| |
| |||||||
Log-Analyse und Auswertung: Logs nach einem Trojan.Zbot.ED fundWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
13.05.2013, 12:18
| #1 |
 |  Logs nach einem Trojan.Zbot.ED fund Erst einmal Mahlzeit und ein Hallöchen aus Duisburg. Nach diesem Fund ( Trojan.Zbot.ED ) mit Malwarebytes spuckten OTL und ESETS folgende Logfiles aus : ( Habe beides aufgrund einer fast in meiner Erinnerung verschwundenen Bereinigung laufen lassen damit ich euch die ersten Schritte entgegen kommen kann falls benötigt. ) Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.13.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16540 Butan :: BUTAN-PC [Administrator] 13.05.2013 09:09:53 mbam-log-2013-05-13 (09-09-53).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P Deaktivierte Suchlaufeinstellungen: Durchsuchte Objekte: 440579 Laufzeit: 47 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Butan\AppData\Local\Temp\RKNwgKPd.exe.part (Trojan.Zbot.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5f38b470e030874283bcaab929a352ad
# engine=13815
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-13 10:03:12
# local_time=2013-05-13 12:03:12 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 219558 120069242 0 0
# scanned=225501
# found=3
# cleaned=0
# scan_time=4553
sh=25E8BB9B7CCF3F9200AFC5993B5D06A9F8EE9F09 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="C:\Users\Butan\AppData\Local\Mozilla\Firefox\Profiles\v8da55w8.default\Cache\2\01\ADF21d01"
sh=99145DF415F7229B20CEA86706225A5D1C57A882 ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\Windows\pss\msconfig.lnk.Startup"
sh=2C92C8390F3E7252F3E1397234678D4D3AF17838 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\_OTL\MovedFiles\04242013_001423\C_Users\Butan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\4b0bc32-5cc9a4cf"
OTL Logfile: Code:
ATTFilter OTL logfile created on: 13.05.2013 12:26:05 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Butan\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,97 Gb Total Physical Memory | 5,74 Gb Available Physical Memory | 72,05% Memory free 15,93 Gb Paging File | 13,83 Gb Available in Paging File | 86,80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 880,41 Gb Total Space | 256,74 Gb Free Space | 29,16% Space Free | Partition Type: NTFS Drive D: | 50,00 Gb Total Space | 21,85 Gb Free Space | 43,70% Space Free | Partition Type: NTFS Drive F: | 931,51 Gb Total Space | 26,75 Gb Free Space | 2,87% Space Free | Partition Type: NTFS Computer Name: BUTAN-PC | User Name: Butan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.13 12:19:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Butan\Desktop\OTL.exe PRC - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.01.20 10:35:24 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.01.20 10:35:22 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.01.20 10:35:08 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2011.11.30 06:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.11.30 06:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe ========== Modules (No Company Name) ========== MOD - [2013.02.14 04:23:07 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll MOD - [2013.02.14 04:23:00 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.01.13 21:43:30 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7ffdaee3a54ffd1a5e3b008a5bde5ecf\IAStorUtil.ni.dll MOD - [2013.01.13 21:43:30 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\389a1832a3da11e1b409cd6ae60cb9fa\IAStorCommon.ni.dll MOD - [2013.01.13 21:33:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.13 21:33:06 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.13 21:32:59 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.13 21:32:56 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.13 21:32:54 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.13 21:32:54 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.13 21:32:49 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2011.05.16 16:03:17 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2013.05.04 16:08:50 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.15 18:29:10 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.20 10:35:24 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.01.20 10:35:22 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.01.20 10:35:08 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2011.11.30 06:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.09.28 02:47:38 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.22 09:17:06 | 000,203,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2013.02.22 09:17:06 | 000,102,936 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2013.02.22 09:16:56 | 000,019,968 | ---- | M] (Intel Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlashUSB.sys -- (FlashUSB) DRV:64bit: - [2013.02.20 16:40:30 | 000,043,016 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\eve.sys -- (Eve) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.30 05:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.11.09 19:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.11.09 16:21:39 | 000,187,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.09.29 18:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.08.02 02:47:30 | 000,391,144 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.08.02 02:47:30 | 000,129,000 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.25 15:59:00 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.09.23 22:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2010.07.16 02:45:42 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2115282909-3215999341-1564346366-1001\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF IE - HKU\S-1-5-21-2115282909-3215999341-1564346366-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF IE - HKU\S-1-5-21-2115282909-3215999341-1564346366-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2115282909-3215999341-1564346366-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF IE - HKU\S-1-5-21-2115282909-3215999341-1564346366-1001\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-2115282909-3215999341-1564346366-1001\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-2115282909-3215999341-1564346366-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-2115282909-3215999341-1564346366-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-2115282909-3215999341-1564346366-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110823&tt=120912_cpc_3712_3&babsrc=SP_ss&mntrId=204c3cc00000000000008c89a5c3ccb5 IE - HKU\S-1-5-21-2115282909-3215999341-1564346366-1001\..\SearchScopes\{4A9B229A-D5A6-487D-B451-F20392AC2F61}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNF_enDE393 IE - HKU\S-1-5-21-2115282909-3215999341-1564346366-1001\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}: "URL" = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web IE - HKU\S-1-5-21-2115282909-3215999341-1564346366-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.13 01:10:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.13 01:10:18 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.14 04:34:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Butan\AppData\Roaming\mozilla\Extensions [2013.04.24 00:14:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Butan\AppData\Roaming\mozilla\Firefox\Profiles\extensions [2013.05.06 12:42:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Butan\AppData\Roaming\mozilla\Firefox\Profiles\v8da55w8.default\extensions [2013.05.05 13:45:27 | 000,242,384 | ---- | M] () (No name found) -- C:\Users\Butan\AppData\Roaming\mozilla\firefox\profiles\v8da55w8.default\extensions\jid1-sirVJT0BXhkuJg@jetpack.xpi [2013.04.13 01:10:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.13 01:10:18 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.03.17 17:21:01 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.13 00:36:06 | 000,002,360 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2013.03.17 17:21:01 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.17 17:21:01 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.03.17 17:21:01 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.17 17:21:01 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.17 17:21:01 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A04CCCFE-AC16-4F6B-90A9-4A424694D442}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.07.10 07:18:02 | 000,000,000 | RH-D | M] - F:\autorun -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.13 10:22:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.05.11 07:44:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2013.05.11 07:43:56 | 000,061,216 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2013.05.11 07:43:56 | 000,053,024 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2013.05.11 07:43:23 | 026,956,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2013.05.11 07:43:23 | 020,542,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2013.05.11 07:43:23 | 017,990,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2013.05.11 07:43:23 | 015,042,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2013.05.11 07:43:23 | 007,573,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2013.05.11 07:43:23 | 006,271,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2013.05.11 07:43:23 | 001,807,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6431422.dll [2013.05.11 07:43:23 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6431422.dll [2013.05.11 07:43:23 | 000,968,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2013.05.11 07:43:23 | 000,250,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2013.05.11 07:43:23 | 000,205,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [2013.05.11 07:43:22 | 025,256,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2013.05.11 07:43:22 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2013.05.11 07:43:22 | 009,414,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2013.05.11 07:43:22 | 007,959,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2013.05.11 07:43:22 | 002,913,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2013.05.11 07:43:22 | 002,728,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2013.05.11 07:43:22 | 002,539,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2013.05.11 07:43:22 | 002,355,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2013.05.11 07:43:22 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2013.05.11 07:41:13 | 000,000,000 | ---D | C] -- C:\NVIDIA [2013.05.11 07:32:57 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2013.05.11 07:29:39 | 006,398,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2013.05.11 07:29:39 | 003,477,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2013.05.11 07:29:39 | 002,555,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2013.05.11 07:29:39 | 000,237,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2013.05.11 07:29:39 | 000,063,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2013.05.11 07:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2013.05.11 07:26:13 | 000,000,000 | ---D | C] -- C:\Users\Butan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Cleaner Pro [2013.05.11 07:26:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Cleaner Pro [2013.05.11 07:26:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Cleaner Pro [2013.05.10 23:19:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2013.05.10 22:54:21 | 000,000,000 | ---D | C] -- C:\Users\Butan\AppData\Roaming\Canneverbe Limited [2013.05.10 22:54:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2013.05.10 22:54:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP [2013.05.10 22:53:37 | 005,261,912 | ---- | C] (Canneverbe Limited ) -- C:\Users\Butan\Desktop\cdbxp_setup_4.5.1.4003.exe [2013.05.06 05:28:58 | 000,000,000 | ---D | C] -- C:\Users\Butan\Desktop\Hip Hop [2013.05.05 15:03:12 | 000,000,000 | ---D | C] -- C:\Downloads [2013.05.05 05:37:47 | 222,141,776 | ---- | C] (NVIDIA Corporation) -- C:\Users\Butan\Desktop\314.22-desktop-win8-win7-winvista-64bit-international-whql.exe [2013.05.04 14:18:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2013.04.30 03:06:51 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.30 03:06:51 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.04.30 03:06:51 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.04.30 03:06:51 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.04.30 03:06:51 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.04.30 03:06:51 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.04.30 03:06:51 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.04.30 03:06:51 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.30 03:06:51 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.04.30 03:06:51 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.04.30 03:06:51 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.30 03:06:51 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.04.30 03:06:51 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.30 03:06:51 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.04.30 03:06:51 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.04.30 03:06:51 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.04.30 03:06:51 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.04.30 03:06:51 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.04.30 03:06:51 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.04.30 03:06:51 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.04.30 03:06:51 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.04.30 03:06:51 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.04.30 03:06:51 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.04.30 03:06:51 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.04.30 03:06:51 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.04.30 03:06:51 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.04.30 03:06:51 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.04.30 03:06:51 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.04.30 03:06:51 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.04.30 03:06:51 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.04.30 03:06:51 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.04.30 03:06:51 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.04.30 03:06:51 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.04.30 03:06:51 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.04.30 03:06:51 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.04.30 03:06:51 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.04.30 03:06:51 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.04.30 03:06:51 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.04.30 03:06:51 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.04.30 03:06:51 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.04.30 03:06:51 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.04.30 03:06:51 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.04.30 03:06:51 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.04.30 03:06:51 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.04.30 03:06:51 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.04.30 03:06:51 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.04.30 03:06:51 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.04.30 03:06:51 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.04.30 03:06:51 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.04.30 03:06:51 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.04.30 03:06:51 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.04.30 03:06:51 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.04.30 03:06:51 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.04.30 03:06:51 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.04.30 03:06:51 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.04.30 03:06:51 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.04.30 03:06:51 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.04.30 03:06:51 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.04.30 03:06:51 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.04.30 03:06:51 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.04.30 03:06:51 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.04.30 03:06:51 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.04.30 03:06:51 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.04.30 03:06:51 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.04.30 03:06:51 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.04.30 03:06:51 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.04.30 03:06:51 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.04.30 03:06:51 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.04.24 02:46:55 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Butan\Desktop\esetsmartinstaller_enu.exe [2013.04.24 02:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.04.24 02:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.04.24 00:24:24 | 000,000,000 | ---D | C] -- C:\Users\Butan\AppData\Local\Temp [2013.04.24 00:16:39 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.04.24 00:14:23 | 000,000,000 | ---D | C] -- C:\_OTL [2013.04.23 22:35:27 | 000,000,000 | ---D | C] -- C:\Users\Butan\Desktop\Neuer Ordner (2) [2013.04.23 21:50:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.23 21:50:34 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.04.23 21:50:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.04.23 21:44:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Butan\Desktop\OTL.exe [2013.04.23 21:44:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013.04.23 10:39:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2013.04.23 10:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager [2013.04.23 10:39:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager [2013.04.22 12:22:56 | 000,000,000 | ---D | C] -- C:\Users\Butan\Desktop\Neuer Ordner [2013.04.19 19:50:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.04.15 15:46:49 | 000,203,544 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys [2013.04.15 15:46:49 | 000,102,936 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys [2013.04.15 15:46:45 | 000,019,968 | ---- | C] (Intel Mobile Communications) -- C:\Windows\SysNative\drivers\FlashUSB.sys [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.13 12:19:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Butan\Desktop\OTL.exe [2013.05.13 12:10:40 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.13 12:10:40 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.13 11:47:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.13 10:43:56 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Butan\Desktop\esetsmartinstaller_enu.exe [2013.05.13 10:30:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.13 10:30:10 | 2121,445,375 | -HS- | M] () -- C:\hiberfil.sys [2013.05.13 10:17:31 | 000,619,461 | ---- | M] () -- C:\Users\Butan\Desktop\adwcleaner-2.2.0.2.exe [2013.05.13 09:53:08 | 000,000,017 | ---- | M] () -- C:\Users\Butan\AppData\Local\resmon.resmoncfg [2013.05.11 07:36:45 | 000,013,762 | ---- | M] () -- C:\Users\Butan\Documents\cc_20130511_073642.reg [2013.05.11 07:26:13 | 000,001,983 | ---- | M] () -- C:\Users\Butan\Desktop\Driver Cleaner Pro.lnk [2013.05.11 07:20:06 | 002,817,354 | ---- | M] () -- C:\Users\Butan\Desktop\DCProSetup_15.zip [2013.05.10 22:54:17 | 000,001,957 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2013.05.10 22:53:45 | 005,261,912 | ---- | M] (Canneverbe Limited ) -- C:\Users\Butan\Desktop\cdbxp_setup_4.5.1.4003.exe [2013.05.05 05:42:03 | 222,141,776 | ---- | M] (NVIDIA Corporation) -- C:\Users\Butan\Desktop\314.22-desktop-win8-win7-winvista-64bit-international-whql.exe [2013.05.04 16:08:50 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.05.04 16:08:50 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.04 14:24:48 | 000,000,944 | ---- | M] () -- C:\Users\Butan\Documents\cc_20130504_142446.reg [2013.05.04 14:24:39 | 000,055,688 | ---- | M] () -- C:\Users\Butan\Documents\cc_20130504_142436.reg [2013.05.04 14:24:03 | 000,159,412 | ---- | M] () -- C:\Users\Butan\Documents\cc_20130504_142400.reg [2013.05.04 14:21:33 | 000,003,774 | ---- | M] () -- C:\Users\Butan\Documents\cc_20130504_142130.reg [2013.05.04 14:18:35 | 001,519,798 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.04 14:18:35 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.04 14:18:35 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.04 14:18:35 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.04 14:18:35 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.30 03:06:51 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.30 03:06:51 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.04.30 03:06:51 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.04.30 03:06:51 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.04.30 03:06:51 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.04.30 03:06:51 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.04.30 03:06:51 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.04.30 03:06:51 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.30 03:06:51 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.04.30 03:06:51 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.04.30 03:06:51 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.30 03:06:51 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.04.30 03:06:51 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.30 03:06:51 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.04.30 03:06:51 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.04.30 03:06:51 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.04.30 03:06:51 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.04.30 03:06:51 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.04.30 03:06:51 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.04.30 03:06:51 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.04.30 03:06:51 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.04.30 03:06:51 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.04.30 03:06:51 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.04.30 03:06:51 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.04.30 03:06:51 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.04.30 03:06:51 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.04.30 03:06:51 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.04.30 03:06:51 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.04.30 03:06:51 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.04.30 03:06:51 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.04.30 03:06:51 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.04.30 03:06:51 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.04.30 03:06:51 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.04.30 03:06:51 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.04.30 03:06:51 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.04.30 03:06:51 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.04.30 03:06:51 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.04.30 03:06:51 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.04.30 03:06:51 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.04.30 03:06:51 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.04.30 03:06:51 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.04.30 03:06:51 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.04.30 03:06:51 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.04.30 03:06:51 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.04.30 03:06:51 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.04.30 03:06:51 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.04.30 03:06:51 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.04.30 03:06:51 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.04.30 03:06:51 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.04.30 03:06:51 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.04.30 03:06:51 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.04.30 03:06:51 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.04.30 03:06:51 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.04.30 03:06:51 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.04.30 03:06:51 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.04.30 03:06:51 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.04.30 03:06:51 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.04.30 03:06:51 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.04.30 03:06:51 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.04.30 03:06:51 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.04.30 03:06:51 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.04.30 03:06:51 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.04.30 03:06:51 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.04.30 03:06:51 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.04.30 03:06:51 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.04.30 03:06:51 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.04.30 03:06:51 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.04.30 03:06:51 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.04.30 03:06:51 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.04.30 03:06:51 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.04.24 02:46:15 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.04.23 21:50:36 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.23 21:49:28 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Butan\Desktop\mbam-setup-1.75.0.1300.exe [2013.04.14 03:25:11 | 000,283,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.13 10:17:13 | 000,619,461 | ---- | C] () -- C:\Users\Butan\Desktop\adwcleaner-2.2.0.2.exe [2013.05.13 09:53:08 | 000,000,017 | ---- | C] () -- C:\Users\Butan\AppData\Local\resmon.resmoncfg [2013.05.11 07:29:39 | 003,065,455 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin [2013.05.11 07:26:13 | 000,001,983 | ---- | C] () -- C:\Users\Butan\Desktop\Driver Cleaner Pro.lnk [2013.05.11 07:25:54 | 002,831,178 | ---- | C] () -- C:\Users\Butan\Desktop\DCProSetup.exe [2013.05.11 07:20:02 | 002,817,354 | ---- | C] () -- C:\Users\Butan\Desktop\DCProSetup_15.zip [2013.05.10 22:54:17 | 000,001,957 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2013.05.10 22:54:17 | 000,001,907 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [2013.05.04 14:24:47 | 000,000,944 | ---- | C] () -- C:\Users\Butan\Documents\cc_20130504_142446.reg [2013.05.04 14:24:37 | 000,055,688 | ---- | C] () -- C:\Users\Butan\Documents\cc_20130504_142436.reg [2013.05.04 14:24:01 | 000,159,412 | ---- | C] () -- C:\Users\Butan\Documents\cc_20130504_142400.reg [2013.05.04 14:21:31 | 000,003,774 | ---- | C] () -- C:\Users\Butan\Documents\cc_20130504_142130.reg [2013.04.30 03:06:51 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.04.30 03:06:51 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.04.24 02:46:15 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.04.23 21:50:36 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.26 18:18:55 | 000,000,244 | ---- | C] () -- C:\Users\Butan\.swfinfo [2013.03.25 11:17:26 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.09.16 13:30:22 | 000,010,240 | ---- | C] () -- C:\Users\Butan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.12 23:00:30 | 000,017,408 | ---- | C] () -- C:\Users\Butan\AppData\Local\WebpageIcons.db [2012.01.11 06:39:16 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.09.13 00:36:01 | 000,000,000 | ---D | M] -- C:\Users\Butan\AppData\Roaming\Babylon [2013.05.10 22:54:21 | 000,000,000 | ---D | M] -- C:\Users\Butan\AppData\Roaming\Canneverbe Limited [2013.03.14 16:41:42 | 000,000,000 | ---D | M] -- C:\Users\Butan\AppData\Roaming\IrfanView [2013.02.11 21:20:35 | 000,000,000 | ---D | M] -- C:\Users\Butan\AppData\Roaming\LolClient [2012.10.18 18:50:48 | 000,000,000 | ---D | M] -- C:\Users\Butan\AppData\Roaming\Memeo [2012.09.16 13:50:56 | 000,000,000 | ---D | M] -- C:\Users\Butan\AppData\Roaming\OpenOffice.org [2012.12.21 02:11:37 | 000,000,000 | ---D | M] -- C:\Users\Butan\AppData\Roaming\QuickScan [2013.04.28 13:42:12 | 000,000,000 | ---D | M] -- C:\Users\Butan\AppData\Roaming\Samsung [2013.05.04 14:12:25 | 000,000,000 | ---D | M] -- C:\Users\Butan\AppData\Roaming\SoftGrid Client [2013.03.25 11:18:37 | 000,000,000 | ---D | M] -- C:\Users\Butan\AppData\Roaming\TP < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 13.05.2013 12:26:05 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Butan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,97 Gb Total Physical Memory | 5,74 Gb Available Physical Memory | 72,05% Memory free
15,93 Gb Paging File | 13,83 Gb Available in Paging File | 86,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 880,41 Gb Total Space | 256,74 Gb Free Space | 29,16% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 21,85 Gb Free Space | 43,70% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 26,75 Gb Free Space | 2,87% Space Free | Partition Type: NTFS
Computer Name: BUTAN-PC | User Name: Butan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-2115282909-3215999341-1564346366-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{22AD27C7-FCC9-4CCA-B1BC-DD3A10A04E67}" = rport=445 | protocol=6 | dir=out | app=system |
"{287E7D71-8D91-4712-8C0E-EB1BD405CA81}" = rport=137 | protocol=17 | dir=out | app=system |
"{2C20D960-5554-4DA9-B544-FE13EB64D27F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5BB308C8-3D0B-4888-9963-9BBE626DC4C9}" = lport=138 | protocol=17 | dir=in | app=system |
"{8799F19E-0C51-47AA-A935-52DD3FE7B389}" = rport=138 | protocol=17 | dir=out | app=system |
"{9E320476-E3AB-4366-8436-F29C186D9BAB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D9A4385B-86B9-4D97-B38B-8D318A283BF4}" = rport=139 | protocol=6 | dir=out | app=system |
"{DA58F1C0-B5AD-4A18-9252-F88D67D714B2}" = lport=139 | protocol=6 | dir=in | app=system |
"{E0540A70-E728-47C8-A7B4-B2607C87F434}" = lport=445 | protocol=6 | dir=in | app=system |
"{F9C5DA96-8A2D-46FA-9FE2-08F0310E616B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FA47CE01-9104-418B-8DE9-A137D4CF7E41}" = lport=137 | protocol=17 | dir=in | app=system |
"{FD9A1910-80AE-4766-A85A-2DA233DB0CC0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{093BE104-0032-45F6-8775-FA4B733223B8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{34004D40-3871-46CA-81C5-750C849EF5A5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{57FB2129-86CF-4F25-ACF7-E08CB8A960A1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{5D5B9FDA-965D-4B63-AF80-58214CCA5D1E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{5EB1834C-5D87-44C2-9DC4-2EF1CC26B1C1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5FCCF81E-565E-448D-9127-2BF118F2CA44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{659DEDA0-83ED-4B21-ADB2-81BC7A8319A0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6BE98526-EC7E-49A8-B4E9-652FEBE3D9D8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{7455B2E2-FD62-4046-9DE3-88038F08E95A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{7E84F8E5-D7A9-46C7-865E-7BC254DFBCCD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{84BFBBDC-8618-442D-A11B-0D2F9F7807E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{97CDEB27-5C7D-42A2-B068-41DFE136EF16}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9D5D3B60-B84B-4227-BB95-79AAD490FE28}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B5D58C05-88E6-4C4D-87C2-FA3A9FE803C5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C62D9A53-01CA-4002-8D4D-82A51727FD1B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C6868CB7-4A4C-43B0-95D2-7D8586093575}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{DB515C23-6FC8-422D-B692-E48849F54CAB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{EB9D9B9D-C55C-4078-AAE6-083FCCF118BA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{17ADA314-D1BF-4E4D-827B-3EA8B50889D2}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{3384715B-AE2D-4D25-AD35-F9DC10144E1B}F:\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=f:\diablo iii\diablo iii.exe |
"UDP Query User{8965DC1C-BB35-4EDF-9F1C-42D77187607A}F:\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=f:\diablo iii\diablo iii.exe |
"UDP Query User{A4FB87E3-7273-455C-B57B-A3C74FFFC7CE}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Security Task Manager" = Security Task Manager 1.8d
"Steam App 730" = Counter-Strike: Global Offensive
"VLC media player" = VLC media player 2.0.5
"WinPcapInst" = WinPcap 4.1.2
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.05.2013 01:32:55 | Computer Name = Butan-PC | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags
bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
args)
Error - 11.05.2013 01:38:48 | Computer Name = Butan-PC | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags
bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
args)
Error - 11.05.2013 06:53:40 | Computer Name = Butan-PC | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags
bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
args)
Error - 11.05.2013 10:24:32 | Computer Name = Butan-PC | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags
bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
args)
Error - 12.05.2013 17:26:02 | Computer Name = Butan-PC | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags
bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
args)
Error - 12.05.2013 19:58:59 | Computer Name = Butan-PC | Source = Application Hang | ID = 1002
Description = Programm WinRAR.exe, Version 4.20.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 129c Startzeit:
01ce4f6c9cfafa97 Endzeit: 5440 Anwendungspfad: C:\Program Files\WinRAR\WinRAR.exe
Berichts-ID:
e358bf16-bb5f-11e2-8669-8c89a5c3ccb5
Error - 13.05.2013 04:30:55 | Computer Name = Butan-PC | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags
bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
args)
Error - 13.05.2013 04:43:57 | Computer Name = Butan-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Butan\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 13.05.2013 04:45:23 | Computer Name = Butan-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Butan\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 13.05.2013 04:45:29 | Computer Name = Butan-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Butan\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
[ System Events ]
Error - 04.03.2013 00:23:20 | Computer Name = Butan-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 04.03.2013 00:23:20 | Computer Name = Butan-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 04.03.2013 16:33:55 | Computer Name = Butan-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 04.03.2013 16:33:55 | Computer Name = Butan-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 05.03.2013 06:02:58 | Computer Name = Butan-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 05.03.2013 06:02:58 | Computer Name = Butan-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 05.03.2013 06:09:18 | Computer Name = Butan-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 05.03.2013 06:09:18 | Computer Name = Butan-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 06.03.2013 00:43:54 | Computer Name = Butan-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 06.03.2013 00:43:54 | Computer Name = Butan-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
< End of report >
Trotz meiner Unerfahrenheit hab ich die Vermutung / die Recherche das es vielleicht doch was schlimmes sein könnte?  Gruß aus Duisburg Kann leider nicht mehr editieren.. Auch wenns in der falschen Reihenfolge ist , hier die GMER LOGs wie in den Hilfethreads erklärt : Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-13 14:14:03
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.MS2O 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Butan\AppData\Local\Temp\pwdoqpow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80003bec000 19 bytes [FF, FF, 0F, BA, 25, 3A, 03, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 580 fffff80003bec014 3 bytes [C1, E2, 20]
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Geändert von pikbutan (13.05.2013 um 12:23 Uhr) Grund: Vergessen |
| Themen zu Logs nach einem Trojan.Zbot.ED fund |
| adobe, autorun, battle.net, defender, downloader, flash player, homepage, html/scrinject.b.gen, iexplore.exe, install.exe, plug-in, programm, pup.downloader.loadmoney, realtek, richtlinie, rundll, security, software, svchost.exe, temp, trojan.agent, trojan.ransom, trojan.ransom.rre, trojan.zbot.ed, win32/reveton.m |
Baum-Darstellung