DA42}" = protocol=17 | dir=in | app=c:\webzen\arcticcombat\system\arcticcombat.exe |
"{EF7DEDC6-D784-408A-8DC7-8EC5E61A78BE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{FD6EB6D2-4AEB-46AB-9C09-09C90E94D884}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"TCP Query User{075A59ED-600F-4F26-9065-35AC5797E3C4}C:\users\wango90\appdata\local\apps\2.0\o1mvxy83.trq\wrb4pnza.e8b\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe" = protocol=6 | dir=in | app=c:\users\wango90\appdata\local\apps\2.0\o1mvxy83.trq\wrb4pnza.e8b\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe |
"TCP Query User{19314820-EC5B-4078-9986-F86C9BA8CD4D}C:\program files (x86)\atdhenettvapp.com\atdhenettvapp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\atdhenettvapp.com\atdhenettvapp.exe |
"TCP Query User{2320CBB0-E27F-4D01-9B53-7421EE6E62AB}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"TCP Query User{6BF4660E-7741-48CC-AA74-B1E56B129C98}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{ACA4FDC6-23CD-45DF-B258-F0841D65DB53}C:\users\wango90\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\wango90\appdata\local\akamai\netsession_win.exe |
"TCP Query User{BB9BA315-FE56-46B7-B401-EB7AA77B37F6}C:\users\wango90\appdata\local\apps\2.0\o1mvxy83.trq\wrb4pnza.e8b\laun...app_59711684aa47878d_0001.001d_82c2447510b53390\launcher.exe" = protocol=6 | dir=in | app=c:\users\wango90\appdata\local\apps\2.0\o1mvxy83.trq\wrb4pnza.e8b\laun...app_59711684aa47878d_0001.001d_82c2447510b53390\launcher.exe |
"TCP Query User{DCE7D546-AB65-4B28-866E-917EA8C0195B}C:\ubisoft\ghost recon online\pdc-live\ghostrecononline.exe" = protocol=6 | dir=in | app=c:\ubisoft\ghost recon online\pdc-live\ghostrecononline.exe |
"UDP Query User{048D149B-0377-47C3-B43A-0FF06A75C683}C:\users\wango90\appdata\local\apps\2.0\o1mvxy83.trq\wrb4pnza.e8b\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe" = protocol=17 | dir=in | app=c:\users\wango90\appdata\local\apps\2.0\o1mvxy83.trq\wrb4pnza.e8b\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe |
"UDP Query User{2A04A0F4-0ED0-43B7-A523-3338B8CCEE66}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{7A2AB41B-D70C-42E2-82D9-AEA77A7BC73C}C:\ubisoft\ghost recon online\pdc-live\ghostrecononline.exe" = protocol=17 | dir=in | app=c:\ubisoft\ghost recon online\pdc-live\ghostrecononline.exe |
"UDP Query User{9CC25FBC-E637-4411-A698-473A6143E705}C:\program files (x86)\atdhenettvapp.com\atdhenettvapp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\atdhenettvapp.com\atdhenettvapp.exe |
"UDP Query User{A964C138-E72E-4879-A65E-8ABA25C3D8C6}C:\users\wango90\appdata\local\apps\2.0\o1mvxy83.trq\wrb4pnza.e8b\laun...app_59711684aa47878d_0001.001d_82c2447510b53390\launcher.exe" = protocol=17 | dir=in | app=c:\users\wango90\appdata\local\apps\2.0\o1mvxy83.trq\wrb4pnza.e8b\laun...app_59711684aa47878d_0001.001d_82c2447510b53390\launcher.exe |
"UDP Query User{B3DB4DE3-0875-440F-9278-F7CB29BCFF3D}C:\users\wango90\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\wango90\appdata\local\akamai\netsession_win.exe |
"UDP Query User{B7B0C93B-4F82-4D3D-BCEE-799E62604BB8}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0407893F-352C-B182-E04A-A8C3333DA29B}" = AMD Drag and Drop Transcoding
"{065B40C5-5F4C-9CF1-7A21-2B2EAA74E44D}" = AMD Fuel
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5BA8D4F0-C15F-57FE-2B6C-C4AF214833CE}" = AMD Accelerated Video Transcoding
"{90150000-002A-0000-1000-0000000FF1CE}" = Microsoft Office 64-bit Components 2013
"{90150000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2013
"{9064F37C-66B4-BAF2-E8A7-EDE5E72BB16D}" = AMD Media Foundation Decoders
"{9F0D08A0-5623-4EF6-A513-40048E20C4E0}" = AVG 2013
"{BECAA3A9-CC5A-615C-5FF5-F5261E153CF0}" = ccc-utility64
"{D9B7744C-1C39-49B8-86B3-F930631B4FE2}" = AVG 2013
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F436A08B-63BB-72A2-17C0-6D8E5182CA49}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{12E777A1-74B6-AD5A-D2CD-C792464E425B}" = CCC Help Turkish
"{2B8D8529-DA80-74D8-4898-DAA028746E08}" = CCC Help Korean
"{34E7E124-7AA8-1274-1BA2-90CBD7F6B708}" = CCC Help Thai
"{3C912BF1-73FE-B493-C7D6-04EBF14F57A2}" = CCC Help Portuguese
"{549FACD7-A5F5-6EA8-7A19-8F7E8CE282A7}" = Catalyst Control Center Localization All
"{5753C527-E2AA-2B8B-AFD1-D4325A0A44B4}" = CCC Help Chinese Standard
"{613C67FF-E71D-124A-6380-E0E77F9438F7}" = CCC Help Polish
"{632B73D1-C23A-0BD4-FBE2-175B680876A9}" = CCC Help Norwegian
"{659F48FB-0A8A-49A1-3FD2-C6F069C10893}" = Catalyst Control Center Graphics Previews Common
"{70CEC2B6-BE72-E9B1-D6B8-C1A3CA170D1F}" = Catalyst Control Center InstallProxy
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74A3C7EE-10A4-EA61-AC31-335E0500DE48}" = CCC Help English
"{77F94BE8-A504-352B-E873-FC78E5FA9CD7}" = CCC Help Japanese
"{79AAA7A5-6917-2C53-7FCB-C00B54602149}" = CCC Help Chinese Traditional
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{90150000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0407-0000-0000000FF1CE}" = Microsoft Access MUI (German) 2013
"{90150000-0016-0407-0000-0000000FF1CE}" = Microsoft Excel MUI (German) 2013
"{90150000-0018-0407-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (German) 2013
"{90150000-0019-0407-0000-0000000FF1CE}" = Microsoft Publisher MUI (German) 2013
"{90150000-001A-0407-0000-0000000FF1CE}" = Microsoft Outlook MUI (German) 2013
"{90150000-001B-0407-0000-0000000FF1CE}" = Microsoft Word MUI (German) 2013
"{90150000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office*- Français
"{90150000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano
"{90150000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2013
"{90150000-0044-0407-0000-0000000FF1CE}" = Microsoft InfoPath MUI (German) 2013
"{90150000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2013
"{90150000-0090-0407-0000-0000000FF1CE}" = Microsoft DCF MUI (German) 2013
"{90150000-00A1-0407-0000-0000000FF1CE}" = Microsoft OneNote MUI (German) 2013
"{90150000-00BA-0407-0000-0000000FF1CE}" = Microsoft Groove MUI (German) 2013
"{90150000-00E1-0407-0000-0000000FF1CE}" = Microsoft Office OSM MUI (German) 2013
"{90150000-00E2-0407-0000-0000000FF1CE}" = Microsoft Office OSM UX MUI (German) 2013
"{90150000-012B-0407-0000-0000000FF1CE}" = Microsoft Lync MUI (German) 2013
"{926E4789-8065-6F3B-9D9A-5E6AABA000BC}" = CCC Help Czech
"{9700C74F-1D07-FD53-6430-A858B34E30B7}" = CCC Help Russian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed (R) III
"{A0E64741-5C93-FCCD-6A90-248D3C92CAFA}" = CCC Help Greek
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A8D4FFA9-94CA-B0E4-7ED0-A7FD4DEDB106}" = CCC Help Hungarian
"{A9D5BCE3-6D8B-95B0-925F-F39BFAAB4177}" = CCC Help French
"{ABA15F5D-057C-2677-3C90-04838682F66B}" = CCC Help Dutch
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{ACC88BAA-D748-E9D9-3F72-B359EFD11912}" = CCC Help Swedish
"{D33CE733-2DE9-D582-9D35-323F9F79A1EB}" = CCC Help Italian
"{D67A9023-307F-B5A0-8621-5258D3FA9813}" = CCC Help German
"{D7D6CCD3-D9BD-EA92-288E-EFCBDE939FF5}" = AMD VISION Engine Control Center
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{EF666029-2EDF-C792-D438-34940ED13A46}" = CCC Help Finnish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F38EF546-DCE4-E290-AB73-4C57A3AC70A0}" = CCC Help Danish
"{FE6A55DF-D79E-7469-37CC-3E7F08098FCA}" = CCC Help Spanish
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"DAEMON Tools Lite" = DAEMON Tools Lite
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"PunkBusterSvc" = PunkBuster Services
"SopCast" = SopCast 3.5.0
"Steam App 43110" = Metro 2033
"UltraISO_is1" = UltraISO Premium V9.53
"Uplay" = Uplay
"Wildlife Park 2 - Dino World_is1" = Wildlife Park 2 - Dino World v2.1
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1912176476-229640534-1509025152-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"d8be6c3f847d7d92" = Ghost Recon Online
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.02.2013 17:55:49 | Computer Name = Wango90-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
[ System Events ]
Error - 28.02.2013 17:06:07 | Computer Name = Wango90-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 28.02.2013 17:08:53 | Computer Name = Wango90-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 28.02.2013 17:17:16 | Computer Name = Wango90-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 28.02.2013 17:19:00 | Computer Name = Wango90-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 28.02.2013 17:49:49 | Computer Name = Wango90-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 28.02.2013 17:55:37 | Computer Name = Wango90-PC | Source = amdsata | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden.
Error - 28.02.2013 17:55:44 | Computer Name = Wango90-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 28.02.2013 17:55:52 | Computer Name = Wango90-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 01.03.2013 02:37:27 | Computer Name = Wango90-PC | Source = DCOM | ID = 10001
Description =
< End of report >
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:33 on 01/03/2013 (Wango90)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter GMER 2.1.19115 - hxxp://www.gmer.net
Rootkit scan 2013-03-01 13:10:12
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\00000058 SAMSUNG_ rev.1AG0 1397,27GB
Running: gmer_2.1.19115.exe; Driver: C:\Users\Wango90\AppData\Local\Temp\uxliyfod.sys
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [1140:3532] 000007fee98d506c
Thread C:\Windows\system32\svchost.exe [1140:2764] 000007fef3b91ab0
Thread C:\Windows\system32\svchost.exe [1140:4948] 000007fef3ae4164
Thread C:\Windows\system32\svchost.exe [1140:4648] 000007fee8b7cb70
Thread C:\Windows\System32\spoolsv.exe [1508:2340] 000007fef7d410c8
Thread C:\Windows\System32\spoolsv.exe [1508:2344] 000007fef7d06144
Thread C:\Windows\System32\spoolsv.exe [1508:2348] 000007fef7af5fd0
Thread C:\Windows\System32\spoolsv.exe [1508:2352] 000007fef7ae3438
Thread C:\Windows\System32\spoolsv.exe [1508:2356] 000007fef7af63ec
Thread C:\Windows\System32\spoolsv.exe [1508:2364] 000007fef7fd5e5c
Thread C:\Windows\System32\spoolsv.exe [1508:2368] 000007fef807484c
Thread C:\Windows\System32\WUDFHost.exe [2020:3416] 000007fef1a924a0
---- EOF - GMER 2.1 ----
|
|
01.03.2013, 16:14
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Überall taucht Werbung auf! Hallo und
__________________ Zitat:
Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender? Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner? Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________ |
|
01.03.2013, 17:52
| #3 |
| | Überall taucht Werbung auf! Weiß ich selber nicht, aber das war schon vorinstalliert als ich den PC gekauft hatte.
__________________Logs hatte ich bis hierhinn keine. Gerade eben hab ich die hier gemacht, und alle Funde hab ich auch gelöscht: AVG (free edition) war nicht fündig. (weiß jetzt leider nicht wo ich den bericht finde) und hier der negative Bericht von Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.01.07 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Wango90 :: WANGO90-PC [Administrator] 01.03.2013 17:03:34 mbam-log-2013-03-01 (17-03-34).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 346339 Laufzeit: 47 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
02.03.2013, 01:21
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Überall taucht Werbung auf! Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
02.03.2013, 03:39
| #5 |
| | Überall taucht Werbung auf! MBAR war hatte keinen Fund, somit kam es nicht zum cleanup MBAR: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.02.01
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Wango90 :: WANGO90-PC [administrator]
02.03.2013 03:12:57
mbar-log-2013-03-02 (03-12-57).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28370
Time elapsed: 8 minute(s), 41 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-02 03:19:22
-----------------------------
03:19:22.285 OS Version: Windows x64 6.1.7600
03:19:22.285 Number of processors: 4 586 0x402
03:19:22.285 ComputerName: WANGO90-PC UserName: Wango90
03:19:29.447 Initialize success
03:21:02.750 AVAST engine defs: 13030100
03:22:50.613 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000059
03:22:50.618 Disk 0 Vendor: SAMSUNG_ 1AG0 Size: 1430799MB BusType: 11
03:22:50.632 Disk 0 MBR read successfully
03:22:50.638 Disk 0 MBR scan
03:22:50.646 Disk 0 Windows 7 default MBR code
03:22:50.662 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 500 MB offset 2048
03:22:50.686 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1422105 MB offset 1026048
03:22:50.720 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 8192 MB offset 2913497088
03:22:50.781 Disk 0 scanning C:\Windows\system32\drivers
03:22:59.621 Service scanning
03:23:17.007 Modules scanning
03:23:17.024 Disk 0 trace - called modules:
03:23:17.045 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys ACPI.sys storport.sys hal.dll amdsata.sys
03:23:17.054 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a24790]
03:23:17.059 3 CLASSPNP.SYS[fffff880019cc43f] -> nt!IofCallDriver -> [0xfffffa8003a1d690]
03:23:17.064 5 amdxata.sys[fffff880010878b9] -> nt!IofCallDriver -> [0xfffffa80048cda30]
03:23:17.069 7 ACPI.sys[fffff88000efb781] -> nt!IofCallDriver -> \Device\00000059[0xfffffa80048c99c0]
03:23:25.776 AVAST engine scan C:\Windows
03:23:38.431 AVAST engine scan C:\Windows\system32
03:27:29.395 AVAST engine scan C:\Windows\system32\drivers
03:28:03.531 AVAST engine scan C:\Users\Wango90
03:31:05.874 AVAST engine scan C:\ProgramData
03:31:18.757 Scan finished successfully
03:31:54.872 Disk 0 MBR has been saved successfully to "C:\Users\Wango90\Desktop\MBR.dat"
03:31:54.883 The log file has been saved successfully to "C:\Users\Wango90\Desktop\aswMBR.txt"
Code:
ATTFilter 03:35:52.0408 6648 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
03:35:52.0568 6648 ============================================================
03:35:52.0569 6648 Current date / time: 2013/03/02 03:35:52.0568
03:35:52.0569 6648 SystemInfo:
03:35:52.0569 6648
03:35:52.0569 6648 OS Version: 6.1.7600 ServicePack: 0.0
03:35:52.0569 6648 Product type: Workstation
03:35:52.0569 6648 ComputerName: WANGO90-PC
03:35:52.0569 6648 UserName: Wango90
03:35:52.0569 6648 Windows directory: C:\Windows
03:35:52.0569 6648 System windows directory: C:\Windows
03:35:52.0569 6648 Running under WOW64
03:35:52.0569 6648 Processor architecture: Intel x64
03:35:52.0569 6648 Number of processors: 4
03:35:52.0569 6648 Page size: 0x1000
03:35:52.0570 6648 Boot type: Normal boot
03:35:52.0570 6648 ============================================================
03:35:53.0955 6648 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C5B8D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
03:35:54.0018 6648 ============================================================
03:35:54.0018 6648 \Device\Harddisk0\DR0:
03:35:54.0018 6648 MBR partitions:
03:35:54.0018 6648 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xFA000
03:35:54.0018 6648 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xFA800, BlocksNum 0xAD98C800
03:35:54.0018 6648 ============================================================
03:35:54.0061 6648 C: <-> \Device\Harddisk0\DR0\Partition2
03:35:54.0061 6648 ============================================================
03:35:54.0061 6648 Initialize success
03:35:54.0061 6648 ============================================================
03:37:15.0577 6964 ============================================================
03:37:15.0577 6964 Scan started
03:37:15.0577 6964 Mode: Manual; SigCheck; TDLFS;
03:37:15.0577 6964 ============================================================
03:37:16.0446 6964 ================ Scan system memory ========================
03:37:16.0446 6964 System memory - ok
03:37:16.0447 6964 ================ Scan services =============================
03:37:16.0704 6964 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
03:37:16.0958 6964 1394ohci - ok
03:37:16.0975 6964 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
03:37:16.0995 6964 ACPI - ok
03:37:17.0010 6964 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
03:37:17.0082 6964 AcpiPmi - ok
03:37:17.0150 6964 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
03:37:17.0176 6964 AdobeARMservice - ok
03:37:17.0327 6964 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
03:37:17.0338 6964 AdobeFlashPlayerUpdateSvc - ok
03:37:17.0363 6964 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
03:37:17.0378 6964 adp94xx - ok
03:37:17.0392 6964 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
03:37:17.0405 6964 adpahci - ok
03:37:17.0423 6964 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
03:37:17.0434 6964 adpu320 - ok
03:37:17.0486 6964 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
03:37:17.0702 6964 AeLookupSvc - ok
03:37:17.0760 6964 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
03:37:17.0859 6964 AFD - ok
03:37:17.0895 6964 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
03:37:17.0922 6964 agp440 - ok
03:37:17.0936 6964 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
03:37:18.0056 6964 ALG - ok
03:37:18.0084 6964 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
03:37:18.0106 6964 aliide - ok
03:37:18.0141 6964 [ 603358D65A9ABF0DA21BB99A32D14C44 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
03:37:18.0235 6964 AMD External Events Utility - ok
03:37:18.0308 6964 AMD FUEL Service - ok
03:37:18.0328 6964 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
03:37:18.0357 6964 amdide - ok
03:37:18.0383 6964 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
03:37:18.0430 6964 AmdK8 - ok
03:37:18.0627 6964 [ 2FE0FD18358C4F58B70BC008324A971D ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
03:37:18.0807 6964 amdkmdag - ok
03:37:18.0836 6964 [ A28AA0D1F6B7D5FB1932A0D72B492BFF ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
03:37:18.0872 6964 amdkmdap - ok
03:37:18.0895 6964 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
03:37:18.0915 6964 AmdPPM - ok
03:37:18.0941 6964 [ 12A5062C06E03FF70DB47800F91C7A13 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
03:37:18.0949 6964 amdsata - ok
03:37:18.0973 6964 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
03:37:18.0984 6964 amdsbs - ok
03:37:18.0996 6964 [ 8A7F289B45CEACAC761E14D5FAC59EB9 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
03:37:19.0002 6964 amdxata - ok
03:37:19.0044 6964 [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
03:37:19.0051 6964 AODDriver4.2 - ok
03:37:19.0089 6964 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
03:37:19.0185 6964 AppID - ok
03:37:19.0215 6964 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
03:37:19.0288 6964 AppIDSvc - ok
03:37:19.0302 6964 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
03:37:19.0337 6964 Appinfo - ok
03:37:19.0369 6964 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
03:37:19.0401 6964 AppMgmt - ok
03:37:19.0416 6964 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
03:37:19.0427 6964 arc - ok
03:37:19.0431 6964 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
03:37:19.0442 6964 arcsas - ok
03:37:19.0465 6964 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
03:37:19.0512 6964 AsyncMac - ok
03:37:19.0530 6964 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
03:37:19.0540 6964 atapi - ok
03:37:19.0563 6964 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
03:37:19.0572 6964 AtiHDAudioService - ok
03:37:19.0589 6964 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
03:37:19.0596 6964 AtiPcie - ok
03:37:19.0630 6964 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
03:37:19.0670 6964 AudioEndpointBuilder - ok
03:37:19.0679 6964 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
03:37:19.0709 6964 AudioSrv - ok
03:37:19.0886 6964 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
03:37:19.0992 6964 AVGIDSAgent - ok
03:37:20.0013 6964 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
03:37:20.0023 6964 AVGIDSDriver - ok
03:37:20.0040 6964 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
03:37:20.0047 6964 AVGIDSHA - ok
03:37:20.0075 6964 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
03:37:20.0085 6964 Avgldx64 - ok
03:37:20.0112 6964 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
03:37:20.0122 6964 Avgloga - ok
03:37:20.0137 6964 [ 841C40C193889730848849AC220D9242 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
03:37:20.0145 6964 Avgmfx64 - ok
03:37:20.0168 6964 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
03:37:20.0176 6964 Avgrkx64 - ok
03:37:20.0186 6964 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
03:37:20.0196 6964 Avgtdia - ok
03:37:20.0218 6964 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
03:37:20.0228 6964 avgwd - ok
03:37:20.0250 6964 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
03:37:20.0344 6964 AxInstSV - ok
03:37:20.0393 6964 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
03:37:20.0433 6964 b06bdrv - ok
03:37:20.0484 6964 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
03:37:20.0542 6964 b57nd60a - ok
03:37:20.0581 6964 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
03:37:20.0628 6964 BDESVC - ok
03:37:20.0650 6964 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
03:37:20.0742 6964 Beep - ok
03:37:20.0777 6964 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
03:37:20.0842 6964 BFE - ok
03:37:20.0882 6964 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
03:37:20.0953 6964 BITS - ok
03:37:20.0973 6964 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
03:37:20.0997 6964 blbdrive - ok
03:37:21.0026 6964 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
03:37:21.0077 6964 bowser - ok
03:37:21.0091 6964 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
03:37:21.0131 6964 BrFiltLo - ok
03:37:21.0142 6964 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
03:37:21.0154 6964 BrFiltUp - ok
03:37:21.0185 6964 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
03:37:21.0228 6964 BridgeMP - ok
03:37:21.0252 6964 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
03:37:21.0281 6964 Browser - ok
03:37:21.0304 6964 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
03:37:21.0357 6964 Brserid - ok
03:37:21.0373 6964 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
03:37:21.0396 6964 BrSerWdm - ok
03:37:21.0414 6964 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
03:37:21.0429 6964 BrUsbMdm - ok
03:37:21.0440 6964 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
03:37:21.0457 6964 BrUsbSer - ok
03:37:21.0472 6964 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
03:37:21.0497 6964 BTHMODEM - ok
03:37:21.0524 6964 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
03:37:21.0607 6964 bthserv - ok
03:37:21.0631 6964 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
03:37:21.0660 6964 cdfs - ok
03:37:21.0691 6964 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
03:37:21.0701 6964 cdrom - ok
03:37:21.0721 6964 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
03:37:21.0751 6964 CertPropSvc - ok
03:37:21.0767 6964 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
03:37:21.0791 6964 circlass - ok
03:37:21.0814 6964 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
03:37:21.0827 6964 CLFS - ok
03:37:21.0879 6964 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:37:21.0906 6964 clr_optimization_v2.0.50727_32 - ok
03:37:21.0964 6964 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
03:37:21.0994 6964 clr_optimization_v2.0.50727_64 - ok
03:37:22.0063 6964 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:37:22.0092 6964 clr_optimization_v4.0.30319_32 - ok
03:37:22.0131 6964 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
03:37:22.0145 6964 clr_optimization_v4.0.30319_64 - ok
03:37:22.0149 6964 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
03:37:22.0177 6964 CmBatt - ok
03:37:22.0190 6964 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
03:37:22.0203 6964 cmdide - ok
03:37:22.0226 6964 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
03:37:22.0313 6964 CNG - ok
03:37:22.0334 6964 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
03:37:22.0361 6964 Compbatt - ok
03:37:22.0389 6964 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
03:37:22.0412 6964 CompositeBus - ok
03:37:22.0431 6964 COMSysApp - ok
03:37:22.0449 6964 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
03:37:22.0461 6964 crcdisk - ok
03:37:22.0490 6964 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
03:37:22.0526 6964 CryptSvc - ok
03:37:22.0562 6964 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
03:37:22.0600 6964 CSC - ok
03:37:22.0624 6964 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
03:37:22.0665 6964 CscService - ok
03:37:22.0703 6964 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
03:37:22.0753 6964 DcomLaunch - ok
03:37:22.0778 6964 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
03:37:22.0861 6964 defragsvc - ok
03:37:22.0890 6964 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
03:37:22.0927 6964 DfsC - ok
03:37:22.0947 6964 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
03:37:23.0043 6964 Dhcp - ok
03:37:23.0082 6964 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
03:37:23.0168 6964 discache - ok
03:37:23.0270 6964 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
03:37:23.0314 6964 Disk - ok
03:37:23.0348 6964 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
03:37:23.0409 6964 Dnscache - ok
03:37:23.0450 6964 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
03:37:23.0495 6964 dot3svc - ok
03:37:23.0508 6964 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
03:37:23.0545 6964 DPS - ok
03:37:23.0583 6964 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
03:37:23.0592 6964 drmkaud - ok
03:37:23.0628 6964 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
03:37:23.0662 6964 dtsoftbus01 - ok
03:37:23.0712 6964 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
03:37:23.0775 6964 DXGKrnl - ok
03:37:23.0786 6964 EagleX64 - ok
03:37:23.0800 6964 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
03:37:23.0865 6964 EapHost - ok
03:37:23.0958 6964 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
03:37:24.0055 6964 ebdrv - ok
03:37:24.0083 6964 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
03:37:24.0124 6964 EFS - ok
03:37:24.0183 6964 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
03:37:24.0231 6964 ehRecvr - ok
03:37:24.0255 6964 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
03:37:24.0284 6964 ehSched - ok
03:37:24.0320 6964 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
03:37:24.0344 6964 elxstor - ok
03:37:24.0357 6964 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
03:37:24.0375 6964 ErrDev - ok
03:37:24.0419 6964 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
03:37:24.0480 6964 EventSystem - ok
03:37:24.0512 6964 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
03:37:24.0539 6964 exfat - ok
03:37:24.0553 6964 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
03:37:24.0593 6964 fastfat - ok
03:37:24.0637 6964 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
03:37:24.0708 6964 Fax - ok
03:37:24.0731 6964 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
03:37:24.0771 6964 fdc - ok
03:37:24.0787 6964 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
03:37:24.0864 6964 fdPHost - ok
03:37:24.0884 6964 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
03:37:24.0915 6964 FDResPub - ok
03:37:24.0931 6964 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
03:37:24.0939 6964 FileInfo - ok
03:37:24.0947 6964 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
03:37:24.0973 6964 Filetrace - ok
03:37:25.0060 6964 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
03:37:25.0090 6964 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
03:37:25.0090 6964 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
03:37:25.0103 6964 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
03:37:25.0115 6964 flpydisk - ok
03:37:25.0137 6964 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
03:37:25.0156 6964 FltMgr - ok
03:37:25.0195 6964 [ BC00505CFDA789ED3BE95D2FF38C4875 ] FontCache C:\Windows\system32\FntCache.dll
03:37:25.0237 6964 FontCache - ok
03:37:25.0279 6964 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
03:37:25.0302 6964 FontCache3.0.0.0 - ok
03:37:25.0315 6964 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
03:37:25.0328 6964 FsDepends - ok
03:37:25.0360 6964 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
03:37:25.0386 6964 Fs_Rec - ok
03:37:25.0425 6964 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
03:37:25.0469 6964 fvevol - ok
03:37:25.0497 6964 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
03:37:25.0518 6964 gagp30kx - ok
03:37:25.0551 6964 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
03:37:25.0598 6964 gpsvc - ok
03:37:25.0614 6964 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
03:37:25.0662 6964 hcw85cir - ok
03:37:25.0696 6964 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
03:37:25.0724 6964 HdAudAddService - ok
03:37:25.0743 6964 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
03:37:25.0782 6964 HDAudBus - ok
03:37:25.0791 6964 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
03:37:25.0834 6964 HidBatt - ok
03:37:25.0851 6964 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
03:37:25.0883 6964 HidBth - ok
03:37:25.0906 6964 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
03:37:25.0938 6964 HidIr - ok
03:37:25.0951 6964 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
03:37:26.0012 6964 hidserv - ok
03:37:26.0038 6964 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
03:37:26.0080 6964 HidUsb - ok
03:37:26.0114 6964 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
03:37:26.0186 6964 hkmsvc - ok
03:37:26.0203 6964 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
03:37:26.0239 6964 HomeGroupListener - ok
03:37:26.0269 6964 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
03:37:26.0283 6964 HomeGroupProvider - ok
03:37:26.0298 6964 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
03:37:26.0308 6964 HpSAMD - ok
03:37:26.0339 6964 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
03:37:26.0381 6964 HTTP - ok
03:37:26.0393 6964 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
03:37:26.0400 6964 hwpolicy - ok
03:37:26.0414 6964 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
03:37:26.0422 6964 i8042prt - ok
03:37:26.0449 6964 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
03:37:26.0462 6964 iaStorV - ok
03:37:26.0520 6964 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
03:37:26.0568 6964 idsvc - ok
03:37:26.0583 6964 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
03:37:26.0596 6964 iirsp - ok
03:37:26.0618 6964 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
03:37:26.0665 6964 IKEEXT - ok
03:37:26.0681 6964 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
03:37:26.0689 6964 intelide - ok
03:37:26.0708 6964 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
03:37:26.0726 6964 intelppm - ok
03:37:26.0743 6964 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
03:37:26.0784 6964 IPBusEnum - ok
03:37:26.0805 6964 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
03:37:26.0831 6964 IpFilterDriver - ok
03:37:26.0859 6964 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
03:37:26.0944 6964 iphlpsvc - ok
03:37:26.0957 6964 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
03:37:26.0974 6964 IPMIDRV - ok
03:37:26.0987 6964 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
03:37:27.0023 6964 IPNAT - ok
03:37:27.0037 6964 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
03:37:27.0048 6964 IRENUM - ok
03:37:27.0063 6964 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
03:37:27.0071 6964 isapnp - ok
03:37:27.0082 6964 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
03:37:27.0093 6964 iScsiPrt - ok
03:37:27.0114 6964 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
03:37:27.0122 6964 kbdclass - ok
03:37:27.0130 6964 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
03:37:27.0145 6964 kbdhid - ok
03:37:27.0159 6964 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
03:37:27.0167 6964 KeyIso - ok
03:37:27.0191 6964 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
03:37:27.0200 6964 KSecDD - ok
03:37:27.0204 6964 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
03:37:27.0214 6964 KSecPkg - ok
03:37:27.0226 6964 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
03:37:27.0251 6964 ksthunk - ok
03:37:27.0288 6964 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
03:37:27.0361 6964 KtmRm - ok
03:37:27.0386 6964 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
03:37:27.0453 6964 LanmanServer - ok
03:37:27.0480 6964 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
03:37:27.0529 6964 LanmanWorkstation - ok
03:37:27.0571 6964 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
03:37:27.0696 6964 lltdio - ok
03:37:27.0715 6964 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
03:37:27.0760 6964 lltdsvc - ok
03:37:27.0784 6964 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
03:37:27.0809 6964 lmhosts - ok
03:37:27.0834 6964 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
03:37:27.0843 6964 LSI_FC - ok
03:37:27.0854 6964 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
03:37:27.0862 6964 LSI_SAS - ok
03:37:27.0870 6964 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
03:37:27.0879 6964 LSI_SAS2 - ok
03:37:27.0883 6964 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
03:37:27.0891 6964 LSI_SCSI - ok
03:37:27.0909 6964 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
03:37:27.0955 6964 luafv - ok
03:37:27.0981 6964 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
03:37:27.0990 6964 Mcx2Svc - ok
03:37:28.0008 6964 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
03:37:28.0016 6964 megasas - ok
03:37:28.0032 6964 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
03:37:28.0044 6964 MegaSR - ok
03:37:28.0060 6964 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
03:37:28.0102 6964 MMCSS - ok
03:37:28.0118 6964 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
03:37:28.0143 6964 Modem - ok
03:37:28.0152 6964 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
03:37:28.0174 6964 monitor - ok
03:37:28.0191 6964 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
03:37:28.0199 6964 mouclass - ok
03:37:28.0215 6964 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
03:37:28.0228 6964 mouhid - ok
03:37:28.0242 6964 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
03:37:28.0251 6964 mountmgr - ok
03:37:28.0290 6964 [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
03:37:28.0335 6964 MozillaMaintenance - ok
03:37:28.0349 6964 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
03:37:28.0364 6964 mpio - ok
03:37:28.0384 6964 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
03:37:28.0442 6964 mpsdrv - ok
03:37:28.0473 6964 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
03:37:28.0515 6964 MpsSvc - ok
03:37:28.0532 6964 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
03:37:28.0552 6964 MRxDAV - ok
03:37:28.0570 6964 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
03:37:28.0604 6964 mrxsmb - ok
03:37:28.0627 6964 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
03:37:28.0648 6964 mrxsmb10 - ok
03:37:28.0668 6964 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
03:37:28.0708 6964 mrxsmb20 - ok
03:37:28.0737 6964 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
03:37:28.0750 6964 msahci - ok
03:37:28.0755 6964 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
03:37:28.0771 6964 msdsm - ok
03:37:28.0784 6964 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
03:37:28.0800 6964 MSDTC - ok
03:37:28.0839 6964 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
03:37:28.0889 6964 Msfs - ok
03:37:28.0913 6964 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
03:37:29.0024 6964 mshidkmdf - ok
03:37:29.0040 6964 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
03:37:29.0050 6964 msisadrv - ok
03:37:29.0087 6964 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
03:37:29.0159 6964 MSiSCSI - ok
03:37:29.0163 6964 msiserver - ok
03:37:29.0183 6964 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
03:37:29.0247 6964 MSKSSRV - ok
03:37:29.0259 6964 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
03:37:29.0284 6964 MSPCLOCK - ok
03:37:29.0297 6964 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
03:37:29.0331 6964 MSPQM - ok
03:37:29.0354 6964 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
03:37:29.0367 6964 MsRPC - ok
03:37:29.0375 6964 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
03:37:29.0383 6964 mssmbios - ok
03:37:29.0393 6964 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
03:37:29.0418 6964 MSTEE - ok
03:37:29.0428 6964 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
03:37:29.0446 6964 MTConfig - ok
03:37:29.0460 6964 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
03:37:29.0468 6964 Mup - ok
03:37:29.0499 6964 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
03:37:29.0589 6964 napagent - ok
03:37:29.0612 6964 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
03:37:29.0638 6964 NativeWifiP - ok
03:37:29.0677 6964 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
03:37:29.0726 6964 NDIS - ok
03:37:29.0751 6964 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
03:37:29.0791 6964 NdisCap - ok
03:37:29.0809 6964 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
03:37:29.0842 6964 NdisTapi - ok
03:37:29.0862 6964 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
03:37:29.0897 6964 Ndisuio - ok
03:37:29.0915 6964 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
03:37:29.0941 6964 NdisWan - ok
03:37:29.0951 6964 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
03:37:29.0992 6964 NDProxy - ok
03:37:30.0004 6964 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
03:37:30.0028 6964 NetBIOS - ok
03:37:30.0042 6964 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
03:37:30.0082 6964 NetBT - ok
03:37:30.0101 6964 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
03:37:30.0109 6964 Netlogon - ok
03:37:30.0139 6964 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
03:37:30.0228 6964 Netman - ok
03:37:30.0237 6964 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
03:37:30.0275 6964 netprofm - ok
03:37:30.0304 6964 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
03:37:30.0312 6964 NetTcpPortSharing - ok
03:37:30.0338 6964 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
03:37:30.0346 6964 nfrd960 - ok
03:37:30.0361 6964 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
03:37:30.0400 6964 NlaSvc - ok
03:37:30.0409 6964 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
03:37:30.0441 6964 Npfs - ok
03:37:30.0467 6964 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
03:37:30.0499 6964 nsi - ok
03:37:30.0506 6964 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
03:37:30.0548 6964 nsiproxy - ok
03:37:30.0610 6964 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
03:37:30.0659 6964 Ntfs - ok
03:37:30.0664 6964 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
03:37:30.0726 6964 Null - ok
03:37:30.0749 6964 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
03:37:30.0759 6964 nvraid - ok
03:37:30.0782 6964 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
03:37:30.0792 6964 nvstor - ok
03:37:30.0810 6964 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
03:37:30.0819 6964 nv_agp - ok
03:37:30.0837 6964 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
03:37:30.0874 6964 ohci1394 - ok
03:37:30.0932 6964 [ 2B8E4C792BED0E5882702720BC528AE5 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
03:37:30.0967 6964 ose - ok
03:37:31.0133 6964 [ FE9C0029E1AF26350D9985D00520E5C8 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
03:37:31.0225 6964 osppsvc - ok
03:37:31.0248 6964 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
03:37:31.0276 6964 p2pimsvc - ok
03:37:31.0302 6964 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
03:37:31.0316 6964 p2psvc - ok
03:37:31.0329 6964 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
03:37:31.0338 6964 Parport - ok
03:37:31.0354 6964 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
03:37:31.0362 6964 partmgr - ok
03:37:31.0373 6964 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
03:37:31.0398 6964 PcaSvc - ok
03:37:31.0414 6964 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
03:37:31.0425 6964 pci - ok
03:37:31.0433 6964 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
03:37:31.0441 6964 pciide - ok
03:37:31.0461 6964 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
03:37:31.0472 6964 pcmcia - ok
03:37:31.0484 6964 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
03:37:31.0493 6964 pcw - ok
03:37:31.0512 6964 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
03:37:31.0557 6964 PEAUTH - ok
03:37:31.0608 6964 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
03:37:31.0640 6964 PeerDistSvc - ok
03:37:31.0791 6964 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
03:37:31.0838 6964 PerfHost - ok
03:37:31.0883 6964 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
03:37:31.0936 6964 pla - ok
03:37:31.0982 6964 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
03:37:32.0049 6964 PlugPlay - ok
03:37:32.0075 6964 PnkBstrA - ok
03:37:32.0086 6964 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
03:37:32.0131 6964 PNRPAutoReg - ok
03:37:32.0167 6964 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
03:37:32.0183 6964 PNRPsvc - ok
03:37:32.0217 6964 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
03:37:32.0268 6964 PolicyAgent - ok
03:37:32.0287 6964 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
03:37:32.0314 6964 Power - ok
03:37:32.0345 6964 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
03:37:32.0405 6964 PptpMiniport - ok
03:37:32.0428 6964 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
03:37:32.0461 6964 Processor - ok
03:37:32.0500 6964 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
03:37:32.0535 6964 ProfSvc - ok
03:37:32.0545 6964 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
03:37:32.0558 6964 ProtectedStorage - ok
03:37:32.0563 6964 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
03:37:32.0618 6964 Psched - ok
03:37:32.0650 6964 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
03:37:32.0681 6964 ql2300 - ok
03:37:32.0696 6964 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
03:37:32.0705 6964 ql40xx - ok
03:37:32.0718 6964 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
03:37:32.0744 6964 QWAVE - ok
03:37:32.0758 6964 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
03:37:32.0786 6964 QWAVEdrv - ok
03:37:32.0805 6964 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
03:37:32.0840 6964 RasAcd - ok
03:37:32.0871 6964 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
03:37:32.0895 6964 RasAgileVpn - ok
03:37:32.0902 6964 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
03:37:32.0939 6964 RasAuto - ok
03:37:32.0953 6964 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
03:37:32.0989 6964 Rasl2tp - ok
03:37:33.0012 6964 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
03:37:33.0050 6964 RasMan - ok
03:37:33.0064 6964 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
03:37:33.0105 6964 RasPppoe - ok
03:37:33.0118 6964 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
03:37:33.0144 6964 RasSstp - ok
03:37:33.0166 6964 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
03:37:33.0202 6964 rdbss - ok
03:37:33.0217 6964 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
03:37:33.0227 6964 rdpbus - ok
03:37:33.0239 6964 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
03:37:33.0263 6964 RDPCDD - ok
03:37:33.0284 6964 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
03:37:33.0310 6964 RDPDR - ok
03:37:33.0335 6964 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
03:37:33.0369 6964 RDPENCDD - ok
03:37:33.0380 6964 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
03:37:33.0404 6964 RDPREFMP - ok
03:37:33.0430 6964 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
03:37:33.0460 6964 RDPWD - ok
03:37:33.0477 6964 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
03:37:33.0488 6964 rdyboost - ok
03:37:33.0522 6964 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
03:37:33.0607 6964 RemoteAccess - ok
03:37:33.0626 6964 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
03:37:33.0654 6964 RemoteRegistry - ok
03:37:33.0680 6964 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
03:37:33.0707 6964 RpcEptMapper - ok
03:37:33.0718 6964 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
03:37:33.0727 6964 RpcLocator - ok
03:37:33.0751 6964 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
03:37:33.0780 6964 RpcSs - ok
03:37:33.0794 6964 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
03:37:33.0825 6964 rspndr - ok
03:37:33.0880 6964 [ 7F4F11527AF5A7E4526CB6A146B3E40C ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
03:37:33.0919 6964 RTL8167 - ok
03:37:33.0942 6964 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
03:37:33.0995 6964 s3cap - ok
03:37:34.0016 6964 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
03:37:34.0028 6964 SamSs - ok
03:37:34.0042 6964 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
03:37:34.0056 6964 sbp2port - ok
03:37:34.0076 6964 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
03:37:34.0185 6964 SCardSvr - ok
03:37:34.0201 6964 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
03:37:34.0242 6964 scfilter - ok
03:37:34.0283 6964 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
03:37:34.0338 6964 Schedule - ok
03:37:34.0363 6964 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
03:37:34.0389 6964 SCPolicySvc - ok
03:37:34.0403 6964 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
03:37:34.0450 6964 SDRSVC - ok
03:37:34.0472 6964 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
03:37:34.0539 6964 secdrv - ok
03:37:34.0550 6964 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
03:37:34.0588 6964 seclogon - ok
03:37:34.0604 6964 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
03:37:34.0636 6964 SENS - ok
03:37:34.0645 6964 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
03:37:34.0688 6964 SensrSvc - ok
03:37:34.0716 6964 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
03:37:34.0747 6964 Serenum - ok
03:37:34.0765 6964 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
03:37:34.0779 6964 Serial - ok
03:37:34.0790 6964 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
03:37:34.0802 6964 sermouse - ok
03:37:34.0828 6964 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
03:37:34.0871 6964 SessionEnv - ok
03:37:34.0884 6964 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
03:37:34.0905 6964 sffdisk - ok
03:37:34.0917 6964 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
03:37:34.0932 6964 sffp_mmc - ok
03:37:34.0948 6964 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
03:37:34.0964 6964 sffp_sd - ok
03:37:34.0980 6964 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
03:37:34.0988 6964 sfloppy - ok
03:37:35.0007 6964 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
03:37:35.0044 6964 SharedAccess - ok
03:37:35.0072 6964 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
03:37:35.0116 6964 ShellHWDetection - ok
03:37:35.0125 6964 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
03:37:35.0138 6964 SiSRaid2 - ok
03:37:35.0143 6964 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
03:37:35.0157 6964 SiSRaid4 - ok
03:37:35.0183 6964 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
03:37:35.0233 6964 Smb - ok
03:37:35.0255 6964 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
03:37:35.0265 6964 SNMPTRAP - ok
03:37:35.0280 6964 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
03:37:35.0287 6964 spldr - ok
03:37:35.0330 6964 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
03:37:35.0414 6964 Spooler - ok
03:37:35.0509 6964 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
03:37:35.0581 6964 sppsvc - ok
03:37:35.0611 6964 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
03:37:35.0638 6964 sppuinotify - ok
03:37:35.0670 6964 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
03:37:35.0718 6964 srv - ok
03:37:35.0755 6964 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
03:37:35.0800 6964 srv2 - ok
03:37:35.0819 6964 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
03:37:35.0833 6964 srvnet - ok
03:37:35.0862 6964 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
03:37:35.0918 6964 SSDPSRV - ok
03:37:35.0938 6964 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
03:37:35.0964 6964 SstpSvc - ok
03:37:35.0991 6964 Steam Client Service - ok
03:37:36.0020 6964 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
03:37:36.0047 6964 stexstor - ok
03:37:36.0101 6964 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
03:37:36.0157 6964 stisvc - ok
03:37:36.0181 6964 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
03:37:36.0194 6964 storflt - ok
03:37:36.0214 6964 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
03:37:36.0241 6964 StorSvc - ok
03:37:36.0251 6964 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
03:37:36.0264 6964 storvsc - ok
03:37:36.0276 6964 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
03:37:36.0285 6964 swenum - ok
03:37:36.0313 6964 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
03:37:36.0352 6964 swprv - ok
03:37:36.0390 6964 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
03:37:36.0425 6964 SysMain - ok
03:37:36.0443 6964 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
03:37:36.0493 6964 TabletInputService - ok
03:37:36.0511 6964 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
03:37:36.0572 6964 TapiSrv - ok
03:37:36.0598 6964 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
03:37:36.0624 6964 TBS - ok
03:37:36.0686 6964 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
03:37:36.0738 6964 Tcpip - ok
03:37:36.0773 6964 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
03:37:36.0801 6964 TCPIP6 - ok
03:37:36.0815 6964 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
03:37:36.0840 6964 tcpipreg - ok
03:37:36.0853 6964 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
03:37:36.0872 6964 TDPIPE - ok
03:37:36.0891 6964 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
03:37:36.0926 6964 TDTCP - ok
03:37:36.0950 6964 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
03:37:37.0021 6964 tdx - ok
03:37:37.0039 6964 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
03:37:37.0047 6964 TermDD - ok
03:37:37.0074 6964 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
03:37:37.0113 6964 TermService - ok
03:37:37.0130 6964 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
03:37:37.0171 6964 Themes - ok
03:37:37.0195 6964 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
03:37:37.0236 6964 THREADORDER - ok
03:37:37.0241 6964 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
03:37:37.0278 6964 TrkWks - ok
03:37:37.0324 6964 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
03:37:37.0346 6964 TrustedInstaller - ok
03:37:37.0360 6964 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
03:37:37.0408 6964 tssecsrv - ok
03:37:37.0437 6964 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
03:37:37.0485 6964 tunnel - ok
03:37:37.0496 6964 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
03:37:37.0504 6964 uagp35 - ok
03:37:37.0523 6964 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
03:37:37.0593 6964 udfs - ok
03:37:37.0613 6964 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
03:37:37.0652 6964 UI0Detect - ok
03:37:37.0676 6964 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
03:37:37.0689 6964 uliagpkx - ok
03:37:37.0709 6964 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
03:37:37.0732 6964 umbus - ok
03:37:37.0748 6964 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
03:37:37.0760 6964 UmPass - ok
03:37:37.0783 6964 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
03:37:37.0811 6964 UmRdpService - ok
03:37:37.0825 6964 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
03:37:37.0872 6964 upnphost - ok
03:37:37.0905 6964 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
03:37:37.0958 6964 usbccgp - ok
03:37:37.0978 6964 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
03:37:38.0008 6964 usbcir - ok
03:37:38.0021 6964 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
03:37:38.0033 6964 usbehci - ok
03:37:38.0057 6964 [ 6648C6D7323A2CE0C4776C36CEFBCB14 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
03:37:38.0068 6964 usbfilter - ok
03:37:38.0086 6964 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
03:37:38.0112 6964 usbhub - ok
03:37:38.0126 6964 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
03:37:38.0138 6964 usbohci - ok
03:37:38.0151 6964 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
03:37:38.0167 6964 usbprint - ok
03:37:38.0181 6964 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
03:37:38.0218 6964 USBSTOR - ok
03:37:38.0236 6964 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
03:37:38.0261 6964 usbuhci - ok
03:37:38.0281 6964 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
03:37:38.0322 6964 UxSms - ok
03:37:38.0329 6964 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
03:37:38.0342 6964 VaultSvc - ok
03:37:38.0353 6964 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
03:37:38.0366 6964 vdrvroot - ok
03:37:38.0395 6964 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
03:37:38.0434 6964 vds - ok
03:37:38.0444 6964 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
03:37:38.0459 6964 vga - ok
03:37:38.0471 6964 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
03:37:38.0527 6964 VgaSave - ok
03:37:38.0546 6964 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
03:37:38.0557 6964 vhdmp - ok
03:37:38.0573 6964 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
03:37:38.0580 6964 viaide - ok
03:37:38.0613 6964 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
03:37:38.0624 6964 vmbus - ok
03:37:38.0633 6964 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
03:37:38.0647 6964 VMBusHID - ok
03:37:38.0663 6964 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
03:37:38.0671 6964 volmgr - ok
03:37:38.0688 6964 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
03:37:38.0701 6964 volmgrx - ok
03:37:38.0734 6964 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\drivers\volsnap.sys
03:37:38.0761 6964 volsnap - ok
03:37:38.0782 6964 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
03:37:38.0797 6964 vsmraid - ok
03:37:38.0830 6964 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
03:37:38.0871 6964 VSS - ok
03:37:38.0888 6964 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
03:37:38.0897 6964 vwifibus - ok
03:37:38.0910 6964 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
03:37:38.0940 6964 W32Time - ok
03:37:38.0953 6964 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
03:37:38.0976 6964 WacomPen - ok
03:37:39.0018 6964 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
03:37:39.0086 6964 WANARP - ok
03:37:39.0090 6964 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
03:37:39.0121 6964 Wanarpv6 - ok
03:37:39.0182 6964 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
03:37:39.0236 6964 WatAdminSvc - ok
03:37:39.0259 6964 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
03:37:39.0326 6964 wbengine - ok
03:37:39.0386 6964 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
03:37:39.0461 6964 WbioSrvc - ok
03:37:39.0559 6964 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
03:37:39.0712 6964 wcncsvc - ok
03:37:39.0737 6964 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
03:37:39.0784 6964 WcsPlugInService - ok
03:37:39.0797 6964 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
03:37:39.0822 6964 Wd - ok
03:37:39.0850 6964 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
03:37:39.0882 6964 Wdf01000 - ok
03:37:39.0892 6964 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
03:37:39.0946 6964 WdiServiceHost - ok
03:37:39.0949 6964 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
03:37:39.0969 6964 WdiSystemHost - ok
03:37:40.0004 6964 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
03:37:40.0081 6964 WebClient - ok
03:37:40.0102 6964 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
03:37:40.0189 6964 Wecsvc - ok
03:37:40.0210 6964 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
03:37:40.0258 6964 wercplsupport - ok
03:37:40.0278 6964 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
03:37:40.0326 6964 WerSvc - ok
03:37:40.0356 6964 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
03:37:40.0380 6964 WfpLwf - ok
03:37:40.0397 6964 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
03:37:40.0405 6964 WIMMount - ok
03:37:40.0442 6964 WinDefend - ok
03:37:40.0445 6964 WinHttpAutoProxySvc - ok
03:37:40.0530 6964 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
03:37:40.0602 6964 Winmgmt - ok
03:37:40.0662 6964 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
03:37:40.0731 6964 WinRM - ok
03:37:40.0779 6964 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
03:37:40.0809 6964 WinUsb - ok
03:37:40.0844 6964 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
03:37:40.0890 6964 Wlansvc - ok
03:37:40.0899 6964 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
03:37:40.0926 6964 WmiAcpi - ok
03:37:40.0951 6964 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
03:37:40.0980 6964 wmiApSrv - ok
03:37:40.0997 6964 WMPNetworkSvc - ok
03:37:41.0014 6964 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
03:37:41.0044 6964 WPCSvc - ok
03:37:41.0056 6964 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
03:37:41.0099 6964 WPDBusEnum - ok
03:37:41.0103 6964 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
03:37:41.0148 6964 ws2ifsl - ok
03:37:41.0178 6964 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll
03:37:41.0212 6964 wscsvc - ok
03:37:41.0220 6964 WSearch - ok
03:37:41.0288 6964 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
03:37:41.0341 6964 wuauserv - ok
03:37:41.0356 6964 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
03:37:41.0372 6964 WudfPf - ok
03:37:41.0404 6964 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
03:37:41.0435 6964 WUDFRd - ok
03:37:41.0457 6964 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
03:37:41.0472 6964 wudfsvc - ok
03:37:41.0500 6964 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
03:37:41.0523 6964 WwanSvc - ok
03:37:41.0551 6964 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
03:37:41.0593 6964 xusb21 - ok
03:37:41.0619 6964 ================ Scan global ===============================
03:37:41.0643 6964 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
03:37:41.0664 6964 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
03:37:41.0682 6964 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
03:37:41.0710 6964 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
03:37:41.0756 6964 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
03:37:41.0766 6964 [Global] - ok
03:37:41.0767 6964 ================ Scan MBR ==================================
03:37:41.0782 6964 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
03:37:42.0401 6964 \Device\Harddisk0\DR0 - ok
03:37:42.0402 6964 ================ Scan VBR ==================================
03:37:42.0407 6964 [ 07AB18EFFC61F18C8D267AE1C5C15E28 ] \Device\Harddisk0\DR0\Partition1
03:37:42.0411 6964 \Device\Harddisk0\DR0\Partition1 - ok
03:37:42.0446 6964 [ 42BABEBACE388762D844D6945D257901 ] \Device\Harddisk0\DR0\Partition2
03:37:42.0450 6964 \Device\Harddisk0\DR0\Partition2 - ok
03:37:42.0452 6964 ============================================================
03:37:42.0452 6964 Scan finished
03:37:42.0452 6964 ============================================================
03:37:42.0475 8272 Detected object count: 1
03:37:42.0475 8272 Actual detected object count: 1
03:38:05.0280 8272 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
03:38:05.0280 8272 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
02.03.2013, 12:32
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Überall taucht Werbung auf! JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ --> Überall taucht Werbung auf! |
|
02.03.2013, 13:40
| #7 |
| | Überall taucht Werbung auf! so problem ist weiterhinn da hab jetzt auch mal ein pic gemacht wie es mit der werbeanzeige in fb aussieht bei wunsch hänge ich es gern an oder lade es hoch JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.6 (02.27.2013:1)
OS: Windows 7 Professional x64
Ran by Wango90 on 02.03.2013 at 12:56:36,43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ FireFox
Emptied folder: C:\Users\Wango90\AppData\Roaming\mozilla\firefox\profiles\s2xpq4a8.default\minidumps [1 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.03.2013 at 13:01:23,08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.113 - Datei am 02/03/2013 um 13:25:37 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Professional (64 bits)
# Benutzer : Wango90 - WANGO90-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Wango90\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\Wango90\AppData\Roaming\Mozilla\Firefox\Profiles\s2xpq4a8.default\jetpack
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0 (de)
Datei : C:\Users\Wango90\AppData\Roaming\Mozilla\Firefox\Profiles\s2xpq4a8.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [5516 octets] - [28/02/2013 21:31:15]
AdwCleaner[S2].txt - [879 octets] - [02/03/2013 13:25:37]
########## EOF - C:\AdwCleaner[S2].txt - [938 octets] ##########
Code:
ATTFilter OTL logfile created on: 02.03.2013 13:31:36 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wango90\Desktop 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 62,44% Memory free 7,99 Gb Paging File | 6,22 Gb Available in Paging File | 77,82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1388,77 Gb Total Space | 1225,41 Gb Free Space | 88,24% Space Free | Partition Type: NTFS Drive D: | 4,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: WANGO90-PC | User Name: Wango90 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Wango90\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\Program Files (x86)\Steam\SDL.dll () MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV - (AODDriver4.2) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 37 C0 D6 2E D7 09 CE 01 [binary data] IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.19 23:17:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.19 23:17:46 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.20 19:27:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wango90\AppData\Roaming\mozilla\Extensions [2013.02.16 20:34:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wango90\AppData\Roaming\mozilla\Firefox\Profiles\s2xpq4a8.default\extensions [2013.02.16 18:30:59 | 000,216,743 | ---- | M] () (No name found) -- C:\Users\Wango90\AppData\Roaming\mozilla\firefox\profiles\s2xpq4a8.default\extensions\freehdsport@freehdsport.tv.xpi [2013.01.19 16:35:28 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\Wango90\AppData\Roaming\mozilla\firefox\profiles\s2xpq4a8.default\extensions\torntv@torntv.com.xpi [2013.02.19 23:17:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.19 23:17:46 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000..\Run: [Akamai NetSession Interface] "C:\Users\Wango90\AppData\Local\Akamai\netsession_win.exe" File not found O4 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000 File not found O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\..Trusted Domains: aeriagames.com ([]http in Trusted sites) O15 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\..Trusted Domains: aeriagames.com ([]https in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{254C83CF-8C33-4842-93AF-592A0C7279AA}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\osf - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.02 12:52:41 | 000,547,491 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Wango90\Desktop\JRT.exe [2013.03.02 03:35:11 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Wango90\Desktop\tdsskiller.exe [2013.03.02 03:17:23 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Wango90\Desktop\aswMBR.exe [2013.03.02 03:03:05 | 000,000,000 | ---D | C] -- C:\Users\Wango90\Desktop\mbar [2013.03.01 16:32:40 | 000,000,000 | ---D | C] -- C:\Users\Wango90\AppData\Roaming\Malwarebytes [2013.03.01 16:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.01 16:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.01 16:32:26 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.01 16:32:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.01 16:32:14 | 000,000,000 | ---D | C] -- C:\Users\Wango90\AppData\Local\Programs [2013.02.28 23:04:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Wango90\Desktop\OTL.exe [2013.02.28 22:34:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.02.28 22:20:21 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.02.28 22:13:58 | 005,036,023 | R--- | C] (Swearware) -- C:\Users\Wango90\Desktop\ComboFix.exe [2013.02.28 22:02:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.02.28 22:02:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.02.28 22:02:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.02.28 21:59:08 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.02.28 21:58:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.02.28 21:48:06 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.02.28 21:47:46 | 000,000,000 | ---D | C] -- C:\JRT [2013.02.27 16:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2013.02.27 16:49:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared [2013.02.27 16:24:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO [2013.02.27 16:24:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UltraISO [2013.02.27 16:24:08 | 000,000,000 | ---D | C] -- C:\Users\Wango90\Documents\My ISO Files [2013.02.27 16:24:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EZB Systems [2013.02.26 12:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\OUTLAWS [2013.02.23 13:57:20 | 000,000,000 | ---D | C] -- C:\Webzen [2013.02.22 22:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetmarbleGlobal [2013.02.22 22:07:48 | 000,000,000 | ---D | C] -- C:\NetmarbleGlobal [2013.02.22 21:57:01 | 578,688,216 | ---- | C] (Acresso Software Inc. ) -- C:\Users\Wango90\Desktop\netmarble_d187_v1003_ver2_full_xfire.exe [2013.02.22 21:56:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2013.02.22 21:55:28 | 000,000,000 | ---D | C] -- C:\Users\Wango90\.swt [2013.02.22 15:06:50 | 000,000,000 | ---D | C] -- C:\Users\Wango90\Desktop\Kollegah_und_Farid_Bang-Jung_Brutal_Gutaussehend_2-Premium_Edition-DE-2013-NOiR [2013.02.22 03:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\eMule [2013.02.22 02:53:51 | 000,000,000 | ---D | C] -- C:\Users\Wango90\AppData\Roaming\vlc [2013.02.22 02:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.02.22 02:52:49 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2013.02.22 02:40:16 | 000,000,000 | ---D | C] -- C:\Users\Wango90\Desktop\Neuer Ordner (4) [2013.02.22 02:27:49 | 000,000,000 | ---D | C] -- C:\Users\Wango90\AppData\Local\Shareaza [2013.02.22 02:27:35 | 000,000,000 | ---D | C] -- C:\Users\Wango90\AppData\Roaming\Shareaza [2013.02.22 02:27:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shareaza [2013.02.22 02:15:00 | 000,000,000 | ---D | C] -- C:\Users\Wango90\FrostWire [2013.02.22 02:14:58 | 000,000,000 | ---D | C] -- C:\Users\Wango90\.frostwire5 [2013.02.19 23:17:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.16 20:36:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2013.02.16 18:30:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATDheNetTVApp.com [2013.02.14 03:01:25 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.02.14 03:01:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.02.14 03:01:25 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.02.14 03:01:25 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.02.14 03:01:24 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.02.14 03:01:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.02.14 03:01:23 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.02.14 03:01:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.02.14 03:01:23 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.02.14 03:01:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.02.14 03:01:22 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.02.14 03:01:22 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.02.14 03:01:21 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.02.14 03:01:21 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.02.14 03:01:21 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.02.13 11:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013.02.13 11:38:33 | 005,500,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.02.13 11:38:32 | 003,957,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.02.13 11:38:32 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.02.13 11:38:12 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.02.13 11:38:12 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.02.13 11:38:11 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.02.13 11:38:11 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.02.13 11:38:11 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.02.13 11:38:11 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.02.13 11:38:11 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.02.13 11:38:11 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.02.13 11:38:11 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.02.13 11:38:11 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.02.13 11:38:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.02.13 11:38:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.02.13 11:38:10 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.02.13 11:38:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.02.13 11:38:09 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.02.13 11:38:09 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.02.13 11:38:09 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.02.13 11:38:09 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.02.13 11:38:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.02.13 11:38:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.02.13 11:38:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.02.13 11:38:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.02.13 11:38:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.02.13 11:38:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.02.13 11:38:03 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.02.05 11:53:26 | 000,000,000 | ---D | C] -- C:\Users\Wango90\Desktop\Neuer Ordner (2) [2013.02.05 11:51:45 | 000,000,000 | ---D | C] -- C:\Users\Wango90\Desktop\ALLES ========== Files - Modified Within 30 Days ========== [2013.03.02 13:29:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.02 13:29:15 | 3218,202,624 | -HS- | M] () -- C:\hiberfil.sys [2013.03.02 13:24:43 | 000,594,019 | ---- | M] () -- C:\Users\Wango90\Desktop\adwcleaner.exe [2013.03.02 13:08:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.02 12:52:42 | 000,547,491 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Wango90\Desktop\JRT.exe [2013.03.02 03:35:12 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Wango90\Desktop\tdsskiller.exe [2013.03.02 03:31:54 | 000,000,512 | ---- | M] () -- C:\Users\Wango90\Desktop\MBR.dat [2013.03.02 03:18:41 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Wango90\Desktop\aswMBR.exe [2013.03.01 17:02:13 | 000,000,914 | ---- | M] () -- C:\Users\Wango90\Desktop\kkk.csv [2013.03.01 16:32:30 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.01 13:29:20 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.01 13:29:20 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.01 13:29:20 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.01 13:29:20 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.01 13:29:20 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.01 12:32:40 | 000,000,168 | ---- | M] () -- C:\Users\Wango90\defogger_reenable [2013.03.01 12:32:25 | 000,050,477 | ---- | M] () -- C:\Users\Wango90\Desktop\Defogger.exe [2013.02.28 23:04:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wango90\Desktop\OTL.exe [2013.02.28 22:55:49 | 000,371,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.28 22:14:04 | 005,036,023 | R--- | M] (Swearware) -- C:\Users\Wango90\Desktop\ComboFix.exe [2013.02.28 21:32:30 | 000,009,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.28 21:32:30 | 000,009,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.28 12:50:45 | 000,172,835 | ---- | M] () -- C:\Users\Wango90\Desktop\tumblr_m8o6g0gkUp1r7wh28o1_1280.jpg [2013.02.28 12:45:22 | 000,004,814 | ---- | M] () -- C:\Users\Wango90\Desktop\shisha_and_more.GIF [2013.02.27 16:24:11 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\UltraISO.lnk [2013.02.27 04:04:39 | 000,005,120 | ---- | M] () -- C:\Users\Wango90\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.02.26 23:08:48 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.02.26 23:08:48 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.02.22 22:07:01 | 578,688,216 | ---- | M] (Acresso Software Inc. ) -- C:\Users\Wango90\Desktop\netmarble_d187_v1003_ver2_full_xfire.exe [2013.02.22 16:49:30 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.02.22 16:49:30 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.02.22 13:15:00 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.02.22 02:53:16 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.02.13 11:39:27 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk ========== Files Created - No Company Name ========== [2013.03.02 13:24:42 | 000,594,019 | ---- | C] () -- C:\Users\Wango90\Desktop\adwcleaner.exe [2013.03.02 03:31:54 | 000,000,512 | ---- | C] () -- C:\Users\Wango90\Desktop\MBR.dat [2013.03.01 17:02:13 | 000,000,914 | ---- | C] () -- C:\Users\Wango90\Desktop\kkk.csv [2013.03.01 16:32:30 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.01 12:32:40 | 000,000,168 | ---- | C] () -- C:\Users\Wango90\defogger_reenable [2013.03.01 12:32:24 | 000,050,477 | ---- | C] () -- C:\Users\Wango90\Desktop\Defogger.exe [2013.02.28 22:02:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.02.28 22:02:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.02.28 22:02:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.02.28 22:02:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.02.28 22:02:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.02.28 12:50:45 | 000,172,835 | ---- | C] () -- C:\Users\Wango90\Desktop\tumblr_m8o6g0gkUp1r7wh28o1_1280.jpg [2013.02.28 12:45:17 | 000,004,814 | ---- | C] () -- C:\Users\Wango90\Desktop\shisha_and_more.GIF [2013.02.27 16:24:11 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\UltraISO.lnk [2013.02.23 02:22:55 | 000,005,120 | ---- | C] () -- C:\Users\Wango90\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.02.22 02:53:16 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.02.07 01:07:39 | 268,435,456 | ---- | C] () -- C:\Users\Wango90\Desktop\5589.nds [2013.02.05 11:36:54 | 067,108,864 | ---- | C] () -- C:\Users\Wango90\Desktop\Pokémon Diamant Edition.nds [2012.11.20 23:51:20 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.11.20 23:51:18 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.11.20 23:32:40 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.11.20 18:10:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.09.28 02:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.09.28 02:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 16 bytes -> C:\Users\Wango90\Downloads:Shareaza.GUID < End of report > Code:
ATTFilter OTL Extras logfile created on: 02.03.2013 13:31:36 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wango90\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 62,44% Memory free
7,99 Gb Paging File | 6,22 Gb Available in Paging File | 77,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1388,77 Gb Total Space | 1225,41 Gb Free Space | 88,24% Space Free | Partition Type: NTFS
Drive D: | 4,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: WANGO90-PC | User Name: Wango90 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1912176476-229640534-1509025152-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CE3D965F-1E25-4D47-AFBE-7A90565C3B58}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02CD3864-1F26-4D62-8BD0-F63BFCCB08C6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{0AE888FC-957F-46CC-B92C-ABB3191D7137}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{0DF4ACF9-2463-4397-B3FD-1EDD00E46223}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{13BF4763-F92B-4845-BE7E-C5DE42A0D19E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe |
"{173C40E6-D43C-48E9-BCE5-5F8AB7CE98F5}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe |
"{1A0B68CC-042C-41E9-8F84-8F82D733618E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe |
"{23646371-714B-4CF5-B3C9-43A0BCEE86EF}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe |
"{23D5FCB8-447A-4A6B-86A0-DEE6DF9B4485}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{248DB0B8-F428-4D2A-B889-833EC3348D57}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{27234DBF-1C2A-4048-AD86-A41E6ABE2B1B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{2B5C9793-C0EC-46ED-BA2F-545F9259FB54}" = protocol=6 | dir=in | app=c:\webzen\arcticcombat\system\arcticcombat.exe |
"{2F984ACB-C539-4245-A952-7C13531A782A}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe |
"{33D68D35-15BB-404C-AAD6-498A4D0B6AD2}" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 13\game\fifa13.exe |
"{3D8C6A59-EA1B-4AA9-B32A-5BE3B2B90152}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{45BF5F2D-17F3-474C-92D6-B58F998E4160}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{4BA22568-9A13-433E-A05C-07786ACB36FE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{4F94FF05-897F-45E1-B14B-506D18C0882F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{52728B53-FC91-4DE8-8CC5-D15C4A265B29}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{5D464D61-35F6-4116-AF90-191A16612CA4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{60856B82-5902-4512-BB7A-65DB9FD309D4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{65ED4986-291D-4183-9E4C-8B0438A26F78}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{6AC379CF-7EC1-4EC8-A698-31FC6F0CD156}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{73B06A35-3B1E-406C-B3CF-02A84525F5A1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{74350D88-16C2-460B-A2A1-4F0622ED4789}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{74BA5AEB-7CFC-4BC4-8663-7E185CA042A7}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{7B33B8FD-4268-45CA-B836-F8BEA1CCCD05}" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 13\game\fifa13.exe |
"{7BDA9AED-2217-4EAA-8FA1-0E839960E540}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe |
"{8A3164CC-7AC1-4BFA-B70C-D96FD2430818}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{8E8BF489-06D0-4990-BD77-553200DBEEDF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe |
"{8EF8EE83-AB78-4A3F-B82F-BD9FBEBA8F3E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{A0AF8C91-E2C9-4A7C-B136-5390868221AD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A1FE7794-9E33-4EED-9405-E13854F8E268}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{C8F1A035-EE5A-4B73-A9C5-8F892357710B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{D73F21D7-B7A6-4293-B1FE-AB72F3826476}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe |
"{DC303069-7D0A-47A6-97F2-32E55C4FCF0D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{E6AE3CC4-DDFF-4BBD-8306-780EA465DA42}" = protocol=17 | dir=in | app=c:\webzen\arcticcombat\system\arcticcombat.exe |
"{EF7DEDC6-D784-408A-8DC7-8EC5E61A78BE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{FD6EB6D2-4AEB-46AB-9C09-09C90E94D884}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"TCP Query User{075A59ED-600F-4F26-9065-35AC5797E3C4}C:\users\wango90\appdata\local\apps\2.0\o1mvxy83.trq\wrb4pnza.e8b\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe" = protocol=6 | dir=in | app=c:\users\wango90\appdata\local\apps\2.0\o1mvxy83.trq\wrb4pnza.e8b\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe |
"TCP Query User{19314820-EC5B-4078-9986-F86C9BA8CD4D}C:\program files (x86)\atdhenettvapp.com\atdhenettvapp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\atdhenettvapp.com\atdhenettvapp.exe |
"TCP Query User{2320CBB0-E27F-4D01-9B53-7421EE6E62AB}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"TCP Query User{6BF4660E-7741-48CC-AA74-B1E56B129C98}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{ACA4FDC6-23CD-45DF-B258-F0841D65DB53}C:\users\wango90\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\wango90\appdata\local\akamai\netsession_win.exe |
"TCP Query User{BB9BA315-FE56-46B7-B401-EB7AA77B37F6}C:\users\wango90\appdata\local\apps\2.0\o1mvxy83.trq\wrb4pnza.e8b\laun...app_59711684aa47878d_0001.001d_82c2447510b53390\launcher.exe" = protocol=6 | dir=in | app=c:\users\wango90\appdata\local\apps\2.0\o1mvxy83.trq\wrb4pnza.e8b\laun...app_59711684aa47878d_0001.001d_82c2447510b53390\launcher.exe |
"TCP Query User{DCE7D546-AB65-4B28-866E-917EA8C0195B}C:\ubisoft\ghost recon online\pdc-live\ghostrecononline.exe" = protocol=6 | dir=in | app=c:\ubisoft\ghost recon online\pdc-live\ghostrecononline.exe |
"UDP Query User{048D149B-0377-47C3-B43A-0FF06A75C683}C:\users\wango90\appdata\local\apps\2.0\o1mvxy83.trq\wrb4pnza.e8b\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe" = protocol=17 | dir=in | app=c:\users\wango90\appdata\local\apps\2.0\o1mvxy83.trq\wrb4pnza.e8b\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe |
"UDP Query User{2A04A0F4-0ED0-43B7-A523-3338B8CCEE66}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{7A2AB41B-D70C-42E2-82D9-AEA77A7BC73C}C:\ubisoft\ghost recon online\pdc-live\ghostrecononline.exe" = protocol=17 | dir=in | app=c:\ubisoft\ghost recon online\pdc-live\ghostrecononline.exe |
"UDP Query User{9CC25FBC-E637-4411-A698-473A6143E705}C:\program files (x86)\atdhenettvapp.com\atdhenettvapp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\atdhenettvapp.com\atdhenettvapp.exe |
"UDP Query User{A964C138-E72E-4879-A65E-8ABA25C3D8C6}C:\users\wango90\appdata\local\apps\2.0\o1mvxy83.trq\wrb4pnza.e8b\laun...app_59711684aa47878d_0001.001d_82c2447510b53390\launcher.exe" = protocol=17 | dir=in | app=c:\users\wango90\appdata\local\apps\2.0\o1mvxy83.trq\wrb4pnza.e8b\laun...app_59711684aa47878d_0001.001d_82c2447510b53390\launcher.exe |
"UDP Query User{B3DB4DE3-0875-440F-9278-F7CB29BCFF3D}C:\users\wango90\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\wango90\appdata\local\akamai\netsession_win.exe |
"UDP Query User{B7B0C93B-4F82-4D3D-BCEE-799E62604BB8}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0407893F-352C-B182-E04A-A8C3333DA29B}" = AMD Drag and Drop Transcoding
"{065B40C5-5F4C-9CF1-7A21-2B2EAA74E44D}" = AMD Fuel
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5BA8D4F0-C15F-57FE-2B6C-C4AF214833CE}" = AMD Accelerated Video Transcoding
"{90150000-002A-0000-1000-0000000FF1CE}" = Microsoft Office 64-bit Components 2013
"{90150000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2013
"{9064F37C-66B4-BAF2-E8A7-EDE5E72BB16D}" = AMD Media Foundation Decoders
"{9F0D08A0-5623-4EF6-A513-40048E20C4E0}" = AVG 2013
"{BECAA3A9-CC5A-615C-5FF5-F5261E153CF0}" = ccc-utility64
"{D9B7744C-1C39-49B8-86B3-F930631B4FE2}" = AVG 2013
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F436A08B-63BB-72A2-17C0-6D8E5182CA49}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{12E777A1-74B6-AD5A-D2CD-C792464E425B}" = CCC Help Turkish
"{2B8D8529-DA80-74D8-4898-DAA028746E08}" = CCC Help Korean
"{34E7E124-7AA8-1274-1BA2-90CBD7F6B708}" = CCC Help Thai
"{3C912BF1-73FE-B493-C7D6-04EBF14F57A2}" = CCC Help Portuguese
"{549FACD7-A5F5-6EA8-7A19-8F7E8CE282A7}" = Catalyst Control Center Localization All
"{5753C527-E2AA-2B8B-AFD1-D4325A0A44B4}" = CCC Help Chinese Standard
"{613C67FF-E71D-124A-6380-E0E77F9438F7}" = CCC Help Polish
"{632B73D1-C23A-0BD4-FBE2-175B680876A9}" = CCC Help Norwegian
"{659F48FB-0A8A-49A1-3FD2-C6F069C10893}" = Catalyst Control Center Graphics Previews Common
"{70CEC2B6-BE72-E9B1-D6B8-C1A3CA170D1F}" = Catalyst Control Center InstallProxy
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74A3C7EE-10A4-EA61-AC31-335E0500DE48}" = CCC Help English
"{77F94BE8-A504-352B-E873-FC78E5FA9CD7}" = CCC Help Japanese
"{79AAA7A5-6917-2C53-7FCB-C00B54602149}" = CCC Help Chinese Traditional
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{90150000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0407-0000-0000000FF1CE}" = Microsoft Access MUI (German) 2013
"{90150000-0016-0407-0000-0000000FF1CE}" = Microsoft Excel MUI (German) 2013
"{90150000-0018-0407-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (German) 2013
"{90150000-0019-0407-0000-0000000FF1CE}" = Microsoft Publisher MUI (German) 2013
"{90150000-001A-0407-0000-0000000FF1CE}" = Microsoft Outlook MUI (German) 2013
"{90150000-001B-0407-0000-0000000FF1CE}" = Microsoft Word MUI (German) 2013
"{90150000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office*- Français
"{90150000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano
"{90150000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2013
"{90150000-0044-0407-0000-0000000FF1CE}" = Microsoft InfoPath MUI (German) 2013
"{90150000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2013
"{90150000-0090-0407-0000-0000000FF1CE}" = Microsoft DCF MUI (German) 2013
"{90150000-00A1-0407-0000-0000000FF1CE}" = Microsoft OneNote MUI (German) 2013
"{90150000-00BA-0407-0000-0000000FF1CE}" = Microsoft Groove MUI (German) 2013
"{90150000-00E1-0407-0000-0000000FF1CE}" = Microsoft Office OSM MUI (German) 2013
"{90150000-00E2-0407-0000-0000000FF1CE}" = Microsoft Office OSM UX MUI (German) 2013
"{90150000-012B-0407-0000-0000000FF1CE}" = Microsoft Lync MUI (German) 2013
"{926E4789-8065-6F3B-9D9A-5E6AABA000BC}" = CCC Help Czech
"{9700C74F-1D07-FD53-6430-A858B34E30B7}" = CCC Help Russian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed (R) III
"{A0E64741-5C93-FCCD-6A90-248D3C92CAFA}" = CCC Help Greek
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A8D4FFA9-94CA-B0E4-7ED0-A7FD4DEDB106}" = CCC Help Hungarian
"{A9D5BCE3-6D8B-95B0-925F-F39BFAAB4177}" = CCC Help French
"{ABA15F5D-057C-2677-3C90-04838682F66B}" = CCC Help Dutch
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{ACC88BAA-D748-E9D9-3F72-B359EFD11912}" = CCC Help Swedish
"{D33CE733-2DE9-D582-9D35-323F9F79A1EB}" = CCC Help Italian
"{D67A9023-307F-B5A0-8621-5258D3FA9813}" = CCC Help German
"{D7D6CCD3-D9BD-EA92-288E-EFCBDE939FF5}" = AMD VISION Engine Control Center
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{EF666029-2EDF-C792-D438-34940ED13A46}" = CCC Help Finnish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F38EF546-DCE4-E290-AB73-4C57A3AC70A0}" = CCC Help Danish
"{FE6A55DF-D79E-7469-37CC-3E7F08098FCA}" = CCC Help Spanish
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"DAEMON Tools Lite" = DAEMON Tools Lite
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"PunkBusterSvc" = PunkBuster Services
"SopCast" = SopCast 3.5.0
"Steam App 43110" = Metro 2033
"UltraISO_is1" = UltraISO Premium V9.53
"Uplay" = Uplay
"Wildlife Park 2 - Dino World_is1" = Wildlife Park 2 - Dino World v2.1
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1912176476-229640534-1509025152-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"d8be6c3f847d7d92" = Ghost Recon Online
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.03.2013 08:29:24 | Computer Name = Wango90-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
[ System Events ]
Error - 02.03.2013 08:29:21 | Computer Name = Wango90-PC | Source = amdsata | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden.
Error - 02.03.2013 08:29:23 | Computer Name = Wango90-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 02.03.2013 08:29:35 | Computer Name = Wango90-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
< End of report >
|
|
02.03.2013, 13:45
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Überall taucht Werbung auf! Dann bitte jetzt CF ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.03.2013, 13:54
| #9 |
| | Überall taucht Werbung auf! ComboFix: Code:
ATTFilter ComboFix 13-03-01.01 - Wango90 02.03.2013 13:48:38.3.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.4092.2777 [GMT 1:00]
ausgeführt von:: c:\users\Wango90\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-02 bis 2013-03-02 ))))))))))))))))))))))))))))))
.
.
2013-03-02 12:51 . 2013-03-02 12:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-01 15:32 . 2013-03-01 15:32 -------- d-----w- c:\users\Wango90\AppData\Roaming\Malwarebytes
2013-03-01 15:32 . 2013-03-01 15:32 -------- d-----w- c:\programdata\Malwarebytes
2013-03-01 15:32 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-01 15:32 . 2013-03-01 15:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-01 15:32 . 2013-03-01 15:32 -------- d-----w- c:\users\Wango90\AppData\Local\Programs
2013-02-28 20:48 . 2013-02-28 20:48 -------- d-----w- c:\windows\ERUNT
2013-02-28 20:47 . 2013-03-02 11:56 -------- d-----w- C:\JRT
2013-02-27 15:50 . 2013-02-27 15:50 -------- d-----w- c:\programdata\FLEXnet
2013-02-27 15:49 . 2013-02-27 15:49 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2013-02-27 15:24 . 2013-02-27 15:24 -------- d-----w- c:\program files (x86)\UltraISO
2013-02-27 15:24 . 2013-02-27 15:24 -------- d-----w- c:\program files (x86)\Common Files\EZB Systems
2013-02-26 11:51 . 2013-02-26 11:51 -------- d-----w- c:\programdata\OUTLAWS
2013-02-23 12:57 . 2013-02-28 21:37 -------- d-----w- C:\Webzen
2013-02-22 21:07 . 2013-02-23 00:07 -------- d-----w- C:\NetmarbleGlobal
2013-02-22 20:56 . 2013-02-28 21:55 -------- d-----w- c:\program files (x86)\Pando Networks
2013-02-22 20:55 . 2013-02-22 20:55 -------- d-----w- c:\users\Wango90\.swt
2013-02-22 02:17 . 2013-02-22 23:42 -------- d-----w- c:\programdata\eMule
2013-02-22 01:53 . 2013-02-25 10:36 -------- d-----w- c:\users\Wango90\AppData\Roaming\vlc
2013-02-22 01:52 . 2013-02-22 01:52 -------- d-----w- c:\program files\VideoLAN
2013-02-22 01:27 . 2013-02-22 01:27 -------- d-----w- c:\users\Wango90\AppData\Local\Shareaza
2013-02-22 01:27 . 2013-02-28 21:46 -------- d-----w- c:\users\Wango90\AppData\Roaming\Shareaza
2013-02-22 01:27 . 2013-02-28 21:46 -------- d-----w- c:\program files (x86)\Shareaza
2013-02-22 01:15 . 2013-02-22 01:16 -------- d-----w- c:\users\Wango90\FrostWire
2013-02-22 01:14 . 2013-02-22 01:23 -------- d-----w- c:\users\Wango90\.frostwire5
2013-02-16 19:36 . 2013-02-16 19:36 -------- d-----w- c:\windows\system32\appmgmt
2013-02-16 17:30 . 2013-02-18 09:29 -------- d-----w- c:\program files (x86)\ATDheNetTVApp.com
2013-02-14 02:03 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 02:03 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 10:38 . 2013-01-05 05:57 5500776 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-26 22:08 . 2012-11-20 18:40 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-26 22:08 . 2012-11-20 18:40 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-22 15:49 . 2012-11-20 22:52 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-02-22 15:49 . 2012-11-20 22:51 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-02-22 12:15 . 2012-11-20 22:51 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-01-04 04:43 . 2013-02-13 10:38 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-20 12:15 . 2009-07-13 23:56 419840 ----a-w- c:\windows\system32\systemcpl.dll
2012-12-16 16:52 . 2012-12-22 02:01 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:40 . 2012-12-22 02:01 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:25 . 2012-12-22 02:01 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:25 . 2012-12-22 02:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-06 16:45 . 2012-11-20 22:51 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2012-11-20 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2012-11-20 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-02-25 1602984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-02 642216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-20 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-15 111968]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-20 283200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-02 240640]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-02 361984]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-20 22:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 19:47 2322576 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 19:47 2322576 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 19:47 2322576 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office15\EXCEL.EXE/3000
Trusted Zone: aeriagames.com
TCP: DhcpNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Wango90\AppData\Roaming\Mozilla\Firefox\Profiles\s2xpq4a8.default\
FF - ExtSQL: 2013-01-19 16:35; torntv@torntv.com; c:\users\Wango90\AppData\Roaming\Mozilla\Firefox\Profiles\s2xpq4a8.default\extensions\torntv@torntv.com.xpi
FF - ExtSQL: 2013-02-16 18:30; freehdsport@freehdsport.tv; c:\users\Wango90\AppData\Roaming\Mozilla\Firefox\Profiles\s2xpq4a8.default\extensions\freehdsport@freehdsport.tv.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\Wango90\AppData\Local\Akamai\netsession_win.exe
Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-02 13:52:57
ComboFix-quarantined-files.txt 2013-03-02 12:52
ComboFix2.txt 2013-02-28 21:20
ComboFix3.txt 2013-02-28 21:10
.
Vor Suchlauf: 16 Verzeichnis(se), 1.315.753.107.456 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 1.315.900.260.352 Bytes frei
.
- - End Of File - - 6CA878B0B5555A9E45E72E8D6C5707FE
|
|
03.03.2013, 17:29
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Überall taucht Werbung auf!Code:
ATTFilter 2013-02-22 02:17 . 2013-02-22 23:42 d-----w- c:\programdata\eMule
2013-02-22 01:27 . 2013-02-28 21:46 d-----w- c:\program files (x86)\Shareaza
2013-02-22 01:15 . 2013-02-22 01:16 d-----w- c:\users\Wango90\FrostWire
 Dir sind die Gefahren des Filesharings bekannt? Was alles lädst du damit eigentlich?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.03.2013, 20:33
| #11 |
| | Überall taucht Werbung auf! die programme sind eigentlich schon deinstalliert hatte ich mir mal einfach so runtergeladen da die vom kumpel empfohlen wurden frostwire und emule hab ich auch nicht benutzt nur einmal shareeza aber auch nur für ca 2 std ansonsten wars das schon dass hatte ich auch um sogesehen eine größere datei vom kumpel zu empfangen da es mit rapidshare (ohne premium acc) zu lange dauern würde.. deswegen wunder ich mich auch dass die eigentlich noch da aufgelistet werden ich hab auch kein problem wenn du mit teamviewer dir selber einen blick verschaffen würdest |
|
03.03.2013, 20:47
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Überall taucht Werbung auf! Eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.03.2013, 21:12
| #13 |
| | Überall taucht Werbung auf! OTL ist fertig im übrigen krieg ich keine werbungen mehr weder im forum noch in fb noch in youtube oder woanders nur bin ich nicht sicher ob das komplett bereinigt wurde. Code:
ATTFilter OTL logfile created on: 03.03.2013 21:05:20 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wango90\Desktop 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 66,21% Memory free 7,99 Gb Paging File | 5,61 Gb Available in Paging File | 70,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1388,77 Gb Total Space | 1224,49 Gb Free Space | 88,17% Space Free | Partition Type: NTFS Drive D: | 4,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: WANGO90-PC | User Name: Wango90 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Wango90\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\Program Files (x86)\Steam\SDL.dll () MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV - (AODDriver4.2) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 37 C0 D6 2E D7 09 CE 01 [binary data] IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.19 23:17:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.19 23:17:46 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.20 19:27:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wango90\AppData\Roaming\mozilla\Extensions [2013.02.16 20:34:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wango90\AppData\Roaming\mozilla\Firefox\Profiles\s2xpq4a8.default\extensions [2013.02.16 18:30:59 | 000,216,743 | ---- | M] () (No name found) -- C:\Users\Wango90\AppData\Roaming\mozilla\firefox\profiles\s2xpq4a8.default\extensions\freehdsport@freehdsport.tv.xpi [2013.01.19 16:35:28 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\Wango90\AppData\Roaming\mozilla\firefox\profiles\s2xpq4a8.default\extensions\torntv@torntv.com.xpi [2013.02.19 23:17:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.19 23:17:46 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000 File not found O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\..Trusted Domains: aeriagames.com ([]http in Trusted sites) O15 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\..Trusted Domains: aeriagames.com ([]https in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{254C83CF-8C33-4842-93AF-592A0C7279AA}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\osf - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.02 13:52:58 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.03.02 12:52:41 | 000,547,491 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Wango90\Desktop\JRT.exe [2013.03.02 03:35:11 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Wango90\Desktop\tdsskiller.exe [2013.03.02 03:17:23 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Wango90\Desktop\aswMBR.exe [2013.03.02 03:03:05 | 000,000,000 | ---D | C] -- C:\Users\Wango90\Desktop\mbar [2013.03.01 16:32:40 | 000,000,000 | ---D | C] -- C:\Users\Wango90\AppData\Roaming\Malwarebytes [2013.03.01 16:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.01 16:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.01 16:32:26 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.01 16:32:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.01 16:32:14 | 000,000,000 | ---D | C] -- C:\Users\Wango90\AppData\Local\Programs [2013.02.28 23:04:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Wango90\Desktop\OTL.exe [2013.02.28 22:13:58 | 005,035,876 | R--- | C] (Swearware) -- C:\Users\Wango90\Desktop\ComboFix.exe [2013.02.28 22:02:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.02.28 22:02:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.02.28 22:02:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.02.28 21:59:08 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.02.28 21:58:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.02.28 21:48:06 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.02.28 21:47:46 | 000,000,000 | ---D | C] -- C:\JRT [2013.02.27 16:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2013.02.27 16:49:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared [2013.02.27 16:24:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO [2013.02.27 16:24:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UltraISO [2013.02.27 16:24:08 | 000,000,000 | ---D | C] -- C:\Users\Wango90\Documents\My ISO Files [2013.02.27 16:24:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EZB Systems [2013.02.26 12:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\OUTLAWS [2013.02.23 13:57:20 | 000,000,000 | ---D | C] -- C:\Webzen [2013.02.22 22:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetmarbleGlobal [2013.02.22 22:07:48 | 000,000,000 | ---D | C] -- C:\NetmarbleGlobal [2013.02.22 21:57:01 | 578,688,216 | ---- | C] (Acresso Software Inc. ) -- C:\Users\Wango90\Desktop\netmarble_d187_v1003_ver2_full_xfire.exe [2013.02.22 21:56:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2013.02.22 21:55:28 | 000,000,000 | ---D | C] -- C:\Users\Wango90\.swt [2013.02.22 15:06:50 | 000,000,000 | ---D | C] -- C:\Users\Wango90\Desktop\Kollegah_und_Farid_Bang-Jung_Brutal_Gutaussehend_2-Premium_Edition-DE-2013-NOiR [2013.02.22 03:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\eMule [2013.02.22 02:53:51 | 000,000,000 | ---D | C] -- C:\Users\Wango90\AppData\Roaming\vlc [2013.02.22 02:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.02.22 02:52:49 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2013.02.22 02:40:16 | 000,000,000 | ---D | C] -- C:\Users\Wango90\Desktop\Neuer Ordner (4) [2013.02.22 02:27:49 | 000,000,000 | ---D | C] -- C:\Users\Wango90\AppData\Local\Shareaza [2013.02.22 02:27:35 | 000,000,000 | ---D | C] -- C:\Users\Wango90\AppData\Roaming\Shareaza [2013.02.22 02:27:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shareaza [2013.02.22 02:15:00 | 000,000,000 | ---D | C] -- C:\Users\Wango90\FrostWire [2013.02.22 02:14:58 | 000,000,000 | ---D | C] -- C:\Users\Wango90\.frostwire5 [2013.02.19 23:17:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.16 20:36:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2013.02.16 18:30:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATDheNetTVApp.com [2013.02.14 03:01:25 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.02.14 03:01:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.02.14 03:01:25 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.02.14 03:01:25 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.02.14 03:01:24 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.02.14 03:01:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.02.14 03:01:23 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.02.14 03:01:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.02.14 03:01:23 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.02.14 03:01:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.02.14 03:01:22 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.02.14 03:01:22 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.02.14 03:01:21 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.02.14 03:01:21 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.02.14 03:01:21 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.02.13 11:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013.02.13 11:38:33 | 005,500,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.02.13 11:38:32 | 003,957,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.02.13 11:38:32 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.02.13 11:38:12 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.02.13 11:38:12 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.02.13 11:38:11 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.02.13 11:38:11 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.02.13 11:38:11 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.02.13 11:38:11 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.02.13 11:38:11 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.02.13 11:38:11 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.02.13 11:38:11 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.02.13 11:38:11 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.02.13 11:38:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.02.13 11:38:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.02.13 11:38:10 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.02.13 11:38:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.02.13 11:38:09 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.02.13 11:38:09 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.02.13 11:38:09 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.02.13 11:38:09 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.02.13 11:38:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.02.13 11:38:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.02.13 11:38:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.02.13 11:38:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.02.13 11:38:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.02.13 11:38:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.02.13 11:38:03 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.02.05 11:53:26 | 000,000,000 | ---D | C] -- C:\Users\Wango90\Desktop\Neuer Ordner (2) [2013.02.05 11:51:45 | 000,000,000 | ---D | C] -- C:\Users\Wango90\Desktop\ALLES ========== Files - Modified Within 30 Days ========== [2013.03.03 21:08:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.03 20:28:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.02 13:47:18 | 005,035,876 | R--- | M] (Swearware) -- C:\Users\Wango90\Desktop\ComboFix.exe [2013.03.02 13:35:20 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.02 13:35:20 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.02 13:35:20 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.02 13:35:20 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.02 13:35:20 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.02 13:29:15 | 3218,202,624 | -HS- | M] () -- C:\hiberfil.sys [2013.03.02 13:24:43 | 000,594,019 | ---- | M] () -- C:\Users\Wango90\Desktop\adwcleaner.exe [2013.03.02 12:52:42 | 000,547,491 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Wango90\Desktop\JRT.exe [2013.03.02 03:35:12 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Wango90\Desktop\tdsskiller.exe [2013.03.02 03:31:54 | 000,000,512 | ---- | M] () -- C:\Users\Wango90\Desktop\MBR.dat [2013.03.02 03:18:41 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Wango90\Desktop\aswMBR.exe [2013.03.01 17:02:13 | 000,000,914 | ---- | M] () -- C:\Users\Wango90\Desktop\kkk.csv [2013.03.01 16:32:30 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.01 12:32:40 | 000,000,168 | ---- | M] () -- C:\Users\Wango90\defogger_reenable [2013.03.01 12:32:25 | 000,050,477 | ---- | M] () -- C:\Users\Wango90\Desktop\Defogger.exe [2013.02.28 23:04:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wango90\Desktop\OTL.exe [2013.02.28 22:55:49 | 000,371,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.28 21:32:30 | 000,009,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.28 21:32:30 | 000,009,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.28 12:50:45 | 000,172,835 | ---- | M] () -- C:\Users\Wango90\Desktop\tumblr_m8o6g0gkUp1r7wh28o1_1280.jpg [2013.02.28 12:45:22 | 000,004,814 | ---- | M] () -- C:\Users\Wango90\Desktop\shisha_and_more.GIF [2013.02.27 16:24:11 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\UltraISO.lnk [2013.02.27 04:04:39 | 000,005,120 | ---- | M] () -- C:\Users\Wango90\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.02.26 23:08:48 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.02.26 23:08:48 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.02.22 22:07:01 | 578,688,216 | ---- | M] (Acresso Software Inc. ) -- C:\Users\Wango90\Desktop\netmarble_d187_v1003_ver2_full_xfire.exe [2013.02.22 16:49:30 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.02.22 16:49:30 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.02.22 13:15:00 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.02.22 02:53:16 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.02.13 11:39:27 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk ========== Files Created - No Company Name ========== [2013.03.02 13:24:42 | 000,594,019 | ---- | C] () -- C:\Users\Wango90\Desktop\adwcleaner.exe [2013.03.02 03:31:54 | 000,000,512 | ---- | C] () -- C:\Users\Wango90\Desktop\MBR.dat [2013.03.01 17:02:13 | 000,000,914 | ---- | C] () -- C:\Users\Wango90\Desktop\kkk.csv [2013.03.01 16:32:30 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.01 12:32:40 | 000,000,168 | ---- | C] () -- C:\Users\Wango90\defogger_reenable [2013.03.01 12:32:24 | 000,050,477 | ---- | C] () -- C:\Users\Wango90\Desktop\Defogger.exe [2013.02.28 22:02:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.02.28 22:02:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.02.28 22:02:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.02.28 22:02:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.02.28 22:02:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.02.28 12:50:45 | 000,172,835 | ---- | C] () -- C:\Users\Wango90\Desktop\tumblr_m8o6g0gkUp1r7wh28o1_1280.jpg [2013.02.28 12:45:17 | 000,004,814 | ---- | C] () -- C:\Users\Wango90\Desktop\shisha_and_more.GIF [2013.02.27 16:24:11 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\UltraISO.lnk [2013.02.23 02:22:55 | 000,005,120 | ---- | C] () -- C:\Users\Wango90\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.02.22 02:53:16 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.02.07 01:07:39 | 268,435,456 | ---- | C] () -- C:\Users\Wango90\Desktop\5589.nds [2013.02.05 11:36:54 | 067,108,864 | ---- | C] () -- C:\Users\Wango90\Desktop\Pokémon Diamant Edition.nds [2012.11.20 23:51:20 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.11.20 23:51:18 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.11.20 23:32:40 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.11.20 18:10:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.09.28 02:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.09.28 02:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 16 bytes -> C:\Users\Wango90\Downloads:Shareaza.GUID < End of report > |
|
03.03.2013, 21:35
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Überall taucht Werbung auf!Fixen mit OTL
Code:
ATTFilter :OTL
@Alternate Data Stream - 16 bytes -> C:\Users\Wango90\Downloads:Shareaza.GUID
[2013.03.02 03:31:54 | 000,000,512 | ---- | M] () -- C:\Users\Wango90\Desktop\MBR.dat
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.03.2013, 21:48
| #15 |
| | Überall taucht Werbung auf! FIX ist fertig. Falls der ganze vorgang mit dem bereinigen fertig ist hätte ich zum abschuluss noch zwei fragen bezüglich den prefetch und den temp ordnern wenn es hier reingehört Code:
ATTFilter All processes killed
========== OTL ==========
Unable to delete ADS C:\Users\Wango90\Downloads:Shareaza.GUID .
C:\Users\Wango90\Desktop\MBR.dat moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Wango90\Desktop\cmd.bat deleted successfully.
C:\Users\Wango90\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Wango90
->Temp folder emptied: 432 bytes
->Temporary Internet Files folder emptied: 1666979446 bytes
->FireFox cache emptied: 419016539 bytes
->Flash cache emptied: 24636 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 84 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1.989,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 03032013_213817
Files\Folders moved on Reboot...
C:\Users\Wango90\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
| Themen zu Überall taucht Werbung auf! |
| 4d36e972-e325-11ce-bfc1-08002be10318, adchoices, adobe, adobe flash player, adobe reader xi, akamai, autorun, avg, bho, explorer, fehler, firefox, flash player, format, helper, helper.exe, iexplore.exe, install.exe, mozilla, nodrives, problem, programme, realtek, registry, rundll, scan, svchost.exe, udp, viren, visual studio, werbung, windows, wrapper |
WARNUNG an die MITLESER: 
Textbox. 
