Jump to content

Gurkengelee

Members
 View Profile  See their activity

  • Posts

    8

  • Joined

  • Last visited

 Content Type 

Everything posted by Gurkengelee

  1. Gurkengelee
    Dear CatByte, thanks for all the help, I did as you asked. PC seems to be running fine now and faster than before. Thank you very much for your time! Gurkengelee
  2. Gurkengelee
    Yep everything is working fine. Thanks for all your help CatByte!
  3. Gurkengelee
    Dear CatByte, thanks for the help, I did as you asked: JRT.txt: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Professional x64 Ran by Dekar on 07.05.2013 at 20:19:13,98 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\trymedia" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 07.05.2013 at 20:22:46,67 End of JRT log ~~~~~~~~~~~~~~~~~~~~~ MBAM: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.07.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16540 Dekar :: NIGHTMARE [Administrator] 07.05.2013 20:30:02 mbam-log-2013-05-07 (20-30-02).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 263807 Laufzeit: 5 Minute(n), 23 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) ESETSCAN: D:\PDFCreator\Toolbar\pdfforge Toolbar-4_4_0_setup.exe Win32/Toolbar.Widgi application E:\Downloads\PDFXVwer_2.5.210.exe a variant of Win32/Bundled.Toolbar.Ask application E:\Downloads\Hd Backup\PC\Software\Nero BackItUp\setup.exe a variant of Win32/Bundled.Toolbar.Ask.A application Do you think it is necessary to change all passwords? Sincerly Gurkengelee AdwCleanerS1.txt
  4. Gurkengelee
    Dear CatByte, I tried running GMER from another .exe and another location but it still gives me crashes. I ran MBAR and it didn´t find anything. Here are the logs: MBAR-Log: Malwarebytes Anti-Rootkit BETA 1.05.0.1001 www.malwarebytes.org Database version: v2013.05.07.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16540 Dekar :: NIGHTMARE [administrator] 07.05.2013 05:41:31 mbar-log-2013-05-07 (05-41-31).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 32744 Time elapsed: 9 minute(s), 41 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) System-Log: --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.05.0.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16540 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 2.399000 GHz Memory total: 8588288000, free: 5772627968 ------------ Kernel report ------------ 05/07/2013 05:26:16 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\sptd.sys \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\intelide.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\vmbus.sys \SystemRoot\system32\drivers\winhv.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\nvstor.sys \SystemRoot\system32\drivers\storport.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\DRIVERS\MpFilter.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\vmstorfl.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\SysWOW64\speedfan.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\Drivers\ElbyCDIO.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\AppleCharger.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\System32\Drivers\EtronXHCI.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\parport.sys \SystemRoot\system32\DRIVERS\avmaudio.sys \SystemRoot\system32\DRIVERS\avmaura.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\VClone.sys \SystemRoot\system32\DRIVERS\SCSIPORT.SYS \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\LGBusEnum.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\System32\Drivers\EtronHub3.sys \SystemRoot\System32\Drivers\USBD.SYS \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\AtihdW76.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\DRIVERS\udfs.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\LGSUsbFilt.Sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\drivers\usbaudio.sys \SystemRoot\system32\DRIVERS\ladfGSRamd64.sys \SystemRoot\system32\DRIVERS\ladfGSCamd64.sys \SystemRoot\system32\DRIVERS\LGSHidFilt.Sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\DRIVERS\atksgt.sys \SystemRoot\system32\DRIVERS\lirsgt.sys \SystemRoot\system32\DRIVERS\NisDrvWFP.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \??\C:\Windows\system32\drivers\DDCDrv.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\drivers\LGVirHid.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \??\C:\Users\Dekar\AppData\Local\Temp\fgldapow.sys \SystemRoot\system32\drivers\spsys.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk5\DR5 Upper Device Object: 0xfffffa8008c12790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000088\ Lower Device Object: 0xfffffa8008a2db60 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR Initialization returned 0x0 Load Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xfffffa8008c23790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000087\ Lower Device Object: 0xfffffa8008a4cb60 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xfffffa8008c22790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000086\ Lower Device Object: 0xfffffa8008c03060 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xfffffa8008c6e790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000085\ Lower Device Object: 0xfffffa8008c04060 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa8008c79790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000084\ Lower Device Object: 0xfffffa8008a06b60 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8007dd9060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xfffffa8007ad3060 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0) Load Function returned 0x0 Downloaded database version: v2013.05.07.02 Downloaded database version: v2013.05.01.01 Initializing... Done! <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8007dd9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8007dd9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8007dd9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8007ad8520, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa8007ad3060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a00e56eac0, 0xfffffa8007dd9060, 0xfffffa8007503290 Lower DeviceData: 0xfffff8a00e7a55e0, 0xfffffa8007ad3060, 0xfffffa8009ca24e0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes File user open failed: C:\Windows\system32\drivers\sptd.sys (0x00000020) Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 929ACF6 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 209510400 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 209717248 Numsec = 146800640 Partition 3 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 356517888 Numsec = 620253184 Disk Size: 500107862016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)... Physical Sector Size: 0 Drive: 1, DevicePointer: 0xfffffa8008c79790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8008a3cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8008c79790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8008a06b60, DeviceName: \Device\00000084\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xfffffa8008c6e790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8008a3db90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8008c6e790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8008c04060, DeviceName: \Device\00000085\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xfffffa8008c22790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80089a4040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8008c22790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8008c03060, DeviceName: \Device\00000086\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xfffffa8008c23790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8008a05b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8008c23790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8008a4cb60, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 5, DevicePointer: 0xfffffa8008c12790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8008c06040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8008c12790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8008a2db60, DeviceName: \Device\00000088\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Done! Performing system, memory and registry scan... Done! Scan finished ======================================= Thanks for all your help! Gurkengelee
  5. Gurkengelee
    Dear CatByte, thanks for the response. I am posting the reports of the DDS logs below. I started GMER and it didn´t give a rootkit warning. I tried your settings for a complete scan anyway but it crashed the six times I tried to run it after 2 to 4 minutes or so. I will try it again tomorrow and post my results here. DDS.txt: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.21.2 Run by Dekar at 20:39:35 on 2013-05-06 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8190.5213 [GMT 2:00] . AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Logitech Gaming Software\LCore.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Users\Dekar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\Skype\Phone\Skype.exe D:\Vidalia Relay Bundle\Vidalia\vidalia.exe C:\Program Files\PDF24\pdf24.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files\Windows Media Player\wmpnetwk.exe D:\Vidalia Relay Bundle\Tor\tor.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet D:\Mozilla Thunderbird\thunderbird.exe C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe E:\League of Legends\RADS\system\rads_user_kernel.exe E:\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.149\deploy\LoLLauncher.exe E:\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.11\deploy\LolClient.exe C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://juracademy.de/login/signup.php?action=tan uProxyServer = hxxp-proxy.fu-berlin.de:80 BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - D:\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Microsoft-Konto-Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - D:\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - D:\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - D:\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart uRun: [spotify Web Helper] "C:\Users\Dekar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [Vidalia] "D:\Vidalia Relay Bundle\Vidalia\vidalia.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [PDFPrint] C:\Program Files\PDF24\pdf24.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoInternetOpenWidth = dword:1 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: An OneNote s&enden - D:\MICROS~1\Office14\ONBttnIE.dll/105 IE: Nach Microsoft E&xel exportieren - D:\MICROS~1\Office14\EXCEL.EXE/3000 IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Dekar\Desktop\PartyPoker.lnk IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - D:\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 192.168.178.1 TCP: Interfaces\{54D10D7D-35B6-486C-A559-2892CB2A8C81} : DHCPNameServer = 192.168.178.1 TCP: Interfaces\{F6970193-2110-45EF-A346-EDFE35B1ACDD} : DHCPNameServer = 192.168.178.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey . INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320] R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2011-11-6 21104] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640] R2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;C:\Windows\System32\drivers\ddcdrv.sys [2012-3-8 20832] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256] R3 avmaudio;AVM Audio;C:\Windows\System32\drivers\avmaudio.sys [2010-11-7 116096] R3 avmaura;AVM USB-Fernanschluss;C:\Windows\System32\drivers\avmaura.sys [2010-4-17 116096] R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-2-8 39936] R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-2-8 64512] R3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\System32\drivers\ladfGSCamd64.sys [2011-4-11 410184] R3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\System32\drivers\ladfGSRamd64.sys [2011-4-11 341832] R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-24 22408] R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2012-10-3 66360] R3 LGSUsbFilt;Logitech Gaming KMDF USB Filter Driver;C:\Windows\System32\drivers\LGSUsbFilt.sys [2012-10-3 43832] R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-24 16008] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-11-6 413800] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384] S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?] S3 CTUPnPSv;Creative Centrale Media Server;C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [2008-5-21 64000] S3 LADF_DHP2;G35 DHP2 Filter Driver;C:\Windows\System32\drivers\ladfDHP2amd64.sys [2010-9-29 62168] S3 LADF_SBVM;G35 SBVM Filter Driver;C:\Windows\System32\drivers\ladfSBVMamd64.sys [2010-9-29 377176] S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-10-7 327704] S3 LVUVC64;Logitech QuickCam E3500(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008] S3 NisSrv;Microsoft-Netzwerkinspektion;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360] S3 nrtap;NeoRouter Virtual Network Interface;C:\Windows\System32\drivers\nrtap.sys [2009-9-1 29696] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-13 19456] S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-13 57856] . =============== Created Last 30 ================ . 2013-05-06 18:02:32 9317456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0E03384C-F038-4DDF-9D5E-D292786E9943}\mpengine.dll 2013-05-06 17:56:00 -------- d-----w- C:\$RECYCLE.BIN 2013-05-06 17:41:39 98816 ----a-w- C:\Windows\sed.exe 2013-05-06 17:41:39 256000 ----a-w- C:\Windows\PEV.exe 2013-05-06 17:41:39 208896 ----a-w- C:\Windows\MBR.exe 2013-05-06 04:27:35 -------- d-----w- C:\FRST 2013-05-02 16:37:42 9317456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-04-30 05:22:07 -------- d-----w- C:\Users\Dekar\AppData\Roaming\Malwarebytes 2013-04-30 05:21:54 -------- d-----w- C:\ProgramData\Malwarebytes 2013-04-23 18:17:45 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-23 17:48:48 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-04-23 17:48:48 905296 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2AB3B8D5-0E2B-4339-B1F0-99EAE949CCCC}\gapaengine.dll 2013-04-21 14:31:58 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-04-21 06:52:18 -------- d-----w- C:\Windows\83F12F73D52E40C093B1463C311C4E17.TMP 2013-04-20 08:50:12 -------- d-----w- C:\Users\Dekar\AppData\Roaming\tor 2013-04-20 08:50:07 -------- d-----w- C:\Users\Dekar\AppData\Local\Vidalia 2013-04-20 08:50:07 -------- d-----w- C:\Users\Dekar\AppData\Local\Tor 2013-04-15 07:19:57 -------- d-----w- C:\Users\Dekar\AppData\Roaming\e-academy Inc 2013-04-11 19:40:17 -------- d-----w- C:\Users\Dekar\AppData\Roaming\coe3 2013-04-10 07:13:09 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-04-10 07:13:08 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-04-10 07:13:08 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-04-10 07:13:07 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll 2013-04-10 07:13:07 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2013-04-10 07:13:07 112640 ----a-w- C:\Windows\System32\smss.exe 2013-04-10 07:13:05 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-04-10 07:13:01 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys . ==================== Find3M ==================== . 2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-03-28 06:52:56 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-03-28 06:52:56 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-03-13 19:10:17 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys 2013-03-13 18:23:05 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-03-12 21:02:18 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-12 21:02:18 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll 2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-02-21 10:14:05 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-02-21 09:20:49 963488 ----a-w- C:\Windows\System32\deployJava1.dll 2013-02-21 09:20:49 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll 2013-02-21 09:20:49 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2013-02-19 12:01:03 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-02-19 11:42:14 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-02-19 11:10:53 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-02-19 10:51:18 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys . ============= FINISH: 20:39:53,31 =============== Attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 17.10.2009 10:24:38 System Uptime: 06.05.2013 19:55:20 (1 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | G41MT-USB3 Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 100 GiB total, 20,817 GiB free. D: is FIXED (NTFS) - 70 GiB total, 67,754 GiB free. E: is FIXED (NTFS) - 296 GiB total, 116,387 GiB free. F: is CDROM () G: is CDROM (UDF) H: is CDROM () I: is Removable J: is Removable K: is Removable L: is Removable M: is Removable Z: is NetworkDisk (NTFS) - 1146 GiB total, 1106,811 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Photosmart C5100 series Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Photosmart C5100 series PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Description: Photosmart C5100 series Device ID: ROOT\IMAGE\0000 Manufacturer: HP Name: Photosmart C5100 series PNP Device ID: ROOT\IMAGE\0000 Service: StillCam . ==== System Restore Points =================== . RP537: 23.04.2013 20:17:47 - Windows Update RP538: 27.04.2013 08:16:01 - Windows Update RP539: 30.04.2013 19:21:15 - Windows Update RP540: 05.05.2013 21:28:46 - Windows Update . ==== Installed Programs ====================== . [translation missing: EVERemoveOnly] 64 Bit HP CIO Components Installer 7-Zip 4.65 Adobe AIR Adobe Connect Add-in Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Shockwave Player 11.6 Age of Empires III: Complete Collection AIO_CDA_ProductContext AIO_CDA_Software AIO_Scan AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD AVIVO64 Codecs AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Media Foundation Decoders Anno 1701 ANNO 2070 Application Profiles µTorrent AudibleManager Blood Bowl: Legendary Edition BufferChm C5100 c5100_Help Call of Duty® 4 - Modern Warfare 1.6 Patch Call of Duty® 4 - Modern Warfare 1.7 Patch Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Chessmaster Combined Community Codec Pack 2009-09-09 Conquest of Elysium 3 Copy Creative Centrale Creative Software Update Creative ZEN Mozaic EZ Series Dokumentation D3DX10 Dark UI v3.5 Dawn Of War Destinations DeviceDiscovery Diablo III DocProc Don't Starve Etron USB3.0 Host Controller EVEMon Fallout2 Fantasy Grounds II Fax FileZilla Client 3.3.4.1 Forged Alliance Forever Fotogalerie Geneforge 1 Geneforge 2 Geneforge 3 Geneforge 4 Geneforge 5 GIMP 2.8.2 Google Chrome Google Drive Google Update Helper GPBaseService2 GPGNet HP Imaging Device Functions 13.0 HP Photosmart All-In-One Driver Software 13.0 Rel. A HP Photosmart Essential 3.5 HP Smart Web Printing 4.51 HP Solution Center 13.0 HP Update HPPhotoGadget HPPhotoSmartDiscLabelContent1 HPPhotosmartEssential HPProductAssistant HydraVision Intel® Control Center Intel® Graphics Media Accelerator Driver IrfanView (remove only) Java 7 Update 15 (64-bit) Java 7 Update 21 Java Auto Updater JDownloader League of Legends LibreOffice 3.6 Logitech Gaming Software Logitech Gaming Software 8.40 Magic The Gathering Online Microsoft .NET Framework 1.1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Game Studios Common Redistributables Pack 1 Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual J# 2.0 Redistributable Package Microsoft XML Parser Microsoft XNA Framework Redistributable 3.1 Microsoft XNA Framework Redistributable 4.0 Morrowind Movie Maker MozBackup 1.4.9 Mozilla Maintenance Service Mozilla Thunderbird 17.0.5 (x86 de) MSVC80_x64_v2 MSVC80_x86_v2 MSVC90_x64 MSVC90_x86 MSVCRT MSVCRT110 MSVCRT110_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Mumble 1.2.3 Network64 Nokia Connectivity Cable Driver Notepad++ OCR Software by I.R.I.S. 13.0 ON_OFF Charge B11.0110.1 OpenAL PartyPoker PC Connectivity Solution PDF-Viewer PDF24 Creator 5.3.0 PDFCreator Penumbra: Overture Photo Common Photo Gallery PlanetSide 2 Plants vs. Zombies: Game of the Year PokerStars PunkBuster Services Real Alternative 2.0.2 Realm of the Mad God Realtek Ethernet Controller Driver Realtek High Definition Audio Driver RGSS-RTP Standard RPG MAKER VX Ace S.T.A.L.K.E.R.: Shadow of Chernobyl Scan Secure Download Manager Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Sins of a Solar Empire: Trinity Skype Click to Call Skype™ 6.3 SmartWebPrinting SolutionCenter SpeedFan (remove only) Spotify Stalker Complete 2009 v1.4.4 Star Wars Empire at War Star Wars Empire at War Forces of Corruption StarCraft II Status Steam Supreme Commander - Forged Alliance swMSM TeamSpeak 3 Client TES Construction Set The Banner Saga: Factions Toolbox Tor 0.2.3.25 TrayApp Trine Ubisoft Game Launcher UnloadSupport Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Vampire Realism II Vidalia 0.2.21 VirtualCloneDrive Visual Studio 2008 x64 Redistributables Visual Studio 2010 x64 Redistributables VLC media player 2.0.6 WebReg Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) Windows 7 USB/DVD Download Tool Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Messenger Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Media Player Firefox Plugin WinRAR WISO Mein Geld 2013 Professional . ==== End Of File =========================== Thanks for your help and patience! Gurkengelee
  6. Gurkengelee
    Dear CatByte, thanks for the instructions, I did as you asked. FRST64Log: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-05-2013 02 Ran by Dekar at 2013-05-06 19:33:44 Run:1 Running from E:\Downloads Boot Mode: Normal ============================================== HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} => Value deleted successfully. HKCR\CLSID\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully. HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found. HKCR\PROTOCOLS\Handler\skype-ie-addon-data => Key deleted successfully. HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found. C:\ProgramData\hash.dat => Moved successfully. ==== End of Fixlog ==== ComboFix Log: ComboFix 13-05-06.03 - Dekar 06.05.2013 19:43:56.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8190.6467 [GMT 2:00] ausgeführt von:: c:\users\Dekar\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Dekar\AppData\Local\Temp\_MEI38602\_ctypes.pyd c:\users\Dekar\AppData\Local\Temp\_MEI38602\_elementtree.pyd c:\users\Dekar\AppData\Local\Temp\_MEI38602\_hashlib.pyd c:\users\Dekar\AppData\Local\Temp\_MEI38602\_multiprocessing.pyd c:\users\Dekar\AppData\Local\Temp\_MEI38602\_socket.pyd c:\users\Dekar\AppData\Local\Temp\_MEI38602\_ssl.pyd c:\users\Dekar\AppData\Local\Temp\_MEI38602\pyexpat.pyd c:\users\Dekar\AppData\Local\Temp\_MEI38602\pysqlite2._sqlite.pyd c:\users\Dekar\AppData\Local\Temp\_MEI38602\python27.dll c:\users\Dekar\AppData\Local\Temp\_MEI38602\pythoncom27.dll c:\users\Dekar\AppData\Local\Temp\_MEI38602\PyWinTypes27.dll c:\users\Dekar\AppData\Local\Temp\_MEI38602\select.pyd c:\users\Dekar\AppData\Local\Temp\_MEI38602\unicodedata.pyd c:\users\Dekar\AppData\Local\Temp\_MEI38602\win32api.pyd c:\users\Dekar\AppData\Local\Temp\_MEI38602\win32com.shell.shell.pyd c:\users\Dekar\AppData\Local\Temp\_MEI38602\win32crypt.pyd c:\users\Dekar\AppData\Local\Temp\_MEI38602\win32event.pyd c:\users\Dekar\AppData\Local\Temp\_MEI38602\win32file.pyd c:\users\Dekar\AppData\Local\Temp\_MEI38602\win32inet.pyd c:\users\Dekar\AppData\Local\Temp\_MEI38602\win32pdh.pyd c:\users\Dekar\AppData\Local\Temp\_MEI38602\win32process.pyd c:\users\Dekar\AppData\Local\Temp\_MEI38602\win32profile.pyd c:\users\Dekar\AppData\Local\Temp\_MEI38602\win32security.pyd c:\users\Dekar\AppData\Local\Temp\_MEI38602\win32ts.pyd c:\users\Dekar\AppData\Local\Temp\_MEI38602\windows._cacheinvalidation.pyd c:\users\Dekar\AppData\Local\Temp\_MEI38602\wx._controls_.pyd c:\users\Dekar\AppData\Local\Temp\_MEI38602\wx._core_.pyd c:\users\Dekar\AppData\Local\Temp\_MEI38602\wx._gdi_.pyd c:\users\Dekar\AppData\Local\Temp\_MEI38602\wx._html2.pyd c:\users\Dekar\AppData\Local\Temp\_MEI38602\wx._misc_.pyd c:\users\Dekar\AppData\Local\Temp\_MEI38602\wx._windows_.pyd c:\users\Dekar\AppData\Local\Temp\_MEI38602\wx._wizard.pyd c:\users\Dekar\AppData\Local\Temp\_MEI38602\wxbase294u_net_vc90.dll c:\users\Dekar\AppData\Local\Temp\_MEI38602\wxbase294u_vc90.dll c:\users\Dekar\AppData\Local\Temp\_MEI38602\wxmsw294u_adv_vc90.dll c:\users\Dekar\AppData\Local\Temp\_MEI38602\wxmsw294u_core_vc90.dll c:\users\Dekar\AppData\Local\Temp\_MEI38602\wxmsw294u_html_vc90.dll c:\users\Dekar\AppData\Local\Temp\_MEI38602\wxmsw294u_webview_vc90.dll c:\users\Dekar\AppData\Roaming\0ad c:\users\Dekar\AppData\Roaming\0ad\config\user.cfg c:\windows\SysWow64\logs c:\windows\SysWow64\URTTemp c:\windows\SysWow64\URTTemp\regtlib.exe . . ((((((((((((((((((((((( Dateien erstellt von 2013-04-06 bis 2013-05-06 )))))))))))))))))))))))))))))) . . 2013-05-06 04:27 . 2013-05-06 04:27 -------- d-----w- C:\FRST 2013-05-01 04:53 . 2013-05-01 04:53 -------- d-----w- c:\program files (x86)\Common Files\Skype 2013-04-30 05:22 . 2013-04-30 05:22 -------- d-----w- c:\users\Dekar\AppData\Roaming\Malwarebytes 2013-04-30 05:21 . 2013-04-30 05:21 -------- d-----w- c:\programdata\Malwarebytes 2013-04-23 18:17 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-21 14:32 . 2013-04-21 14:32 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-04-21 14:31 . 2013-04-04 03:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-04-21 06:52 . 2013-04-21 06:52 -------- d-----w- c:\windows\83F12F73D52E40C093B1463C311C4E17.TMP 2013-04-20 08:50 . 2013-05-06 17:57 -------- d-----w- c:\users\Dekar\AppData\Roaming\tor 2013-04-20 08:50 . 2013-05-06 17:56 -------- d-----w- c:\users\Dekar\AppData\Local\Vidalia 2013-04-20 08:50 . 2013-04-20 08:50 -------- d-----w- c:\users\Dekar\AppData\Local\Tor 2013-04-15 07:19 . 2013-04-15 07:19 -------- d-----w- c:\users\Dekar\AppData\Roaming\e-academy Inc 2013-04-11 19:40 . 2013-04-11 19:40 -------- d-----w- c:\users\Dekar\AppData\Roaming\coe3 2013-04-10 07:13 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-04-10 07:13 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-04-10 07:13 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-04-10 07:13 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-04-10 07:13 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-04-10 07:13 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe 2013-04-10 07:13 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-04-10 07:13 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-02 15:29 . 2009-10-17 08:32 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-23 17:48 . 2013-04-23 17:48 905296 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2AB3B8D5-0E2B-4339-B1F0-99EAE949CCCC}\gapaengine.dll 2013-04-10 07:16 . 2009-10-17 08:31 72702784 ----a-w- c:\windows\system32\MRT.exe 2013-04-10 03:46 . 2013-05-05 19:29 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D9460696-8A98-4DCE-B92E-2E349D56FD8B}\mpengine.dll 2013-04-10 03:46 . 2013-05-02 16:37 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-03-29 06:39 . 2013-04-23 17:48 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-03-28 06:52 . 2013-02-16 00:47 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-03-28 06:52 . 2010-04-25 13:21 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-03-19 04:50 . 2013-03-29 06:38 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4ACDCC96-3E03-4AC7-806F-A68676949AA9}\mpengine.dll 2013-03-13 19:10 . 2013-03-13 19:10 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2013-03-13 18:24 . 2013-03-13 18:24 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-03-13 18:24 . 2013-03-13 18:24 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-03-13 18:24 . 2013-03-13 18:24 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-03-13 18:24 . 2013-03-13 18:24 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-03-13 18:24 . 2013-03-13 18:24 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-03-13 18:24 . 2013-03-13 18:24 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-03-13 18:24 . 2013-03-13 18:24 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-03-13 18:24 . 2013-03-13 18:24 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-03-13 18:24 . 2013-03-13 18:24 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-03-13 18:24 . 2013-03-13 18:24 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-03-13 18:24 . 2013-03-13 18:24 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-03-13 18:24 . 2013-03-13 18:24 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-03-13 18:24 . 2013-03-13 18:24 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-03-13 18:24 . 2013-03-13 18:24 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-03-13 18:24 . 2013-03-13 18:24 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-03-13 18:24 . 2013-03-13 18:24 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-03-13 18:24 . 2013-03-13 18:24 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-03-13 18:24 . 2013-03-13 18:24 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-03-13 18:24 . 2013-03-13 18:24 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-03-13 18:24 . 2013-03-13 18:24 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-03-13 18:24 . 2013-03-13 18:24 81408 ----a-w- c:\windows\system32\icardie.dll 2013-03-13 18:24 . 2013-03-13 18:24 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-03-13 18:24 . 2013-03-13 18:24 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-03-13 18:24 . 2013-03-13 18:24 441856 ----a-w- c:\windows\system32\html.iec 2013-03-13 18:24 . 2013-03-13 18:24 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-03-13 18:24 . 2013-03-13 18:24 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-03-13 18:24 . 2013-03-13 18:24 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-03-13 18:24 . 2013-03-13 18:24 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-03-13 18:24 . 2013-03-13 18:24 235008 ----a-w- c:\windows\system32\url.dll 2013-03-13 18:24 . 2013-03-13 18:24 216064 ----a-w- c:\windows\system32\msls31.dll 2013-03-13 18:24 . 2013-03-13 18:24 197120 ----a-w- c:\windows\system32\msrating.dll 2013-03-13 18:24 . 2013-03-13 18:24 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-03-13 18:24 . 2013-03-13 18:24 144896 ----a-w- c:\windows\system32\wextract.exe 2013-03-13 18:24 . 2013-03-13 18:24 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-03-13 18:24 . 2013-03-13 18:24 102912 ----a-w- c:\windows\system32\inseng.dll 2013-03-13 18:24 . 2013-03-13 18:24 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-03-13 18:24 . 2013-03-13 18:24 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-03-13 18:24 . 2013-03-13 18:24 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-03-13 18:24 . 2013-03-13 18:24 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-03-13 18:24 . 2013-03-13 18:24 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-03-13 18:24 . 2013-03-13 18:24 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-03-13 18:24 . 2013-03-13 18:24 149504 ----a-w- c:\windows\system32\occache.dll 2013-03-13 18:24 . 2013-03-13 18:24 13824 ----a-w- c:\windows\system32\mshta.exe 2013-03-13 18:24 . 2013-03-13 18:24 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-03-13 18:24 . 2013-03-13 18:24 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-03-13 18:24 . 2013-03-13 18:24 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-03-13 18:24 . 2013-03-13 18:24 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-03-13 18:24 . 2013-03-13 18:24 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-03-13 18:24 . 2013-03-13 18:24 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-03-13 18:23 . 2013-03-13 18:23 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-03-13 18:23 . 2013-03-13 18:23 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-03-13 18:23 . 2013-03-13 18:23 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-03-13 18:23 . 2013-03-13 18:23 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-03-13 18:23 . 2013-03-13 18:23 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-03-13 18:23 . 2013-03-13 18:23 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-03-13 18:23 . 2013-03-13 18:23 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2013-03-13 18:23 . 2013-03-13 18:23 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-03-13 18:23 . 2013-03-13 18:23 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-03-13 18:23 . 2013-03-13 18:23 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2013-03-13 18:23 . 2013-03-13 18:23 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-03-13 18:23 . 2013-03-13 18:23 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-03-13 18:23 . 2013-03-13 18:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-03-13 18:23 . 2013-03-13 18:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-03-13 18:23 . 2013-03-13 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2013-03-13 18:23 . 2013-03-13 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-03-13 18:23 . 2013-03-13 18:23 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-03-13 18:23 . 2013-03-13 18:23 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-03-13 18:23 . 2013-03-13 18:23 1682432 ----a-w- c:\windows\system32\XpsPrint.dll 2013-03-13 18:23 . 2013-03-13 18:23 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2013-03-13 18:23 . 2013-03-13 18:23 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-03-13 18:23 . 2013-03-13 18:23 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-03-13 18:23 . 2013-03-13 18:23 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2013-03-13 18:23 . 2013-03-13 18:23 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-03-13 18:23 . 2013-03-13 18:23 3928064 ----a-w- c:\windows\system32\d2d1.dll 2013-03-13 18:23 . 2013-03-13 18:23 363008 ----a-w- c:\windows\system32\dxgi.dll 2013-03-13 18:23 . 2013-03-13 18:23 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll 2013-03-13 18:23 . 2013-03-13 18:23 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2013-03-13 18:23 . 2013-03-13 18:23 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll 2013-03-13 18:23 . 2013-03-13 18:23 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll 2013-03-13 18:23 . 2013-03-13 18:23 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll 2013-03-13 18:23 . 2013-03-13 18:23 648192 ----a-w- c:\windows\system32\d3d10level9.dll 2013-03-13 18:23 . 2013-03-13 18:23 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2013-03-13 18:23 . 2013-03-13 18:23 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll 2013-03-13 18:23 . 2013-03-13 18:23 333312 ----a-w- c:\windows\system32\d3d10_1core.dll 2013-03-13 18:23 . 2013-03-13 18:23 296960 ----a-w- c:\windows\system32\d3d10core.dll 2013-03-13 18:23 . 2013-03-13 18:23 293376 ----a-w- c:\windows\SysWow64\dxgi.dll 2013-03-13 18:23 . 2013-03-13 18:23 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2013-03-13 18:23 . 2013-03-13 18:23 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2013-03-13 18:23 . 2013-03-13 18:23 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll 2013-03-13 18:23 . 2013-03-13 18:23 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-04-16 19662744] "Spotify Web Helper"="c:\users\Dekar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-01-12 1199576] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024] "Vidalia"="d:\vidalia relay bundle\Vidalia\vidalia.exe" [2013-02-06 6239727] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728] "PDFPrint"="c:\program files\PDF24\pdf24.exe" [2013-02-19 162856] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoInternetOpenWidth"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384] R3 Aken;Aken;e:\0 a.d. alpha\binaries\system\aken64.sys [x] R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272] R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x] R3 CTUPnPSv;Creative Centrale Media Server;c:\program files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000] R3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys [2010-09-29 62168] R3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys [2010-09-29 377176] R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704] R3 LVUVC64;Logitech QuickCam E3500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288] R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;d:\msi\Live Update 5\msibios64_100507.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008] R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360] R3 nrtap;NeoRouter Virtual Network Interface;c:\windows\system32\DRIVERS\nrtap.sys [2009-09-01 29696] R3 NTIOLib_1_0_4;NTIOLib_1_0_4;d:\msi\Live Update 5\NTIOLib_X64.sys [x] R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640] S2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\DDCDrv.sys [2012-03-08 20832] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256] S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [2010-11-07 116096] S3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\DRIVERS\avmaura.sys [2010-04-17 116096] S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936] S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512] S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-04-11 410184] S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-04-11 341832] S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408] S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2012-10-02 66360] S3 LGSUsbFilt;Logitech Gaming KMDF USB Filter Driver;c:\windows\system32\DRIVERS\LGSUsbFilt.Sys [2012-10-02 43832] S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhalt des "geplante Tasks" Ordners . 2013-05-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 21:02] . 2013-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-26 18:14] . 2013-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-26 18:14] . 2013-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2688776608-3082795507-739649375-1001Core.job - c:\users\Dekar\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-10 18:09] . 2013-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2688776608-3082795507-739649375-1001UA.job - c:\users\Dekar\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-10 18:09] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-14 11697768] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-06 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-06 391192] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-06 413720] "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-11-29 7406392] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://juracademy.de/login/signup.php?action=tan uLocal Page = c:\windows\system32\blank.htm uInternet Settings,ProxyServer = http-proxy.fu-berlin.de:80 IE: An OneNote s&enden - d:\micros~1\Office14\ONBttnIE.dll/105 IE: Nach Microsoft E&xel exportieren - d:\micros~1\Office14\EXCEL.EXE/3000 Trusted Zone: smu.edu.sg\eservices TCP: DhcpNameServer = 192.168.178.1 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start AddRemove-WISO Mein Geld 2013 Professional - c:\program files (x86)\Buhl\WISO Mein Geld 2013\setup.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-2688776608-3082795507-739649375-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) "??"=hex:02,e8,e6,31,e6,89,cf,61,77,ee,50,23,3c,5d,87,7d,65,d8,eb,01,f4,d5,b7, f6,59,7b,d0,9f,ae,6a,b7,3c,f7,4b,ec,f4,e2,90,07,8b,18,1a,b1,65,86,a6,fa,a6,\ "??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12 . [HKEY_USERS\S-1-5-21-2688776608-3082795507-739649375-1001\Software\SecuROM\License information*] "datasecu"=hex:91,45,89,2d,01,76,e6,d1,af,9a,bf,a4,6b,a5,89,94,2a,d9,a2,b3,16, af,12,31,0f,ac,96,19,00,aa,b8,09,80,0d,83,56,2a,f1,43,64,a3,56,81,c0,2f,43,\ "rkeysecu"=hex:1c,cc,a0,27,79,fd,78,a3,39,61,9f,78,21,bc,99,a8 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Creative\Shared Files\CTDevSrv.exe c:\windows\SysWOW64\PnkBstrA.exe d:\vidalia relay bundle\Tor\tor.exe . ************************************************************************** . Zeit der Fertigstellung: 2013-05-06 20:02:18 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2013-05-06 18:02 . Vor Suchlauf: 16 Verzeichnis(se), 22.548.381.696 Bytes frei Nach Suchlauf: 21 Verzeichnis(se), 22.214.766.592 Bytes frei . - - End Of File - - E2EC443625AD03D1DEB8B1DF4554BA69 Thanks for your help! Gurkengelee
  7. Gurkengelee
    Dear CatByte, thanks for the reply, I did as you asked. I uninstalled Malwarebytes and Spybot since my last posting, since I thought the problem to be resolved. Sorry for that, but it is why they wont show up in Additions.txt. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-05-2013 02 Ran by Dekar (administrator) on 06-05-2013 06:27:40 Running from E:\Downloads Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Google Inc.) C:\Users\Dekar\AppData\Local\Google\Update\GoogleUpdate.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Spotify Ltd) C:\Users\Dekar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe () D:\Vidalia Relay Bundle\Vidalia\vidalia.exe (Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe () D:\Vidalia Relay Bundle\Tor\tor.exe (Google Inc.) C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (CCP hf.) E:\CCP\EVE\bin\ExeFile.exe (Google Inc.) C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe (Mozilla Corporation) D:\Mozilla Thunderbird\thunderbird.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe (Farbar) E:\Downloads\FRST64.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11697768 2010-12-14] (Realtek Semiconductor) HKLM\...\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized [7406392 2012-11-29] (Logitech Inc.) HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation) HKCU\...\Run: [Google Update] "C:\Users\Dekar\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-10-10] (Google Inc.) HKCU\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [19662744 2013-04-16] (Google) HKCU\...\Run: [spotify Web Helper] "C:\Users\Dekar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1199576 2013-01-12] (Spotify Ltd) HKCU\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.) HKCU\...\Run: [Vidalia] "D:\Vidalia Relay Bundle\Vidalia\vidalia.exe" [x] MountPoints2: {1ee57bac-00bd-11e1-a936-0019dbb281c4} - H:\AutoRunMorrowind.exe MountPoints2: {201f1086-75fb-11df-af9c-0019dbb281c4} - H:\AutoRunMorrowind.exe MountPoints2: {3105a404-be57-11e0-81cb-0019dbb281c4} - I:\AutoRunMorrowind.exe MountPoints2: {333fb290-18cd-11e1-8018-50e54920da71} - H:\CD_Start.exe MountPoints2: {64c3df01-f31b-11de-a3b9-0019dbb281c4} - H:\LaunchU3.exe -a MountPoints2: {7a8f50c0-99c3-11e0-a23a-806e6f6e6963} - H:\Installer.exe MountPoints2: {7a8f5221-99c3-11e0-a23a-0019dbb281c4} - I:\AutoRunMorrowind.exe MountPoints2: {7dde079d-5723-11e1-93b9-50e54920da71} - H:\autorun.exe MountPoints2: {b4e55504-f3af-11de-a5dc-0019dbb281c4} - H:\AutoRun.exe MountPoints2: {b4e55509-f3af-11de-a5dc-0019dbb281c4} - H:\AutoRun.exe HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642728 2012-09-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe [162856 2013-02-19] (Geek Software GmbH) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) HKU\gurkengelee\...\Run: [TrueCrypt] "D:\TrueCrypt\TrueCrypt.exe" /q preferences /a logon [x] HKU\gurkengelee\...\Run: [] [x] HKU\gurkengelee\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [18642024 2013-02-28] (Skype Technologies S.A.) HKU\gurkengelee\...\Run: [DAEMON Tools Lite] "D:\DAEMON Tools Lite\DTLite.exe" -autorun [x] HKU\postgres\...\Run: [TrueCrypt] "D:\TrueCrypt\TrueCrypt.exe" /q preferences /a logon [x] HKU\postgres\...\Run: [] [x] HKU\postgres\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [18642024 2013-02-28] (Skype Technologies S.A.) HKU\postgres\...\Run: [DAEMON Tools Lite] "D:\DAEMON Tools Lite\DTLite.exe" -autorun [x] BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== ProxyServer: http-proxy.fu-berlin.de:80 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://juracademy.de/login/signup.php?action=tan HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp HKLM-x32 SearchScopes: DefaultScope {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheritage.com?orig=ds&q={searchTerms} SearchScopes: HKLM-x32 - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheritage.com?orig=ds&q={searchTerms} SearchScopes: HKCU - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheritage.com?orig=ds&q={searchTerms} BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll No File BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - D:\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll No File Toolbar: HKCU - No Name - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Dekar\AppData\Roaming\Mozilla\Firefox\Profiles\rzu4437k.default FF Homepage: hxxp://www.chip.de/|hxxp://www.financialsense.com/|https://www.wizards.com/magic/Magazine/Default.aspx|hxxp://www.jura.fu-berlin.de/ FF NetworkProxy: "autoconfig_url", "http-proxy.fu-berlin.de " FF NetworkProxy: "http", "127.0.0.1" FF NetworkProxy: "http_port", 8118 FF NetworkProxy: "ssl", "127.0.0.1" FF NetworkProxy: "ssl_port", 8118 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - D:\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Extension: No Name - C:\Users\Dekar\AppData\Roaming\Mozilla\Firefox\Profiles\rzu4437k.default\Extensions\counterpixel@jabubo.de FF Extension: Ghostery - C:\Users\Dekar\AppData\Roaming\Mozilla\Firefox\Profiles\rzu4437k.default\Extensions\firefox@ghostery.com FF Extension: HTTPS-Everywhere - C:\Users\Dekar\AppData\Roaming\Mozilla\Firefox\Profiles\rzu4437k.default\Extensions\https-everywhere@eff.org FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Dekar\AppData\Roaming\Mozilla\Firefox\Profiles\rzu4437k.default\Extensions\ich@maltegoetz.de FF Extension: Locationbar² - C:\Users\Dekar\AppData\Roaming\Mozilla\Firefox\Profiles\rzu4437k.default\Extensions\locationbar2@design-noir.de FF Extension: EPUBReader - C:\Users\Dekar\AppData\Roaming\Mozilla\Firefox\Profiles\rzu4437k.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} FF Extension: trackerblock - C:\Users\Dekar\AppData\Roaming\Mozilla\Firefox\Profiles\rzu4437k.default\Extensions\trackerblock@privacychoice.org.xpi FF Extension: No Name - C:\Users\Dekar\AppData\Roaming\Mozilla\Firefox\Profiles\rzu4437k.default\Extensions\{6bdc61ae-7b80-44a3-9476-e1d121ec2238}.xpi FF Extension: No Name - C:\Users\Dekar\AppData\Roaming\Mozilla\Firefox\Profiles\rzu4437k.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi FF Extension: No Name - C:\Users\Dekar\AppData\Roaming\Mozilla\Firefox\Profiles\rzu4437k.default\Extensions\{9efe12fc-8e7b-41dc-917e-b9341daa31e0}.xpi FF Extension: No Name - C:\Users\Dekar\AppData\Roaming\Mozilla\Firefox\Profiles\rzu4437k.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: No Name - C:\Users\Dekar\AppData\Roaming\Mozilla\Firefox\Profiles\rzu4437k.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi Chrome: ======= CHR RestoreOnStartup: "hxxp://www.chip.de/", "hxxp://dollarvigilante.com/", "hxxp://themittani.com/" CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Users\Dekar\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll () CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Dekar\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Dekar\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll () CHR Plugin: (AVG Internet Security) - C:\Users\Dekar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll No File CHR Plugin: (Octoshape Streaming Services) - C:\Users\Dekar\AppData\Roaming\Mozilla\plugins\npoctoshape.dll No File CHR Plugin: (Octoshape Streaming Services) - C:\Users\Dekar\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1002170-0-npoctoshape.dll No File CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - D:\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - D:\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Users\Dekar\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Plugin: (Foxit Reader Plugin for Mozilla) - D:\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File CHR Plugin: (VLC Web Plugin) - D:\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Extension: (ProxTube) - C:\Users\Dekar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.0_0 CHR Extension: (Google Drive) - C:\Users\Dekar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (Turn Off the Lights) - C:\Users\Dekar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.2_0 CHR Extension: (YouTube) - C:\Users\Dekar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Chrome YouTube Downloader) - C:\Users\Dekar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja\2.6.15_0 CHR Extension: (Google Search) - C:\Users\Dekar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (HTTPS Everywhere) - C:\Users\Dekar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\2013.4.30_0 CHR Extension: (AdBlock) - C:\Users\Dekar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0 CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\Dekar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.2_0 CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\Dekar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.10_0 CHR Extension: (Gmail) - C:\Users\Dekar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 ==================== Services (Whitelisted) ================= S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () R2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) S3 CTUPnPSv; C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) R3 hpqcxs08; D:\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) R2 hpqddsvc; D:\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) R2 HPSLPSVC; D:\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-04-11] () ==================== Drivers (Whitelisted) ==================== R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] () R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2012-11-18] () R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [116096 2010-11-07] (AVM Berlin) R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116096 2010-04-17] (AVM Berlin) S3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2amd64.sys [62168 2010-09-29] (Logitech) S3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMamd64.sys [377176 2010-09-29] (Logitech) R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66360 2012-10-03] (Logitech Inc.) R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [43832 2012-10-03] (Logitech Inc.) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2012-11-18] () R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation) S3 nrtap; C:\Windows\System32\DRIVERS\nrtap.sys [29696 2009-09-01] (NeoRouter Inc.) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2012-01-21] () R2 WinI2C-DDC; C:\Windows\system32\drivers\DDCDrv.sys [20832 2012-03-08] (Nicomsoft Ltd.) S3 Aken; \??\E:\0 A.D. alpha\binaries\system\aken64.sys [x] S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x] R1 ElbyCDIO; System32\Drivers\ElbyCDIO.sys [x] S3 gdrv; \??\C:\Windows\gdrv.sys [x] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x] S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [x] S3 MSI_MSIBIOS_010507; \??\D:\MSI\Live Update 5\msibios64_100507.sys [x] S3 NTIOLib_1_0_4; \??\D:\MSI\Live Update 5\NTIOLib_X64.sys [x] S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [x] S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-06 06:27 - 2013-05-06 06:27 - 00000000 ____D C:\FRST 2013-05-02 18:33 - 2013-05-02 18:33 - 00000605 ____A C:\Users\Public\Desktop\VLC media player.lnk 2013-04-30 07:33 - 2013-04-30 07:33 - 00018102 ____A C:\Users\Dekar\Desktop\dds.txt 2013-04-30 07:33 - 2013-04-30 07:33 - 00012194 ____A C:\Users\Dekar\Desktop\attach.txt 2013-04-30 07:22 - 2013-04-30 07:22 - 00000000 ____D C:\Users\Dekar\AppData\Roaming\Malwarebytes 2013-04-30 07:21 - 2013-04-30 07:21 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-04-29 18:59 - 2013-05-06 05:24 - 00000672 ____A C:\Windows\setupact.log 2013-04-23 20:17 - 2013-04-12 16:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2013-04-22 07:03 - 2013-05-02 15:26 - 00001096 ____A C:\Windows\PFRO.log 2013-04-21 16:31 - 2013-04-21 16:31 - 00004032 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log 2013-04-21 16:31 - 2013-04-04 05:35 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-04-21 16:31 - 2013-04-04 05:30 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-04-21 16:31 - 2013-04-04 05:29 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-04-21 08:55 - 2013-04-21 08:55 - 00000000 ____A C:\Windows\setuperr.log 2013-04-21 08:52 - 2013-04-21 08:52 - 00000000 ____D C:\Windows\83F12F73D52E40C093B1463C311C4E17.TMP 2013-04-20 10:50 - 2013-05-06 06:04 - 00000000 ____D C:\Users\Dekar\AppData\Roaming\tor 2013-04-20 10:50 - 2013-05-06 05:25 - 00000000 ____D C:\Users\Dekar\AppData\Local\Vidalia 2013-04-20 10:50 - 2013-04-20 10:50 - 00000000 ____D C:\Users\Dekar\AppData\Local\Tor 2013-04-20 06:51 - 2013-04-02 01:47 - 00000000 ____D C:\Users\Dekar\Desktop\Tor Browser 2013-04-18 21:33 - 2013-04-19 08:28 - 00025536 ____A C:\Users\Dekar\Desktop\Unbenannt 1.odt 2013-04-15 09:19 - 2013-04-15 09:19 - 00000000 ____D C:\Users\Dekar\AppData\Roaming\e-academy Inc 2013-04-11 21:40 - 2013-04-11 21:40 - 00000000 ____D C:\Users\Dekar\AppData\Roaming\coe3 2013-04-10 09:14 - 2013-02-21 12:30 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-04-10 09:14 - 2013-02-21 12:30 - 01129984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-04-10 09:14 - 2013-02-21 12:29 - 14323200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-04-10 09:14 - 2013-02-21 12:29 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-04-10 09:14 - 2013-02-21 12:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-04-10 09:14 - 2013-02-21 12:29 - 02046464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-04-10 09:14 - 2013-02-21 12:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-04-10 09:14 - 2013-02-21 12:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-04-10 09:14 - 2013-02-21 12:29 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-04-10 09:14 - 2013-02-21 12:29 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-04-10 09:14 - 2013-02-21 12:29 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-04-10 09:14 - 2013-02-21 12:29 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-04-10 09:14 - 2013-02-21 12:29 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-04-10 09:14 - 2013-02-21 12:15 - 02240512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-04-10 09:14 - 2013-02-21 12:15 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-04-10 09:14 - 2013-02-21 12:14 - 19230208 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-04-10 09:14 - 2013-02-21 12:14 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-04-10 09:14 - 2013-02-21 12:14 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-04-10 09:14 - 2013-02-21 12:14 - 02647040 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-04-10 09:14 - 2013-02-21 12:14 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-04-10 09:14 - 2013-02-21 12:14 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-04-10 09:14 - 2013-02-21 12:14 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-04-10 09:14 - 2013-02-21 12:14 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-04-10 09:14 - 2013-02-21 12:14 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-04-10 09:14 - 2013-02-21 12:14 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-04-10 09:14 - 2013-02-21 12:14 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-04-10 09:14 - 2013-02-21 12:14 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-04-10 09:14 - 2013-02-19 14:01 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-04-10 09:14 - 2013-02-19 13:42 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-04-10 09:14 - 2013-02-19 13:10 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-04-10 09:14 - 2013-02-19 12:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-04-10 09:13 - 2013-03-19 08:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-04-10 09:13 - 2013-03-19 07:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll 2013-04-10 09:13 - 2013-03-19 07:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-04-10 09:13 - 2013-03-19 07:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-04-10 09:13 - 2013-03-19 06:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2013-04-10 09:13 - 2013-03-19 05:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe 2013-04-10 09:13 - 2013-03-01 05:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-04-10 09:13 - 2013-01-24 08:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys 2013-04-07 22:54 - 2013-04-07 22:54 - 00003910 ____A C:\Users\Dekar\AppData\Local\recently-used.xbel ==================== One Month Modified Files and Folders ======= 2013-05-06 06:27 - 2013-05-06 06:27 - 00000000 ____D C:\FRST 2013-05-06 06:25 - 2012-10-10 20:09 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2688776608-3082795507-739649375-1001UA.job 2013-05-06 06:25 - 2009-10-17 11:03 - 00000000 ____D C:\Users\Dekar\AppData\Roaming\Skype 2013-05-06 06:04 - 2013-04-20 10:50 - 00000000 ____D C:\Users\Dekar\AppData\Roaming\tor 2013-05-06 06:02 - 2012-07-16 08:46 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-06 05:58 - 2012-10-26 08:46 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-05-06 05:32 - 2009-07-14 06:45 - 00013584 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-06 05:32 - 2009-07-14 06:45 - 00013584 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-06 05:25 - 2013-04-20 10:50 - 00000000 ____D C:\Users\Dekar\AppData\Local\Vidalia 2013-05-06 05:25 - 2012-10-26 08:46 - 00001104 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-05-06 05:24 - 2013-04-29 18:59 - 00000672 ____A C:\Windows\setupact.log 2013-05-06 05:24 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-05 22:39 - 2009-10-17 10:12 - 01577942 ____A C:\Windows\WindowsUpdate.log 2013-05-02 21:20 - 2009-07-14 19:58 - 00708380 ____A C:\Windows\System32\perfh007.dat 2013-05-02 21:20 - 2009-07-14 19:58 - 00153760 ____A C:\Windows\System32\perfc007.dat 2013-05-02 21:20 - 2009-07-14 07:13 - 01646048 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-02 18:33 - 2013-05-02 18:33 - 00000605 ____A C:\Users\Public\Desktop\VLC media player.lnk 2013-05-02 18:33 - 2011-02-12 12:22 - 00000000 ____D C:\Users\Dekar\AppData\Roaming\vlc 2013-05-02 18:32 - 2010-11-28 16:11 - 00000000 ____D C:\Users\Dekar\AppData\Roaming\dvdcss 2013-05-02 17:29 - 2009-10-17 10:32 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2013-05-02 15:26 - 2013-04-22 07:03 - 00001096 ____A C:\Windows\PFRO.log 2013-05-01 06:53 - 2011-05-26 17:16 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-05-01 06:53 - 2009-10-17 11:03 - 00000000 ____D C:\ProgramData\Skype 2013-04-30 07:33 - 2013-04-30 07:33 - 00018102 ____A C:\Users\Dekar\Desktop\dds.txt 2013-04-30 07:33 - 2013-04-30 07:33 - 00012194 ____A C:\Users\Dekar\Desktop\attach.txt 2013-04-30 07:22 - 2013-04-30 07:22 - 00000000 ____D C:\Users\Dekar\AppData\Roaming\Malwarebytes 2013-04-30 07:21 - 2013-04-30 07:21 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-04-29 19:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF 2013-04-29 08:44 - 2010-02-21 03:33 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-04-25 23:25 - 2012-10-10 20:09 - 00001068 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2688776608-3082795507-739649375-1001Core.job 2013-04-25 21:52 - 2011-01-24 23:10 - 00000000 ____D C:\Users\Dekar\AppData\Local\CrashDumps 2013-04-22 07:19 - 2009-11-05 22:16 - 00007794 ____A C:\Users\Dekar\Desktop\Neues Textdokument.txt 2013-04-22 07:03 - 2009-07-14 06:45 - 00459928 ____A C:\Windows\System32\FNTCACHE.DAT 2013-04-21 16:31 - 2013-04-21 16:31 - 00004032 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log 2013-04-21 16:31 - 2013-03-28 08:52 - 00000000 ____D C:\Program Files (x86)\Java 2013-04-21 08:56 - 2009-11-11 18:23 - 00000000 ____D C:\Users\Dekar\AppData\Roaming\Normfall 2013-04-21 08:55 - 2013-04-21 08:55 - 00000000 ____A C:\Windows\setuperr.log 2013-04-21 08:55 - 2010-08-29 20:44 - 00120024 ____A C:\Users\Dekar\AppData\Local\GDIPFONTCACHEV1.DAT 2013-04-21 08:54 - 2009-11-08 15:48 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-04-21 08:52 - 2013-04-21 08:52 - 00000000 ____D C:\Windows\83F12F73D52E40C093B1463C311C4E17.TMP 2013-04-21 08:47 - 2012-08-19 19:36 - 00000000 ____D C:\Users\Dekar\AppData\Roaming\uTorrent 2013-04-21 08:46 - 2009-10-17 11:08 - 00000000 ____D C:\Windows\Panther 2013-04-21 08:39 - 2011-02-13 09:17 - 00000000 ____D C:\Windows\Minidump 2013-04-21 07:16 - 2009-07-14 07:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-04-20 10:50 - 2013-04-20 10:50 - 00000000 ____D C:\Users\Dekar\AppData\Local\Tor 2013-04-20 06:52 - 2013-03-04 13:57 - 00000000 ____D C:\Users\Dekar\Desktop\Studienabschlussarbeit 2013-04-19 08:28 - 2013-04-18 21:33 - 00025536 ____A C:\Users\Dekar\Desktop\Unbenannt 1.odt 2013-04-15 09:19 - 2013-04-15 09:19 - 00000000 ____D C:\Users\Dekar\AppData\Roaming\e-academy Inc 2013-04-12 17:59 - 2012-02-20 13:54 - 00000000 ____D C:\Users\Dekar\Documents\Eigene Scans 2013-04-12 16:45 - 2013-04-23 20:17 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2013-04-11 21:40 - 2013-04-11 21:40 - 00000000 ____D C:\Users\Dekar\AppData\Roaming\coe3 2013-04-10 09:16 - 2009-10-17 10:31 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-04-07 22:54 - 2013-04-07 22:54 - 00003910 ____A C:\Users\Dekar\AppData\Local\recently-used.xbel 2013-04-07 22:54 - 2012-11-03 14:23 - 00000000 ____D C:\Users\Dekar\.gimp-2.8 2013-04-06 10:59 - 2009-10-17 10:24 - 00000000 ____D C:\users\Dekar Other Malware: =========== C:\ProgramData\hash.dat ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit Last Boot: 2013-04-25 08:20 ==================== End Of Log ============================ Addition.txt
  8. Gurkengelee
    Dear Ladies and Gentlemen, I run a Spybot Search & Destroy Rootkit Scan yesterday and it came up with an MBR report for Phyiscal Drive 0, Physical Drive 1 ... up to Physical Drive 5. Which is funny since I only have one phyiscal drive. So I couldn´t take it to seriously. Anyway I ran GMER and MalwareBytes Quick Scans without any reports. So I guess Spybot gives out false positives but here are the DDS logs for you to look through if you find anything suspicious. Utorrent is installed as you can see but it is seldomly used for Software, mainly from Chip.de, when FTP is not fast enough. It can be uninstalled if you really want me to. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.21.2 Run by Dekar at 7:33:19 on 2013-04-30 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8190.5477 [GMT 2:00] . AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\SysWOW64\PnkBstrA.exe D:\Spybot - Search & Destroy 2\SDFSSvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE D:\Spybot - Search & Destroy 2\SDUpdSvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe D:\Spybot - Search & Destroy 2\SDWSCSvc.exe C:\Windows\system32\svchost.exe -k HPService C:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Logitech Gaming Software\LCore.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Users\Dekar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\Skype\Phone\Skype.exe D:\Vidalia Relay Bundle\Vidalia\vidalia.exe C:\Program Files\PDF24\pdf24.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe D:\Spybot - Search & Destroy 2\SDTray.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe D:\Vidalia Relay Bundle\Tor\tor.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\taskhost.exe C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dekar\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\taskeng.exe D:\Spybot - Search & Destroy 2\SDUpdate.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://juracademy.de/login/signup.php?action=tan uProxyServer = hxxp-proxy.fu-berlin.de:80 mWinlogon: Userinit = userinit.exe BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - D:\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Microsoft-Konto-Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - D:\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - D:\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - D:\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [Google Update] "C:\Users\Dekar\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart uRun: [spotify Web Helper] "C:\Users\Dekar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [Vidalia] "D:\Vidalia Relay Bundle\Vidalia\vidalia.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [PDFPrint] C:\Program Files\PDF24\pdf24.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [sDTray] "D:\Spybot - Search & Destroy 2\SDTray.exe" mRunOnce: [Malwarebytes Anti-Malware] D:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: NoInternetOpenWidth = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: An OneNote s&enden - D:\MICROS~1\Office14\ONBttnIE.dll/105 IE: Nach Microsoft E&xel exportieren - D:\MICROS~1\Office14\EXCEL.EXE/3000 IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Dekar\Desktop\PartyPoker.lnk IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - D:\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 192.168.178.1 TCP: Interfaces\{54D10D7D-35B6-486C-A559-2892CB2A8C81} : DHCPNameServer = 192.168.178.1 TCP: Interfaces\{F6970193-2110-45EF-A346-EDFE35B1ACDD} : DHCPNameServer = 192.168.178.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll Notify: SDWinLogon - SDWinLogon.dll SSODL: WebCheck - <orphaned> x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey . INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> Hosts: 127.0.0.1 www.spywareinfo.com . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320] R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2011-11-6 21104] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008] R2 SDScannerService;Spybot-S&D 2 Scanner Service;D:\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-4-28 1103392] R2 SDUpdateService;Spybot-S&D 2 Updating Service;D:\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-4-28 1369624] R2 SDWSCService;Spybot-S&D 2 Security Center Service;D:\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-4-28 168384] R2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;C:\Windows\System32\drivers\ddcdrv.sys [2012-3-8 20832] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256] R3 avmaudio;AVM Audio;C:\Windows\System32\drivers\avmaudio.sys [2010-11-7 116096] R3 avmaura;AVM USB-Fernanschluss;C:\Windows\System32\drivers\avmaura.sys [2010-4-17 116096] R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-2-8 39936] R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-2-8 64512] R3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\System32\drivers\ladfGSCamd64.sys [2011-4-11 410184] R3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\System32\drivers\ladfGSRamd64.sys [2011-4-11 341832] R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-24 22408] R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2012-10-3 66360] R3 LGSUsbFilt;Logitech Gaming KMDF USB Filter Driver;C:\Windows\System32\drivers\LGSUsbFilt.sys [2012-10-3 43832] R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-24 16008] R3 NisSrv;Microsoft-Netzwerkinspektion;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-11-6 413800] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536] S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?] S3 CTUPnPSv;Creative Centrale Media Server;C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [2008-5-21 64000] S3 LADF_DHP2;G35 DHP2 Filter Driver;C:\Windows\System32\drivers\ladfDHP2amd64.sys [2010-9-29 62168] S3 LADF_SBVM;G35 SBVM Filter Driver;C:\Windows\System32\drivers\ladfSBVMamd64.sys [2010-9-29 377176] S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-10-7 327704] S3 LVUVC64;Logitech QuickCam E3500(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288] S3 nrtap;NeoRouter Virtual Network Interface;C:\Windows\System32\drivers\nrtap.sys [2009-9-1 29696] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-13 19456] S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-13 57856] . =============== Created Last 30 ================ . 2013-04-30 05:22:07 -------- d-----w- C:\Users\Dekar\AppData\Roaming\Malwarebytes 2013-04-30 05:21:54 -------- d-----w- C:\ProgramData\Malwarebytes 2013-04-30 05:21:52 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-04-29 17:12:27 9317456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7E1BB55B-2AC8-43C8-BD4E-582FBA5E4EC0}\mpengine.dll 2013-04-28 20:06:28 17272 ----a-w- C:\Windows\System32\sdnclean64.exe 2013-04-28 08:52:06 9317456 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-04-23 18:17:45 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-23 17:48:48 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-04-23 17:48:48 905296 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2AB3B8D5-0E2B-4339-B1F0-99EAE949CCCC}\gapaengine.dll 2013-04-21 14:31:58 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-04-21 06:52:18 -------- d-----w- C:\Windows\83F12F73D52E40C093B1463C311C4E17.TMP 2013-04-20 08:50:12 -------- d-----w- C:\Users\Dekar\AppData\Roaming\tor 2013-04-20 08:50:07 -------- d-----w- C:\Users\Dekar\AppData\Local\Vidalia 2013-04-20 08:50:07 -------- d-----w- C:\Users\Dekar\AppData\Local\Tor 2013-04-15 07:19:57 -------- d-----w- C:\Users\Dekar\AppData\Roaming\e-academy Inc 2013-04-11 19:40:17 -------- d-----w- C:\Users\Dekar\AppData\Roaming\coe3 2013-04-10 07:13:09 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-04-10 07:13:08 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-04-10 07:13:08 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-04-10 07:13:07 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll 2013-04-10 07:13:07 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2013-04-10 07:13:07 112640 ----a-w- C:\Windows\System32\smss.exe 2013-04-10 07:13:05 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-04-10 07:13:01 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys . ==================== Find3M ==================== . 2013-04-02 10:34:28 282744 ------w- C:\Windows\System32\MpSigStub.exe 2013-03-28 06:52:56 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-03-28 06:52:56 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-03-13 19:10:17 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys 2013-03-13 18:23:05 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-03-12 21:02:18 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-12 21:02:18 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll 2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-02-21 10:14:05 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-02-21 09:20:49 963488 ----a-w- C:\Windows\System32\deployJava1.dll 2013-02-21 09:20:49 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll 2013-02-21 09:20:49 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2013-02-19 12:01:03 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-02-19 11:42:14 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-02-19 11:10:53 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-02-19 10:51:18 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys . ============= FINISH: 7:33:45,08 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 17.10.2009 10:24:38 System Uptime: 30.04.2013 06:52:54 (1 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | G41MT-USB3 Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 100 GiB total, 20,578 GiB free. D: is FIXED (NTFS) - 70 GiB total, 67,532 GiB free. E: is FIXED (NTFS) - 296 GiB total, 120,884 GiB free. F: is CDROM () G: is CDROM (UDF) H: is CDROM () I: is Removable J: is Removable K: is Removable L: is Removable M: is Removable Z: is NetworkDisk (NTFS) - 1146 GiB total, 1108,855 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a} Description: 2.0 Reader -2 Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_2.0_READER____-2&REV_1.20#070415015146006629&2# Manufacturer: Generic Name: K:\ PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_2.0_READER____-2&REV_1.20#070415015146006629&2# Service: WUDFRd . Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a} Description: 2.0 Reader -3 Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_2.0_READER____-3&REV_1.20#070415015146006629&3# Manufacturer: Generic Name: L:\ PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_2.0_READER____-3&REV_1.20#070415015146006629&3# Service: WUDFRd . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Photosmart C5100 series Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Photosmart C5100 series PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a} Description: 2.0 Reader -4 Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_2.0_READER____-4&REV_1.20#070415015146006629&4# Manufacturer: Generic Name: M:\ PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_2.0_READER____-4&REV_1.20#070415015146006629&4# Service: WUDFRd . Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Description: Photosmart C5100 series Device ID: ROOT\IMAGE\0000 Manufacturer: HP Name: Photosmart C5100 series PNP Device ID: ROOT\IMAGE\0000 Service: StillCam . Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a} Description: 2.0 Reader -1 Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_2.0_READER____-1&REV_1.20#070415015146006629&1# Manufacturer: Generic Name: I:\ PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_2.0_READER____-1&REV_1.20#070415015146006629&1# Service: WUDFRd . ==== System Restore Points =================== . RP530: 21.04.2013 08:51:35 - Entfernt Dawn of War - Dark Crusade RP531: 21.04.2013 08:52:10 - Removed Dawn Of War RP532: 21.04.2013 08:53:31 - TrueCrypt uninstallation RP533: 21.04.2013 08:54:26 - Removed Solium Infernum RP534: 21.04.2013 08:55:47 - Removed NVIDIA PhysX RP535: 21.04.2013 08:56:06 - Normfall Trainer 2.0 wird entfernt RP536: 21.04.2013 16:31:01 - Installed Java 7 Update 21 RP537: 23.04.2013 20:17:47 - Windows Update RP538: 27.04.2013 08:16:01 - Windows Update . ==== Installed Programs ====================== . [translation missing: EVERemoveOnly] 64 Bit HP CIO Components Installer 7-Zip 4.65 Adobe AIR Adobe Connect Add-in Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Shockwave Player 11.6 Age of Empires III: Complete Collection AIO_CDA_ProductContext AIO_CDA_Software AIO_Scan AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD AVIVO64 Codecs AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Media Foundation Decoders Anno 1701 ANNO 2070 Application Profiles µTorrent AudibleManager Blood Bowl: Legendary Edition BufferChm C5100 c5100_Help Call of Duty® 4 - Modern Warfare 1.6 Patch Call of Duty® 4 - Modern Warfare 1.7 Patch Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Chessmaster Combined Community Codec Pack 2009-09-09 Conquest of Elysium 3 Copy Creative Centrale Creative Software Update Creative ZEN Mozaic EZ Series Dokumentation D3DX10 Dark UI v3.5 Dawn Of War Destinations DeviceDiscovery Diablo III DocProc Don't Starve Etron USB3.0 Host Controller EVEMon Fallout2 Fantasy Grounds II Fax FileZilla Client 3.3.4.1 Forged Alliance Forever Fotogalerie Geneforge 1 Geneforge 2 Geneforge 3 Geneforge 4 Geneforge 5 GIMP 2.8.2 Google Chrome Google Drive Google Update Helper GPBaseService2 GPGNet HP Imaging Device Functions 13.0 HP Photosmart All-In-One Driver Software 13.0 Rel. A HP Photosmart Essential 3.5 HP Smart Web Printing 4.51 HP Solution Center 13.0 HP Update HPPhotoGadget HPPhotoSmartDiscLabelContent1 HPPhotosmartEssential HPProductAssistant HydraVision Intel® Control Center Intel® Graphics Media Accelerator Driver IrfanView (remove only) Java 7 Update 15 (64-bit) Java 7 Update 21 Java Auto Updater JDownloader League of Legends LibreOffice 3.6 Logitech Gaming Software Logitech Gaming Software 8.40 Magic The Gathering Online Malwarebytes Anti-Malware Version 1.75.0.1300 Microsoft .NET Framework 1.1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Game Studios Common Redistributables Pack 1 Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual J# 2.0 Redistributable Package Microsoft XML Parser Microsoft XNA Framework Redistributable 3.1 Microsoft XNA Framework Redistributable 4.0 Morrowind Movie Maker MozBackup 1.4.9 Mozilla Maintenance Service Mozilla Thunderbird 17.0.5 (x86 de) MSVC80_x64_v2 MSVC80_x86_v2 MSVC90_x64 MSVC90_x86 MSVCRT MSVCRT110 MSVCRT110_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Mumble 1.2.3 Network64 Nokia Connectivity Cable Driver Notepad++ OCR Software by I.R.I.S. 13.0 ON_OFF Charge B11.0110.1 OpenAL PartyPoker PC Connectivity Solution PDF-Viewer PDF24 Creator 5.3.0 PDFCreator Penumbra: Overture Photo Common Photo Gallery PlanetSide 2 Plants vs. Zombies: Game of the Year PokerStars PunkBuster Services Real Alternative 2.0.2 Realm of the Mad God Realtek Ethernet Controller Driver Realtek High Definition Audio Driver RGSS-RTP Standard RPG MAKER VX Ace S.T.A.L.K.E.R.: Shadow of Chernobyl Scan Secure Download Manager Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Sins of a Solar Empire: Trinity Skype Click to Call Skype™ 6.1 SmartWebPrinting SolutionCenter SpeedFan (remove only) Spotify Spybot - Search & Destroy Stalker Complete 2009 v1.4.4 Star Wars Empire at War Star Wars Empire at War Forces of Corruption StarCraft II Status Steam Supreme Commander - Forged Alliance swMSM TeamSpeak 3 Client TES Construction Set The Banner Saga: Factions Toolbox Tor 0.2.3.25 TrayApp Trine Ubisoft Game Launcher UnloadSupport Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Vampire Realism II Vidalia 0.2.21 VirtualCloneDrive Visual Studio 2008 x64 Redistributables Visual Studio 2010 x64 Redistributables VLC media player 2.0.5 WebReg Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) Windows 7 USB/DVD Download Tool Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Messenger Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Media Player Firefox Plugin WinRAR WISO Mein Geld 2013 Professional . ==== End Of File =========================== Regards and thanks for help! Gurkengelee
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.