mehrere Trojaner und Adware gefunden, was tun?! |
||
---|---|---|
#0
| ||
20.07.2014, 01:04
Member
Beiträge: 35 |
||
|
||
21.07.2014, 15:06
Member
Beiträge: 4730 |
#2
Wenn Dein System noch läuft, dann hast Du nix kaputt gemacht
Interessant wäre zumindest zu sehen, wo die Funde sind (Dateipfad). Aber auch so kann es nicht schaden, den Log von OTL mal einzustellen, damit man sehen kann, ob noch irgendwo was ist, was bösartig sein könnte. Nervige Popups können von irgendeinem Addon kommen. Ein fehlerhaftes Javaupdate kann ganz andere Gründe haben (vielleicht hilft hier ne Neuinstallation von Java schon) und das Ausschalten des PCs kann ein ACPI-Treiber-Problem sein. Jedenfalls klingt nichts davon wirklich nach einer Schadsoftware (bis auf die Popups unter Umständen). __________ Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren. Der Grabsteinschubser |
|
|
||
25.07.2014, 20:58
Member
Themenstarter Beiträge: 35 |
#3
hier erst mal meine OTL logfile
schaut einmal bitte drüber, könnt ihr dort schon sehn, wo welche viren sitzen? Ja mein system läuft noch allerdings halt mit den kleinenren macken die ich beschrieben habe. Bloß was mach ich mit den vielen dateien die ich in quarantäne habe? OTL logfile created on: 25.07.2014 20:31:38 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Proske\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17207) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,98 Gb Total Physical Memory | 13,51 Gb Available Physical Memory | 84,58% Memory free 31,95 Gb Paging File | 29,47 Gb Available in Paging File | 92,23% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 200,00 Gb Total Space | 47,45 Gb Free Space | 23,72% Space Free | Partition Type: NTFS Drive D: | 731,41 Gb Total Space | 513,05 Gb Free Space | 70,15% Space Free | Partition Type: NTFS Drive F: | 3,72 Gb Total Space | 2,57 Gb Free Space | 68,99% Space Free | Partition Type: FAT32 Drive G: | 149,00 Gb Total Space | 100,42 Gb Free Space | 67,39% Space Free | Partition Type: FAT32 Computer Name: THERISINGDOOM | User Name: Proske | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - File not found -- PRC - [2014.07.20 00:27:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Proske\Desktop\OTL.exe PRC - [2014.07.14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe PRC - [2014.07.14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe PRC - [2014.07.03 15:34:54 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2014.07.03 15:34:42 | 001,028,688 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2014.07.03 15:34:39 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2014.07.03 15:34:38 | 000,750,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2014.07.02 11:45:03 | 005,037,888 | ---- | M] (TeamViewer GmbH) -- D:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe PRC - [2014.06.29 00:33:11 | 000,076,152 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2014.05.30 01:35:33 | 002,352,072 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe PRC - [2014.05.30 01:31:38 | 001,631,008 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe PRC - [2014.05.20 01:10:40 | 000,413,128 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2013.12.18 20:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.13 17:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011.09.08 15:55:10 | 000,888,488 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2011.03.11 14:24:32 | 001,560,792 | ---- | M] (Bitberry Software) -- C:\Program Files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe PRC - [2011.01.17 19:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 19:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2014.04.23 16:05:12 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2014.04.23 16:04:54 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.11.08 13:29:55 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:64bit: - [2014.06.19 02:24:12 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2010.08.12 15:00:20 | 000,133,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service) SRV - [2014.07.14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc) SRV - [2014.07.14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc) SRV - [2014.07.12 02:53:24 | 000,542,912 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2014.07.11 10:30:50 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014.07.03 15:34:54 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2014.07.03 15:34:42 | 001,028,688 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2014.07.03 15:34:39 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2014.07.02 11:45:03 | 005,037,888 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- D:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9) SRV - [2014.06.29 00:33:11 | 000,076,152 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2014.05.30 01:31:38 | 001,631,008 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService) SRV - [2014.05.30 01:28:54 | 021,055,432 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc) SRV - [2014.05.20 01:10:40 | 000,413,128 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2014.05.12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2014.05.12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.12.18 20:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.10.23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.09.11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2013.06.10 15:58:12 | 000,191,328 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!Fernzugang\nwtsrv.exe -- (nwtsrv) SRV - [2012.11.28 17:32:16 | 000,143,776 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!Fernzugang\certsrv.exe -- (certsrv) SRV - [2012.11.28 17:32:10 | 000,337,824 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!Fernzugang\avmike.exe -- (avmike) SRV - [2012.07.13 17:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011.12.22 18:27:46 | 000,490,496 | ---- | M] () [Auto | Running] -- D:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe -- (Bigfoot Networks Killer Service) SRV - [2010.10.27 16:18:52 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:64bit: - [2014.07.03 15:34:38 | 000,117,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2014.05.22 12:09:27 | 000,130,584 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2014.05.20 04:44:03 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2014.05.12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl) DRV:64bit: - [2014.05.12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2014.03.31 18:42:44 | 000,040,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible) DRV:64bit: - [2013.10.01 16:04:50 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.12.13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.07 20:57:22 | 000,157,288 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Xeno7x64.sys -- (BFN7x64) DRV:64bit: - [2011.11.07 20:57:22 | 000,031,336 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Edge7x64.sys -- (BfEdge7x64) DRV:64bit: - [2011.08.17 10:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2011.07.13 14:59:54 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol) DRV:64bit: - [2011.07.13 14:59:54 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp) DRV:64bit: - [2011.07.05 21:44:42 | 000,412,024 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmnwim.sys -- (NWIM) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.24 10:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.02.24 10:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2010.11.22 09:09:06 | 000,303,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.27 15:50:28 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2010.10.27 15:50:28 | 000,279,152 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2010.10.27 15:50:28 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2010.10.27 15:50:28 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2010.10.27 15:50:28 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2010.10.27 15:50:28 | 000,055,336 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU) DRV:64bit: - [2010.10.27 15:50:28 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2010.10.27 15:50:28 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.09.21 08:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2010.08.10 11:29:16 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2009.09.11 13:25:00 | 000,737,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2014.05.30 01:28:53 | 000,020,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Programme\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 76 07 54 A7 F7 53 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR IE - HKCU\..\SearchScopes\{C745F1FD-6A56-4A4B-8549-5D933AC89EA6}: "URL" = http://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://de.msn.com/" FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.14.0.100015 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.4: C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.1: C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.4.0: C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.26 00:15:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Proske\AppData\Roaming\mozilla\Extensions [2014.07.17 19:54:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Proske\AppData\Roaming\mozilla\Firefox\Profiles\ywyyptgl.default\extensions [2014.07.19 23:37:01 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\Proske\AppData\Roaming\mozilla\Firefox\Profiles\ywyyptgl.default\extensions\toolbar@ask.com O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" File not found O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName}) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKCU..\Run: [EPSON Stylus DX4000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBEE.EXE /FU "C:\Windows\TEMP\E_SEACC.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [Steam] D:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - Startup: C:\Users\Proske\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000024 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000025 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.51.2) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.51.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6330AA35-C970-44D2-97EA-0416D74437D6}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (bj.dll) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{006c37d8-0223-11e4-b3e5-00268331348c}\Shell - "" = AutoRun O33 - MountPoints2\{006c37d8-0223-11e4-b3e5-00268331348c}\Shell\AutoRun\command - "" = F:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014.07.25 17:37:25 | 000,000,000 | R--D | C] -- C:\Users\Proske\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2014.07.20 00:27:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Proske\Desktop\OTL.exe [2014.07.19 08:43:22 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014.07.19 08:41:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware [2014.07.19 08:41:09 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2014.07.19 08:41:09 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys [2014.07.19 08:41:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware [2014.07.18 12:20:16 | 000,000,000 | ---D | C] -- C:\Users\Proske\Desktop\Karate Kata [2014.07.16 21:46:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Azureus [2014.07.16 21:46:40 | 000,000,000 | ---D | C] -- C:\Users\Proske\AppData\Roaming\Azureus [2014.07.11 19:19:38 | 000,000,000 | -HSD | C] -- C:\Users\Proske\AppData\Local\EmieUserList [2014.07.11 19:19:38 | 000,000,000 | -HSD | C] -- C:\Users\Proske\AppData\Local\EmieSiteList [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014.07.25 20:00:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014.07.25 17:45:01 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014.07.25 17:45:01 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014.07.25 17:43:42 | 001,620,684 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014.07.25 17:43:42 | 000,699,432 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2014.07.25 17:43:42 | 000,654,270 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014.07.25 17:43:42 | 000,149,572 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2014.07.25 17:43:42 | 000,122,142 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014.07.25 17:37:20 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini [2014.07.25 17:37:05 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job [2014.07.25 17:36:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014.07.25 17:36:55 | 4276,727,806 | -HS- | M] () -- C:\hiberfil.sys [2014.07.24 00:55:20 | 000,215,416 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2014.07.24 00:19:15 | 000,215,416 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2014.07.20 00:27:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Proske\Desktop\OTL.exe [2014.07.19 23:47:54 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014.07.19 08:41:12 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2014.07.15 14:38:01 | 000,042,040 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys [2014.07.10 16:08:56 | 000,295,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014.07.09 16:07:36 | 000,000,841 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk [2014.07.08 16:32:04 | 000,000,720 | ---- | M] () -- C:\Users\Public\Desktop\Titanfall.lnk [2014.07.08 16:29:56 | 000,000,732 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 4.lnk [2014.07.08 16:29:56 | 000,000,716 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk [2014.07.03 15:34:38 | 000,117,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2014.06.30 21:20:40 | 640,049,856 | ---- | M] () -- C:\Windows\MEMORY.DMP [2014.06.29 00:33:11 | 000,076,152 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2014.06.29 00:33:02 | 000,297,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014.01.17 23:36:17 | 000,215,416 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2014.01.17 23:36:16 | 000,840,264 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2013.12.19 01:08:27 | 001,594,028 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.12.15 23:21:53 | 053,730,611 | ---- | C] () -- C:\Users\Proske\MOV00409.MPG [2011.12.15 23:21:53 | 000,001,567 | ---- | C] () -- C:\Users\Proske\MOV00409.THM [color=#E56717]========== ZeroAccess Check ==========[/color] [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2014.03.25 04:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2014.07.17 07:42:50 | 000,000,000 | ---D | M] -- C:\Users\Proske\AppData\Roaming\Azureus [2014.02.28 00:00:20 | 000,000,000 | ---D | M] -- C:\Users\Proske\AppData\Roaming\Battle.net [2012.12.08 13:45:40 | 000,000,000 | ---D | M] -- C:\Users\Proske\AppData\Roaming\DeepBurner [2012.06.20 16:02:10 | 000,000,000 | ---D | M] -- C:\Users\Proske\AppData\Roaming\FinalMediaPlayer [2012.04.18 20:14:32 | 000,000,000 | ---D | M] -- C:\Users\Proske\AppData\Roaming\IrfanView [2014.03.25 01:55:45 | 000,000,000 | ---D | M] -- C:\Users\Proske\AppData\Roaming\LolClient [2011.11.08 13:30:12 | 000,000,000 | ---D | M] -- C:\Users\Proske\AppData\Roaming\OpenOffice.org [2013.07.30 22:36:57 | 000,000,000 | ---D | M] -- C:\Users\Proske\AppData\Roaming\Origin [2013.08.14 18:54:05 | 000,000,000 | ---D | M] -- C:\Users\Proske\AppData\Roaming\player [2014.03.25 00:19:01 | 000,000,000 | ---D | M] -- C:\Users\Proske\AppData\Roaming\Riot Games [2013.09.12 22:15:53 | 000,000,000 | ---D | M] -- C:\Users\Proske\AppData\Roaming\The Creative Assembly [2014.07.22 01:43:02 | 000,000,000 | ---D | M] -- C:\Users\Proske\AppData\Roaming\TS3Client [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color] [2011.10.14 12:26:14 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.10.14 12:26:03 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.10.14 12:29:05 | 000,000,000 | ---D | M] -- C:\Intel [2011.10.14 12:44:15 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2014.06.09 17:59:22 | 000,000,000 | R--D | M] -- C:\Program Files [2014.07.19 23:33:31 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2014.07.16 21:46:43 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.10.14 12:26:03 | 000,000,000 | -HSD | M] -- C:\Programme [2011.10.14 12:33:48 | 000,000,000 | ---D | M] -- C:\RaidTool [2011.10.14 12:26:03 | 000,000,000 | -HSD | M] -- C:\Recovery [2014.07.25 20:33:04 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.09.19 22:04:32 | 000,000,000 | ---D | M] -- C:\temp [2013.12.19 01:17:58 | 000,000,000 | R--D | M] -- C:\Users [2014.07.19 21:33:37 | 000,000,000 | ---D | M] -- C:\Windows [color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color] [color=#A23BEC]< %LOCALAPPDATA%\*.exe >[/color] [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [color=#A23BEC]< MD5 for: REGEDIT.EXE >[/color] [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe [color=#A23BEC]< MD5 for: WININIT.EXE >[/color] [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2014.05.12 07:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2014.03.04 13:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe [2014.03.04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\SysNative\winlogon.exe [2014.03.04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color] [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color] < End of report > OTL Extras logfile created on: 25.07.2014 20:15:56 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Proske\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17207) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,98 Gb Total Physical Memory | 13,80 Gb Available Physical Memory | 86,37% Memory free 31,95 Gb Paging File | 29,63 Gb Available in Paging File | 92,72% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 200,00 Gb Total Space | 47,61 Gb Free Space | 23,81% Space Free | Partition Type: NTFS Drive D: | 731,41 Gb Total Space | 513,05 Gb Free Space | 70,15% Space Free | Partition Type: NTFS Drive F: | 3,72 Gb Total Space | 2,57 Gb Free Space | 68,99% Space Free | Partition Type: FAT32 Computer Name: THERISINGDOOM | User Name: Proske | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. [color=#E56717]========== Security Center Settings ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0B8AE7A2-2495-4A86-92E6-FC1A4F6C24CF}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | "{46B36F0A-962A-4FC8-9459-8655A4C07F86}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | "{5892DC0E-B3BA-4DED-894D-9EAB25142B5F}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{58FBA10F-C7BB-4F53-AA4F-B55C7971F5F9}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | "{740CADE6-54FF-4EF5-ADEA-1D47BAEBAD3E}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{84181D26-E5C2-418D-A915-2EF1CD9C5737}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{89E67696-BEDF-482E-BEFC-0F6EF10281D6}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{9179DDBE-BF30-4EF5-8AB9-389D0A008D71}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | "{9CB4B53D-103E-4766-9605-8995C2F8B601}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | "{D809763F-8D2D-46FB-9974-19AF83D82D4C}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{034682DD-3E13-4548-9E12-4F09E3CEA017}" = protocol=17 | dir=in | app=e:\o2cd.exe | "{079AF5DB-0849-4307-92E8-EFF61B2DCC38}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2689\agent.exe | "{0C1B9F0F-9C92-49C9-8813-EFF3211E71A1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe | "{0FBE63C3-3A29-411D-80F6-B702F83329C2}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{10E4F60E-1CDA-448E-80FC-9AAF77B4656E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2737\agent.exe | "{16555D9E-0317-44AE-9BC8-FC24762C2DBD}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{165D4E1E-54DA-4106-B3DC-9C3231611C41}" = protocol=6 | dir=in | app=d:\program files (x86)\teamviewer\version9\teamviewer.exe | "{1668E2AC-C45F-4C51-A8CA-19134004EBB5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{171E234B-E4B4-437C-BCCC-1BF3101632E9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "{1A9A3AEC-7144-4755-B628-7E238285952E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{1D1F7F5E-E934-450B-8D27-6334C924719B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{1E58AD13-2AB3-46B4-83CC-F7D130F706EA}" = protocol=17 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe | "{1EB8E3D2-F2EC-4772-A448-946C364F8E0C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe | "{28D617AB-B82B-484F-9EC0-54533570BD35}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | "{2A15082C-F3C2-4939-B900-036B3746DE49}" = protocol=17 | dir=in | app=d:\program files (x86)\teamviewer\version9\teamviewer_service.exe | "{2AC6A8DF-A2E9-4D70-BB69-6AA872676F3D}" = protocol=17 | dir=in | app=d:\program files (x86)\battlefield 4\bf4_x86.exe | "{2EFC3AA1-07D9-4305-910D-8CC7D67E4835}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{300E48FB-894C-46E3-97A0-6EA3E5320D1A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | "{3094987B-B58C-4AE0-B5AE-7868E2E4AAAD}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | "{31A09D73-F57F-45CD-9D36-87FC0EE05534}" = protocol=6 | dir=in | app=d:\program files (x86)\teamviewer\version9\teamviewer_service.exe | "{331D514F-6FBA-43A8-B7F5-8B575693A610}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | "{3B097337-EE52-4A1E-AF23-E56DCB04C534}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii.exe | "{3C68EA79-9960-46E1-8444-0FDAF2ACB4ED}" = protocol=17 | dir=in | app=d:\program files (x86)\teamviewer\version9\teamviewer.exe | "{3D9D3DBF-830F-4B1D-8191-34C1B4521906}" = protocol=6 | dir=in | app=e:\o2cd.exe | "{3E8172E9-99BA-4560-AA71-C295415A1DA4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{4ABBE6FD-45F5-470B-A79F-B0EBD2C66BDD}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii.exe | "{4C49F74B-40B1-460F-82D5-2B02E93A0E4F}" = protocol=17 | dir=in | app=d:\program files (x86)\titanfall\titanfall.exe | "{4CF84555-8C07-42F5-B20A-761E138236E1}" = protocol=17 | dir=in | app=d:\program files (x86)\battle.net\battle.net.exe | "{4D30AB91-7BB1-4AFC-BE73-B2ECB70D3B49}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | "{580B6316-3234-4487-AC8E-7A31722DDEE9}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe | "{599A152A-2124-40FC-911E-C878275B338D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe | "{59A7CC6B-028B-4893-A241-046F62B800A9}" = protocol=17 | dir=in | app=d:\program files (x86)\battlefield 4\bf4.exe | "{5BD11437-D032-442D-83AE-D09A76C5279C}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\hitman absolution\hma.exe | "{5BD3790C-3F3F-415C-BFBC-6F94D639A620}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe | "{61304A69-757D-4FBE-8599-ABB7FEFE066A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{6380CC27-8639-451F-B77B-C1642D14CA48}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{657952C0-C9FA-4B3A-BEFE-1B509AF26C9F}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii public test.exe | "{6739C04F-4048-4471-8A14-E5390DF59F7D}" = protocol=6 | dir=in | app=d:\program files (x86)\titanfall\titanfall.exe | "{68B214A6-E4A3-4184-B80C-61E6C8BDA00E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{6B625288-E140-4878-847F-BA63D6308021}" = protocol=6 | dir=in | app=d:\program files (x86)\nero\km\kwikmedia.exe | "{6CEA5927-17AF-4B79-A154-5E256F8446EB}" = protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe | "{6E4FDDA8-916A-4ABA-B22E-9D903258880F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{72C33622-4CE3-4F04-B897-53CAAE00EDC2}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{768E874A-077D-460C-8F5C-8EFF2DC6DEB6}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "{785A2F4B-0277-4736-AEDD-454496C68DA5}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{7BBDC104-C2B8-4D9E-8836-D24A2DF7BBBA}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii public test.exe | "{7D644739-FC71-4066-8E66-DE23B3B4C244}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{7ECC8593-9358-4977-A1DA-16A66CCDCD39}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{7FBC0B3E-3D5D-4723-9BBC-4F06A9146D79}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe | "{82355CDA-4756-43C2-8D28-119E97859030}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{88B2D972-E90D-4549-9EBA-BDD39CA8BA9F}" = protocol=6 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe | "{88B63E2B-F27F-4F19-8284-E2F754CBD84E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{90ED336C-5D7A-454D-AF3F-B80CE41BF589}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe | "{91A8AC4C-57C6-44C6-919F-229641F8C5FB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | "{9216F531-9119-4C2D-B71B-3BE09E9E5899}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{928CA2F1-F97C-4635-9C10-39502B9415F4}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | "{94B2A658-52E1-4E5A-96B7-0F93F7187B5B}" = protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe | "{951504B3-DC50-4622-92C1-F032B3726BA3}" = protocol=6 | dir=in | app=d:\program files (x86)\battlefield 4\bf4.exe | "{96579421-1FD2-4C6B-9066-D70CA8479D8D}" = dir=in | app=c:\program files (x86)\finalmediaplayer\fmpcheckforupdates.exe | "{9AD548B7-3ACF-4333-8214-79A76A1B04E5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe | "{9BD7FDB2-BB24-423E-8944-E3CBECDA1EEB}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe | "{A6A13AFB-BB19-4361-9F6B-BB28EA43CCB7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "{AA503620-DC84-4082-B812-639746FE1DE6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe | "{AB8D2C49-F03F-4210-A802-DA0E0B40DCE3}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe | "{ABBAED02-8821-4E7B-AD3F-F3C83797D245}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2689\agent.exe | "{ACF28EF5-5430-4BE9-BF53-141195E230FB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2737\agent.exe | "{AFA77C91-5134-4408-9016-C8B57A10BDA3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{AFBA6CB6-B214-4DFE-9662-C9F5845AA1A1}" = protocol=6 | dir=in | app=c:\programdata\esafe\egdpsvc.exe | "{AFCF886D-C169-4E67-B1C4-FE4C0D03E6C9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{B02C8474-E72E-44E1-B02C-9A97BB87B5CE}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{B0E5FF72-E3F0-48B0-868F-C6A8BCCF2152}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{B125A974-5D80-4634-8B1A-09D94B5E5868}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{B8AFC9FA-C311-4DF4-8ED2-D5BDCB7527B2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2737\agent.exe | "{BA0C25ED-B215-4B8A-ACCC-16FED040E289}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{BA2ECDB6-E653-402E-857C-EC054705DF6A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{BBFDE33F-2CDB-4B1B-B9C2-C74EF197FBFE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe | "{BEEA69DF-2EC2-415C-B85B-EF42B17BCF9D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{C01F72C8-3A52-4FD5-94D7-1581F4F00092}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\total war rome ii\launcher\launcher.exe | "{C16F940A-47E0-4A8C-AC6B-578CB40A1670}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{C354488B-8042-40F3-B78C-2ABD1494EC9E}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{C499A459-07A3-4155-BA5D-CF89B3D3054B}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | "{C5D3909B-D94E-475C-85C2-07750AA32160}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\hitman absolution\hma.exe | "{C6F8F90E-6D56-44A8-BA07-5EC95889990E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe | "{C89B23BE-33BC-4327-B695-711CAE4C46A3}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe | "{CD852694-0B08-4994-B105-B112DA258C67}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{CD8570AC-F037-47BC-A083-065F37B65E70}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{CE65FAC7-4986-4D3F-9A34-4591D70CAB9E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe | "{CEAA6E4C-7489-43AA-980E-07D5FF597A20}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | "{D4C16CF9-F65E-49A9-A2C7-739461C082FB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{D7519C2B-8E85-4DB3-8B2D-B1E403BED00C}" = protocol=6 | dir=in | app=d:\program files (x86)\battlefield 4\bf4_x86.exe | "{D76B9D17-B044-422F-937B-FDC01512C57A}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "{D7A5D55E-38F9-4E30-A9AF-AB302A3B5DE6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe | "{D8057C41-A269-43FA-9ADA-D66BA35FD1BD}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | "{DB43DBA4-53C3-4F7E-94C6-92689F708CCF}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{E18C4DBF-A2CE-48D7-B3C6-ABB288864B46}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2737\agent.exe | "{E3D8E5F2-B3F5-4625-A26D-4A1FBD48AFE3}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{E52244FB-2366-4DA6-A1A1-D3C76880D0A2}" = protocol=17 | dir=in | app=d:\program files (x86)\nero\km\kwikmedia.exe | "{E56C02D0-C280-4576-B166-85D90D3D3425}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\total war rome ii\launcher\launcher.exe | "{E6962E75-864E-4711-B051-7E1ED9181D1A}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | "{F6901CCD-784D-4306-9A01-95DC01112D8A}" = protocol=6 | dir=in | app=d:\program files (x86)\battle.net\battle.net.exe | "{F7AA99CF-4DCD-47E9-A927-6A5D500A1D30}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | "{FCE849D4-9CE6-4A1C-9DE0-1B2A7ACE8E8F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{FEC5D1FE-FB20-420C-9FF8-B67C8722A5E2}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "TCP Query User{0202E2BD-2134-4895-BFB3-056FC1F7B064}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "TCP Query User{17C04A4E-9D6C-4C2B-8F9B-0D39D384E404}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "TCP Query User{2DE7F2AB-44B2-4CCA-8467-26B9E0992C97}C:\users\proske\downloads\starcraft_2_eu_de-de.exe" = protocol=6 | dir=in | app=c:\users\proske\downloads\starcraft_2_eu_de-de.exe | "TCP Query User{37D4EF93-BE22-459C-89F4-C8012EFCEA51}C:\users\proske\downloads\starcraft_2_eu_de-de(1).exe" = protocol=6 | dir=in | app=c:\users\proske\downloads\starcraft_2_eu_de-de(1).exe | "TCP Query User{4C5AF33D-0BE0-4CA5-9316-36592A799CCB}D:\program files (x86)\titanfall\titanfall.exe" = protocol=6 | dir=in | app=d:\program files (x86)\titanfall\titanfall.exe | "TCP Query User{553C0A27-FCB9-473C-866D-B48E6164B032}D:\starcraft ii\versions\base28667\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base28667\sc2.exe | "TCP Query User{634C4747-4FB8-4CEB-BD18-E85D99BDDFDC}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "TCP Query User{66AB2B4B-C9C7-4D6A-8253-E316FE83930C}D:\starcraft ii\versions\base26490\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base26490\sc2.exe | "TCP Query User{8539A976-C29A-4E5D-9721-0D3DFA80F2FC}C:\users\proske\downloads\diablo-iii-setup-dede.exe" = protocol=6 | dir=in | app=c:\users\proske\downloads\diablo-iii-setup-dede.exe | "TCP Query User{93AF270A-F085-4072-93FA-FEBF42B04030}D:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe | "TCP Query User{9443B195-0BFC-4816-9040-DE3AA7DA7706}C:\users\proske\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\proske\appdata\local\temp\gw2.exe | "TCP Query User{97152A48-D5F7-4920-ACFE-BF848CA4787F}C:\program files (x86)\hearthstone\hearthstone.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe | "TCP Query User{9872360F-A917-4FDB-96F8-D799AFE269D2}D:\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base19679\sc2.exe | "TCP Query User{C380CF1E-E2DE-4709-A0F7-8236B5099679}D:\program files (x86)\battlefield 4\bf4.exe" = protocol=6 | dir=in | app=d:\program files (x86)\battlefield 4\bf4.exe | "TCP Query User{CBA666D4-7683-4BC6-A9D2-BCEE1623F4CE}C:\program files (x86)\origin games\battlefield bad company 2 digital deluxe edition\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield bad company 2 digital deluxe edition\bfbc2game.exe | "TCP Query User{D1E93B10-ED4E-4AF7-82A7-C2C00A58A301}D:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\guild wars 2\gw2.exe | "TCP Query User{E1A86B88-C42F-4362-B1D3-48F20A2D70E5}G:\programme\azureus\azureus.exe" = protocol=6 | dir=in | app=g:\programme\azureus\azureus.exe | "TCP Query User{F13D88F2-D4C9-4DA1-9768-E70461DA41CD}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "UDP Query User{0430124B-6425-4E23-B051-B5302B595DA0}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "UDP Query User{1C0297A8-0F15-45B8-9382-C8775EFEFCD1}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "UDP Query User{219ADF9F-314E-402F-A449-F772FFB9C665}C:\program files (x86)\origin games\battlefield bad company 2 digital deluxe edition\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield bad company 2 digital deluxe edition\bfbc2game.exe | "UDP Query User{2206F223-C5D3-4215-B320-CCB0D4C307A4}D:\program files (x86)\battlefield 4\bf4.exe" = protocol=17 | dir=in | app=d:\program files (x86)\battlefield 4\bf4.exe | "UDP Query User{3B812294-F1A7-4EE3-802A-CF2C750F54B2}D:\starcraft ii\versions\base28667\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base28667\sc2.exe | "UDP Query User{4668C073-A2D2-4B27-BB98-00BB8C101C59}D:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe | "UDP Query User{473095BF-BD08-41B9-8282-9E80BECF9B16}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "UDP Query User{544346F4-B519-44EC-80FA-E1A5DF2A7171}D:\program files (x86)\titanfall\titanfall.exe" = protocol=17 | dir=in | app=d:\program files (x86)\titanfall\titanfall.exe | "UDP Query User{827B7F0B-C958-4F76-B770-08AA6763AF71}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "UDP Query User{8B20F4D3-A833-47C5-A0C6-A666ED7B871F}G:\programme\azureus\azureus.exe" = protocol=17 | dir=in | app=g:\programme\azureus\azureus.exe | "UDP Query User{96112995-F5AC-4BF8-8F07-297B0B5EF3C5}C:\users\proske\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\proske\appdata\local\temp\gw2.exe | "UDP Query User{B23B6241-C68A-40AC-ACB9-E86040217BC4}C:\users\proske\downloads\starcraft_2_eu_de-de.exe" = protocol=17 | dir=in | app=c:\users\proske\downloads\starcraft_2_eu_de-de.exe | "UDP Query User{B7D22611-A273-4DD0-AB40-3867F91BEB1D}C:\program files (x86)\hearthstone\hearthstone.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe | "UDP Query User{D3F7BB84-EACB-4993-8F03-47C37DDFF551}D:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\guild wars 2\gw2.exe | "UDP Query User{E1BE8025-B560-4407-8E2B-3AB9B9A3D2AF}D:\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base19679\sc2.exe | "UDP Query User{E74CB8F0-8EAB-4720-B93A-9985AC9A3E1A}C:\users\proske\downloads\starcraft_2_eu_de-de(1).exe" = protocol=17 | dir=in | app=c:\users\proske\downloads\starcraft_2_eu_de-de(1).exe | "UDP Query User{F47A17DC-49B2-47C7-8FA9-45D1530565FE}D:\starcraft ii\versions\base26490\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base26490\sc2.exe | "UDP Query User{F6C16AFA-ACF3-41A1-B4E5-0B7AF29A5889}C:\users\proske\downloads\diablo-iii-setup-dede.exe" = protocol=17 | dir=in | app=c:\users\proske\downloads\diablo-iii-setup-dede.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64) "{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5A68A656-979F-4168-8795-E2E368AA4DC2}" = iTunes "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 "{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support "{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch) "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 337.88 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 337.88 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 337.88 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.1 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 337.88 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.13.1220 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 14.6.22 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.30.1 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 14.6.22 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.23 "{BBBE35B2-9349-3C48-BD3D-F574B17C7924}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 "{BCCC97EE-E162-448C-8847-59718FF29B04}" = Intel(R) Network Connections 15.6.25.0 "{C513739C-5F16-37B5-9ACF-99925FF1C1F3}" = Microsoft .NET Framework 4.5.1 (DEU) "{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers "{DD57CC22-8864-4CCA-94D4-600D024C1207}" = FRITZ!Fernzugang "{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Bigfoot Networks Killer Network Manager "EPSON Printer and Utilities" = EPSON-Drucker-Software "PROSetDX" = Intel(R) Network Connections 15.6.25.0 "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR 4.20 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{052A1E34-A54B-458C-A4E3-24C3E054754A}" = Nero Kwik Media "{1B6F5E51-575E-4693-BCA2-7543570D076D}" = Nero Kwik Themes Basic "{1F16820E-D0E7-4636-939E-45CBFEFB06E1}" = Nero Kwik Media Help (CHM) "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51 "{2981DA65-BD02-4DCC-9D64-C8E325AE6B9B}" = Nero Kwik Media "{347EE0C3-0690-48F6-A231-53853C2A80D6}" = Titanfall™ "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver "{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{517CC397-B22F-4593-8DCB-DE72CC541E9A}" = League of Legends "{5B79E730-D897-4B8F-A1AD-7BB2D1F22B96}" = Nero Blu-ray Player Help (CHM) "{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}" = Die Siedler 7 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16 "{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Avira SearchFree Toolbar "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = LevelOne LevelOne WNC-0601 Wireless LAN Card "{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 "{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player "{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1 "{ABADE36E-EC37-413B-8179-B432AD3FACE7}" = Battlefield 4™ "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.10) - Deutsch "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components "{D9DAD0FF-495A-472B-9F10-BAE430A26682}" = Apple Application Support "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver "{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "Battle.net" = Battle.net "Battlelog Web Plugins" = Battlelog Web Plugins "Diablo III" = Diablo III "DMUninstaller" = DMUninstaller "FinalMediaPlayer_is1" = Final Media Player 2011 "Guild Wars 2" = Guild Wars 2 "Hearthstone" = Hearthstone "InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Bigfoot Networks Killer Network Manager "IrfanView" = IrfanView (remove only) "League of Legends 3.0.1" = League of Legends "MagniDriver" = marvell 91xx driver "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.0.2.1012 "Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de) "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Origin" = Origin "PunkBusterSvc" = PunkBuster Services "SearchProtect" = Search Protect "StarCraft II" = StarCraft II "Steam App 203140" = Hitman: Absolution "Steam App 212910" = Call of Duty: Black Ops II - Zombies "Steam App 214950" = Total War: ROME II "Steam App 42700" = Call of Duty: Black Ops "Steam App 440" = Team Fortress 2 "Steam App 570" = Dota 2 "Steam App 8930" = Sid Meier's Civilization V "TeamViewer 9" = TeamViewer 9 "Trusted Software Assistant_is1" = File Type Assistant [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Mozilla Firefox 30.0 (x86 de)" = Mozilla Firefox 30.0 (x86 de) [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 22.07.2014 13:56:19 | Computer Name = TheRisingDoom | Source = WinMgmt | ID = 10 Description = Error - 23.07.2014 18:10:09 | Computer Name = TheRisingDoom | Source = WinMgmt | ID = 10 Description = Error - 24.07.2014 01:26:16 | Computer Name = TheRisingDoom | Source = WinMgmt | ID = 10 Description = Error - 24.07.2014 01:39:58 | Computer Name = TheRisingDoom | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 24.07.2014 01:39:58 | Computer Name = TheRisingDoom | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 9984 Error - 24.07.2014 01:39:58 | Computer Name = TheRisingDoom | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 9984 Error - 24.07.2014 13:32:01 | Computer Name = TheRisingDoom | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 24.07.2014 13:32:01 | Computer Name = TheRisingDoom | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 9985 Error - 24.07.2014 13:32:01 | Computer Name = TheRisingDoom | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 9985 Error - 25.07.2014 11:38:48 | Computer Name = TheRisingDoom | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 19.07.2014 17:12:58 | Computer Name = TheRisingDoom | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 19.07.2014 17:12:59 | Computer Name = TheRisingDoom | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 19.07.2014 17:12:59 | Computer Name = TheRisingDoom | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 19.07.2014 17:12:59 | Computer Name = TheRisingDoom | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 19.07.2014 17:12:59 | Computer Name = TheRisingDoom | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 19.07.2014 17:12:59 | Computer Name = TheRisingDoom | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 19.07.2014 17:12:59 | Computer Name = TheRisingDoom | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 19.07.2014 17:36:53 | Computer Name = TheRisingDoom | Source = Service Control Manager | ID = 7034 Description = Dienst "Skype Updater" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 21.07.2014 12:35:03 | Computer Name = TheRisingDoom | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy6" den Befehl "chkdsk" aus. Error - 22.07.2014 03:35:59 | Computer Name = TheRisingDoom | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy6" den Befehl "chkdsk" aus. < End of report > Dieser Beitrag wurde am 26.07.2014 um 09:42 Uhr von alleshab editiert.
|
|
|
||
26.07.2014, 20:16
Member
Beiträge: 4730 |
#4
Du hast die Ask.com-Adware drauf (vermutlich mit Avira oder Nero auf Deinen PC gekommen) und ein paar Deiner Programme sind veraltet (bspw. Java, Firefox, OpenOffice). Ansonsten sieht alles in Ordnung aus.
__________ Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren. Der Grabsteinschubser |
|
|
||
26.07.2014, 22:22
Member
Themenstarter Beiträge: 35 |
#5
was mir auch noch aufgefallen ist, weiß nicht ob ich mir das neuerdings einbilde aber ich lass mein pc öfter im ruhemodus und jedesmal wenn ich ihn in ruhe zustand fahre macht er glaub ich neuerdings nen laut über sound, ist mir damals nie aufgefallen??
hier noch die verschiedenen scans: wiegesagt ich hab noch einiges in quarantäne verschoben, was soll ich damit anstellen? und wie bekomme ich die adware wieder weg? programme neu installieren dürfte das wohl nicht beheben? Malwarebytes Anti-Malware www.malwarebytes.org Protection, 19.07.2014 08:43:23, SYSTEM, THERISINGDOOM, Protection, Malware Protection, Starting, Protection, 19.07.2014 08:43:23, SYSTEM, THERISINGDOOM, Protection, Malware Protection, Started, Protection, 19.07.2014 08:43:23, SYSTEM, THERISINGDOOM, Protection, Malicious Website Protection, Starting, Protection, 19.07.2014 08:43:24, SYSTEM, THERISINGDOOM, Protection, Malicious Website Protection, Started, Update, 19.07.2014 08:43:34, SYSTEM, THERISINGDOOM, Manual, Rootkit Database, 2014.2.20.1, 2014.7.17.1, Update, 19.07.2014 08:44:03, SYSTEM, THERISINGDOOM, Manual, Malware Database, 2014.3.4.9, 2014.7.19.2, Protection, 19.07.2014 08:44:04, SYSTEM, THERISINGDOOM, Protection, Refresh, Starting, Protection, 19.07.2014 08:44:04, SYSTEM, THERISINGDOOM, Protection, Malicious Website Protection, Stopping, Protection, 19.07.2014 08:44:04, SYSTEM, THERISINGDOOM, Protection, Malicious Website Protection, Stopped, Protection, 19.07.2014 08:44:09, SYSTEM, THERISINGDOOM, Protection, Refresh, Success, Protection, 19.07.2014 08:44:44, SYSTEM, THERISINGDOOM, Protection, Malicious Website Protection, Starting, Detection, 19.07.2014 08:44:44, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll, Quarantine, [cd7caa55e4961026a78eafd9b1515fa1] Detection, 19.07.2014 08:44:44, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Quarantine, [cf7a9e61e19900369d983355f2108b75] Detection, 19.07.2014 08:44:44, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll, Quarantine, [3910cb3498e25adc83b289ffee1425db] Protection, 19.07.2014 08:44:44, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Error, 19.07.2014 08:44:44, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Protection, 19.07.2014 08:44:44, SYSTEM, THERISINGDOOM, Protection, Malicious Website Protection, Started, Detection, 19.07.2014 08:45:29, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Quarantine, [adb1cbd6d1aa0f2772d2eda701007c84] Protection, 19.07.2014 08:45:29, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Error, 19.07.2014 08:45:29, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Detection, 19.07.2014 08:46:09, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Quarantine, [adb1cbd6d1aa0f2772d2eda701007c84] Protection, 19.07.2014 08:46:09, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Error, 19.07.2014 08:46:09, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Detection, 19.07.2014 08:46:29, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Quarantine, [c599812098e338fe103434602fd29c64] Protection, 19.07.2014 08:46:29, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Error, 19.07.2014 08:46:29, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Detection, 19.07.2014 08:47:09, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Quarantine, [adb1cbd6d1aa0f2772d2eda701007c84] Protection, 19.07.2014 08:47:09, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Error, 19.07.2014 08:47:09, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Detection, 19.07.2014 08:47:13, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Quarantine, [c599812098e338fe103434602fd29c64] Protection, 19.07.2014 08:47:13, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Error, 19.07.2014 08:47:13, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Detection, 19.07.2014 08:47:53, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll, Quarantine, [9bc399080e6ded4974d0355fa75a25db] Detection, 19.07.2014 08:57:01, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Quarantine, [9bc399080e6ded4974d0355fa75a25db] Protection, 19.07.2014 08:57:01, SYSTEM, THERISINGDOOM, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Error, 19.07.2014 08:57:01, SYSTEM, THERISINGDOOM, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Detection, 19.07.2014 08:57:41, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Quarantine, [9bc399080e6ded4974d0355fa75a25db] Protection, 19.07.2014 08:57:41, SYSTEM, THERISINGDOOM, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Error, 19.07.2014 08:57:41, SYSTEM, THERISINGDOOM, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Detection, 19.07.2014 08:57:42, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Quarantine, [adb1cbd6d1aa0f2772d2eda701007c84] Protection, 19.07.2014 08:57:42, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Error, 19.07.2014 08:57:42, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Detection, 19.07.2014 08:57:44, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Quarantine, [9bc399080e6ded4974d0355fa75a25db] Protection, 19.07.2014 08:57:44, SYSTEM, THERISINGDOOM, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Error, 19.07.2014 08:57:44, SYSTEM, THERISINGDOOM, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Detection, 19.07.2014 08:58:21, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Quarantine, [c599812098e338fe103434602fd29c64] Protection, 19.07.2014 08:58:21, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Error, 19.07.2014 08:58:21, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Detection, 19.07.2014 08:58:22, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Quarantine, [9bc399080e6ded4974d0355fa75a25db] Protection, 19.07.2014 08:58:22, SYSTEM, THERISINGDOOM, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Error, 19.07.2014 08:58:22, SYSTEM, THERISINGDOOM, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Detection, 19.07.2014 08:58:46, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Quarantine, [9bc399080e6ded4974d0355fa75a25db] Protection, 19.07.2014 08:58:46, SYSTEM, THERISINGDOOM, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Error, 19.07.2014 08:58:46, SYSTEM, THERISINGDOOM, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Detection, 19.07.2014 09:07:20, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Quarantine, [c599812098e338fe103434602fd29c64] Protection, 19.07.2014 09:07:20, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Error, 19.07.2014 09:07:20, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Detection, 19.07.2014 09:08:00, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Quarantine, [96c8cdd4295296a02024940027da1ce4] Protection, 19.07.2014 09:08:00, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Error, 19.07.2014 09:08:00, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Detection, 19.07.2014 09:08:00, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Quarantine, [adb1cbd6d1aa0f2772d2eda701007c84] Protection, 19.07.2014 09:08:00, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Error, 19.07.2014 09:08:00, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Detection, 19.07.2014 09:08:40, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Quarantine, [9bc399080e6ded4974d0355fa75a25db] Protection, 19.07.2014 09:08:40, SYSTEM, THERISINGDOOM, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Error, 19.07.2014 09:08:40, SYSTEM, THERISINGDOOM, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Detection, 19.07.2014 09:09:13, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Quarantine, [c599812098e338fe103434602fd29c64] Protection, 19.07.2014 09:09:14, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Error, 19.07.2014 09:09:14, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Detection, 19.07.2014 09:09:53, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Quarantine, [96c8cdd4295296a02024940027da1ce4] Detection, 19.07.2014 09:09:54, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Quarantine, [adb1cbd6d1aa0f2772d2eda701007c84] Protection, 19.07.2014 09:09:54, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Error, 19.07.2014 09:09:54, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Protection, 19.07.2014 09:09:54, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Error, 19.07.2014 09:09:54, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Detection, 19.07.2014 09:09:54, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Quarantine, [9bc399080e6ded4974d0355fa75a25db] Protection, 19.07.2014 09:09:54, SYSTEM, THERISINGDOOM, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Error, 19.07.2014 09:09:54, SYSTEM, THERISINGDOOM, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Detection, 19.07.2014 09:10:34, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Quarantine, [c599812098e338fe103434602fd29c64] Protection, 19.07.2014 09:10:34, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Error, 19.07.2014 09:10:34, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Detection, 19.07.2014 09:10:34, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Quarantine, [96c8cdd4295296a02024940027da1ce4] Protection, 19.07.2014 09:10:34, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Error, 19.07.2014 09:10:34, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Detection, 19.07.2014 09:10:34, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Quarantine, [9bc399080e6ded4974d0355fa75a25db] Protection, 19.07.2014 09:10:34, SYSTEM, THERISINGDOOM, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Error, 19.07.2014 09:10:34, SYSTEM, THERISINGDOOM, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Detection, 19.07.2014 09:10:59, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Quarantine, [adb1cbd6d1aa0f2772d2eda701007c84] Protection, 19.07.2014 09:11:00, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Error, 19.07.2014 09:11:00, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Detection, 19.07.2014 09:11:40, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Quarantine, [c599812098e338fe103434602fd29c64] Protection, 19.07.2014 09:11:40, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Error, 19.07.2014 09:11:40, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Detection, 19.07.2014 09:12:20, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Quarantine, [96c8cdd4295296a02024940027da1ce4] Detection, 19.07.2014 09:12:20, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Quarantine, [96c8cdd4295296a02024940027da1ce4] Protection, 19.07.2014 09:12:20, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Error, 19.07.2014 09:12:20, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Protection, 19.07.2014 09:12:20, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Error, 19.07.2014 09:12:20, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Detection, 19.07.2014 09:12:20, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Quarantine, [9bc399080e6ded4974d0355fa75a25db] Protection, 19.07.2014 09:12:20, SYSTEM, THERISINGDOOM, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Error, 19.07.2014 09:12:20, SYSTEM, THERISINGDOOM, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Detection, 19.07.2014 09:13:00, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Quarantine, [adb1cbd6d1aa0f2772d2eda701007c84] Detection, 19.07.2014 09:13:00, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll, Quarantine, [ff5f71306318c0761034fd977f824fb1] Protection, 19.07.2014 09:13:00, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Error, 19.07.2014 09:13:00, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Detection, 19.07.2014 09:14:02, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Quarantine, [c599812098e338fe103434602fd29c64] Protection, 19.07.2014 09:14:02, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Error, 19.07.2014 09:14:02, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Detection, 19.07.2014 09:14:42, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Quarantine, [9bc399080e6ded4974d0355fa75a25db] Detection, 19.07.2014 09:14:42, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Quarantine, [adb1cbd6d1aa0f2772d2eda701007c84] Protection, 19.07.2014 09:14:42, SYSTEM, THERISINGDOOM, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Error, 19.07.2014 09:14:42, SYSTEM, THERISINGDOOM, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Protection, 19.07.2014 09:14:42, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Error, 19.07.2014 09:14:42, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Detection, 19.07.2014 09:15:15, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe, Quarantine, [0e509e0392e93303d074751fc23f8c74] Detection, 19.07.2014 09:15:22, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Quarantine, [adb1cbd6d1aa0f2772d2eda701007c84] Protection, 19.07.2014 09:15:22, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Error, 19.07.2014 09:15:22, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Detection, 19.07.2014 09:15:22, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll, Quarantine, [0a54b8e917646cca9ba92d6730d17789] Detection, 19.07.2014 09:15:55, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Quarantine, [adb1cbd6d1aa0f2772d2eda701007c84] Protection, 19.07.2014 09:15:55, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Error, 19.07.2014 09:15:55, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Detection, 19.07.2014 09:15:59, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Users\Proske\AppData\Local\Temp\SPSetup.exe, Quarantine, [7be341600e6dfe3886be8410738eac54] Detection, 19.07.2014 09:16:03, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Quarantine, [c599812098e338fe103434602fd29c64] Protection, 19.07.2014 09:16:03, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Error, 19.07.2014 09:16:03, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Detection, 19.07.2014 09:37:51, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Quarantine, [c599812098e338fe103434602fd29c64] Protection, 19.07.2014 09:37:51, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Error, 19.07.2014 09:37:51, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Detection, 19.07.2014 09:38:31, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Quarantine, [96c8cdd4295296a02024940027da1ce4] Detection, 19.07.2014 09:38:31, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Quarantine, [9bc399080e6ded4974d0355fa75a25db] Protection, 19.07.2014 09:38:31, SYSTEM, THERISINGDOOM, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Error, 19.07.2014 09:38:31, SYSTEM, THERISINGDOOM, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Error, 19.07.2014 09:38:31, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Detection, 19.07.2014 09:39:11, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Quarantine, [adb1cbd6d1aa0f2772d2eda701007c84] Protection, 19.07.2014 09:39:12, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Error, 19.07.2014 09:39:12, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Detection, 19.07.2014 09:39:13, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Quarantine, [c599812098e338fe103434602fd29c64] Protection, 19.07.2014 09:39:13, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Error, 19.07.2014 09:39:13, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Detection, 19.07.2014 09:39:53, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Quarantine, [96c8cdd4295296a02024940027da1ce4] Detection, 19.07.2014 09:39:53, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Quarantine, [9bc399080e6ded4974d0355fa75a25db] Protection, 19.07.2014 09:39:53, SYSTEM, THERISINGDOOM, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Error, 19.07.2014 09:39:53, SYSTEM, THERISINGDOOM, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Protection, 19.07.2014 09:39:53, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Error, 19.07.2014 09:39:53, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Detection, 19.07.2014 09:40:33, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Quarantine, [adb1cbd6d1aa0f2772d2eda701007c84] Protection, 19.07.2014 09:40:33, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Error, 19.07.2014 09:40:33, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Detection, 19.07.2014 09:40:35, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Quarantine, [c599812098e338fe103434602fd29c64] Protection, 19.07.2014 09:40:35, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Error, 19.07.2014 09:40:35, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Detection, 19.07.2014 09:41:15, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Quarantine, [96c8cdd4295296a02024940027da1ce4] Detection, 19.07.2014 09:41:15, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Quarantine, [adb1cbd6d1aa0f2772d2eda701007c84] Protection, 19.07.2014 09:41:15, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Error, 19.07.2014 09:41:15, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Protection, 19.07.2014 09:41:15, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Error, 19.07.2014 09:41:15, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Detection, 19.07.2014 09:41:55, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Quarantine, [9bc399080e6ded4974d0355fa75a25db] Protection, 19.07.2014 09:41:56, SYSTEM, THERISINGDOOM, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Error, 19.07.2014 09:41:56, SYSTEM, THERISINGDOOM, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Detection, 19.07.2014 09:41:58, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Quarantine, [c599812098e338fe103434602fd29c64] Protection, 19.07.2014 09:41:58, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Error, 19.07.2014 09:41:58, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Detection, 19.07.2014 09:42:38, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Quarantine, [96c8cdd4295296a02024940027da1ce4] Detection, 19.07.2014 09:42:38, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Quarantine, [9bc399080e6ded4974d0355fa75a25db] Protection, 19.07.2014 09:42:38, SYSTEM, THERISINGDOOM, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Error, 19.07.2014 09:42:38, SYSTEM, THERISINGDOOM, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Protection, 19.07.2014 09:42:38, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Error, 19.07.2014 09:42:38, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Detection, 19.07.2014 09:43:18, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Quarantine, [adb1cbd6d1aa0f2772d2eda701007c84] Protection, 19.07.2014 09:43:18, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Error, 19.07.2014 09:43:18, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Detection, 19.07.2014 09:43:20, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Quarantine, [c599812098e338fe103434602fd29c64] Protection, 19.07.2014 09:43:20, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Error, 19.07.2014 09:43:20, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Detection, 19.07.2014 09:44:00, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Quarantine, [9bc399080e6ded4974d0355fa75a25db] Protection, 19.07.2014 09:44:00, SYSTEM, THERISINGDOOM, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Error, 19.07.2014 09:44:00, SYSTEM, THERISINGDOOM, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Detection, 19.07.2014 09:50:56, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Quarantine, [c599812098e338fe103434602fd29c64] Protection, 19.07.2014 09:50:56, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Error, 19.07.2014 09:50:56, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Detection, 19.07.2014 20:56:17, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Quarantine, [96c8cdd4295296a02024940027da1ce4] Protection, 19.07.2014 20:56:17, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Error, 19.07.2014 20:56:17, SYSTEM, THERISINGDOOM, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Detection, 19.07.2014 20:57:02, Proske, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Users\Proske\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, Quarantine, [69f50d94cbb0a98d6b5615a3f9090af6] Detection, 19.07.2014 20:57:06, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Quarantine, [9bc399080e6ded4974d0355fa75a25db] Protection, 19.07.2014 20:57:06, SYSTEM, THERISINGDOOM, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Error, 19.07.2014 20:57:06, SYSTEM, THERISINGDOOM, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\searchprotect\searchprotect\bin\spvc32.dll, Detection, 19.07.2014 20:57:26, Proske, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Users\Proske\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, Quarantine, [025c71302457e25418a9bbfd26dcaf51] Protection, 19.07.2014 21:17:46, SYSTEM, THERISINGDOOM, Protection, Malware Protection, Starting, Protection, 19.07.2014 21:17:46, SYSTEM, THERISINGDOOM, Protection, Malware Protection, Started, Protection, 19.07.2014 21:17:46, SYSTEM, THERISINGDOOM, Protection, Malicious Website Protection, Starting, Detection, 19.07.2014 21:17:51, SYSTEM, THERISINGDOOM, Protection, Malware Protection, File, PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Quarantine, [71edd5ccabd02e083a0ae3b1fd0432ce] Protection, 19.07.2014 21:20:15, SYSTEM, THERISINGDOOM, Protection, Malicious Website Protection, Started, Protection, 19.07.2014 21:22:49, SYSTEM, THERISINGDOOM, Protection, Malware Protection, Starting, Protection, 19.07.2014 21:22:49, SYSTEM, THERISINGDOOM, Protection, Malware Protection, Started, Protection, 19.07.2014 21:22:50, SYSTEM, THERISINGDOOM, Protection, Malicious Website Protection, Starting, Protection, 19.07.2014 21:23:15, SYSTEM, THERISINGDOOM, Protection, Malicious Website Protection, Started, Protection, 19.07.2014 21:26:16, SYSTEM, THERISINGDOOM, Protection, Malware Protection, Starting, Protection, 19.07.2014 21:26:16, SYSTEM, THERISINGDOOM, Protection, Malware Protection, Started, Protection, 19.07.2014 21:26:16, SYSTEM, THERISINGDOOM, Protection, Malicious Website Protection, Starting, Protection, 19.07.2014 21:27:46, SYSTEM, THERISINGDOOM, Protection, Malicious Website Protection, Started, Protection, 19.07.2014 21:29:58, SYSTEM, THERISINGDOOM, Protection, Malware Protection, Starting, Protection, 19.07.2014 21:29:58, SYSTEM, THERISINGDOOM, Protection, Malware Protection, Started, Protection, 19.07.2014 21:29:58, SYSTEM, THERISINGDOOM, Protection, Malicious Website Protection, Starting, Protection, 19.07.2014 21:31:55, SYSTEM, THERISINGDOOM, Protection, Malicious Website Protection, Started, Protection, 19.07.2014 21:51:02, SYSTEM, THERISINGDOOM, Protection, Malware Protection, Starting, Protection, 19.07.2014 21:51:02, SYSTEM, THERISINGDOOM, Protection, Malware Protection, Started, Protection, 19.07.2014 21:51:02, SYSTEM, THERISINGDOOM, Protection, Malicious Website Protection, Starting, Protection, 19.07.2014 21:52:32, SYSTEM, THERISINGDOOM, Protection, Malicious Website Protection, Started, Protection, 19.07.2014 21:54:56, SYSTEM, THERISINGDOOM, Protection, Malicious Website Protection, Stopping, Protection, 19.07.2014 21:54:57, SYSTEM, THERISINGDOOM, Protection, Malicious Website Protection, Stopped, Protection, 19.07.2014 21:54:57, SYSTEM, THERISINGDOOM, Protection, Malware Protection, Stopping, Protection, 19.07.2014 21:54:57, SYSTEM, THERISINGDOOM, Protection, Malware Protection, Stopped, Protection, 19.07.2014 23:34:54, SYSTEM, THERISINGDOOM, Protection, Malware Protection, Starting, Protection, 19.07.2014 23:34:55, SYSTEM, THERISINGDOOM, Protection, Malware Protection, Started, Protection, 19.07.2014 23:34:55, SYSTEM, THERISINGDOOM, Protection, Malicious Website Protection, Starting, Protection, 19.07.2014 23:35:39, SYSTEM, THERISINGDOOM, Protection, Malicious Website Protection, Started, Update, 19.07.2014 23:47:51, SYSTEM, THERISINGDOOM, Manual, Malware Database, 2014.7.19.2, 2014.7.19.8, Protection, 19.07.2014 23:47:58, SYSTEM, THERISINGDOOM, Protection, Refresh, Starting, Protection, 19.07.2014 23:47:58, SYSTEM, THERISINGDOOM, Protection, Malicious Website Protection, Stopping, Protection, 19.07.2014 23:47:58, SYSTEM, THERISINGDOOM, Protection, Malicious Website Protection, Stopped, Protection, 19.07.2014 23:48:01, SYSTEM, THERISINGDOOM, Protection, Refresh, Success, Protection, 19.07.2014 23:48:01, SYSTEM, THERISINGDOOM, Protection, Malicious Website Protection, Starting, Protection, 19.07.2014 23:48:01, SYSTEM, THERISINGDOOM, Protection, Malicious Website Protection, Started, (end) C:\$Recycle.Bin\S-1-5-21-2019897337-1326489766-2704048417-1000\$R13NVM5.exe Win32/DomaIQ.AG evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Program Files\Uninstaller\Uninstall.exe MSIL/DomaIQ.A evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Program Files (x86)\Uninstaller\Uninstall.exe Variante von MSIL/DomaIQ.A evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Users\Proske\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3AJ9FV8J\spstub[1].exe Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Users\Proske\AppData\Local\Temp\dfs9F29.tmp Variante von MSIL/DomaIQ.X evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Users\Proske\AppData\Local\Temp\nsi29FE.exe Win32/Conduit.SearchProtect.R evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Users\Proske\AppData\Local\Temp\nsn2C8E.exe Win32/Conduit.SearchProtect.R evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Users\Proske\AppData\Local\Temp\nsn4D7A.exe Win32/Conduit.SearchProtect.R evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Users\Proske\AppData\Local\Temp\nss4A3E.exe Win32/Conduit.SearchProtect.R evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Users\Proske\AppData\Local\Temp\oNA1V2dQ.exe.part Win32/DomaIQ.AG evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Users\Proske\AppData\Local\Temp\b1302e7d-cd4a-4491-9564-f31aad29582b\spidentifierimpl.exe Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Users\Proske\AppData\Local\Temp\b1302e7d-cd4a-4491-9564-f31aad29582b\software\sp-downloader.exe Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Users\Proske\AppData\Local\Temp\DM\Player_Setup.exe\a896107152fe41c096cc6b72a98f0d89\installer.exe Win32/DomaIQ.AG evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Users\Proske\AppData\Local\Temp\DM\Player_Setup.exe\a896107152fe41c096cc6b72a98f0d89\Player_Setup.exe Variante von MSIL/DomaIQ.B evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Users\Proske\AppData\Local\Temp\DM\Player_Setup.exe\a896107152fe41c096cc6b72a98f0d89\software\Addlyrics.exe Win32/DownWare.N evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Users\Proske\AppData\Local\Temp\DM\Player_Setup.exe\a896107152fe41c096cc6b72a98f0d89\software\Desk365.exe Variante von Win32/ELEX.Q evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Users\Proske\AppData\Local\Temp\DM\Player_Setup.exe\a896107152fe41c096cc6b72a98f0d89\software\OptimizerPro.exe Variante von Win32/SpeedingUpMyPC.B Anwendung Gesäubert durch Löschen - in Quarantäne kopiert C:\Users\Proske\AppData\Local\Temp\DM\Player_Setup.exe\a896107152fe41c096cc6b72a98f0d89\software\Player_Setup.exe Win32/DomaIQ.M evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Users\Proske\AppData\Local\Temp\nscF43D\SpSetup.exe Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Users\Proske\Downloads\New_player.exe Variante von Win32/DomaIQ.BF evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Windows\Temp\nsc1410.exe Win32/Conduit.SearchProtect.R evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Windows\Temp\nshCA73.exe Win32/Conduit.SearchProtect.R evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Windows\Temp\nshF089.exe Win32/Conduit.SearchProtect.R evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Windows\Temp\nsm1059.exe Win32/Conduit.SearchProtect.R evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Windows\Temp\nsm28B9.exe Win32/Conduit.SearchProtect.R evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Windows\Temp\nsoE272.exe Win32/Conduit.SearchProtect.R evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Windows\Temp\nst83E4.exe Win32/Conduit.SearchProtect.R evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Windows\Temp\nsxE110.exe Win32/Conduit.SearchProtect.R evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Windows\Temp\nsy5ED6.exe Win32/Conduit.SearchProtect.R evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Windows\Temp\nsz12D6.exe Win32/Conduit.SearchProtect.R evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert Avira Free Antivirus Erstellungsdatum der Reportdatei: Samstag, 19. Juli 2014 00:58 Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira Antivirus Free Seriennummer : 0000149996-AVHOE-0000001 Plattform : Windows 7 Home Premium Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : Proske Computername : THERISINGDOOM Versionsinformationen: BUILD.DAT : 14.0.5.464 91868 Bytes 02.07.2014 13:06:00 AVSCAN.EXE : 14.0.5.396 1042512 Bytes 03.07.2014 13:34:41 AVSCANRC.DLL : 14.0.5.364 62544 Bytes 03.07.2014 13:34:41 LUKE.DLL : 14.0.5.336 57936 Bytes 03.07.2014 13:34:52 AVSCPLR.DLL : 14.0.5.376 89680 Bytes 03.07.2014 13:34:41 AVREG.DLL : 14.0.5.356 261200 Bytes 03.07.2014 13:34:40 avlode.dll : 14.0.5.396 588368 Bytes 03.07.2014 13:34:39 avlode.rdf : 14.0.4.42 65114 Bytes 17.07.2014 14:54:08 XBV00008.VDF : 8.11.153.142 2048 Bytes 06.06.2014 03:56:24 XBV00009.VDF : 8.11.153.142 2048 Bytes 06.06.2014 03:56:24 XBV00010.VDF : 8.11.153.142 2048 Bytes 06.06.2014 03:56:24 XBV00011.VDF : 8.11.153.142 2048 Bytes 06.06.2014 03:56:24 XBV00012.VDF : 8.11.153.142 2048 Bytes 06.06.2014 03:56:24 XBV00013.VDF : 8.11.153.142 2048 Bytes 06.06.2014 03:56:24 XBV00014.VDF : 8.11.153.142 2048 Bytes 06.06.2014 03:56:24 XBV00015.VDF : 8.11.153.142 2048 Bytes 06.06.2014 03:56:25 XBV00016.VDF : 8.11.153.142 2048 Bytes 06.06.2014 03:56:25 XBV00017.VDF : 8.11.153.142 2048 Bytes 06.06.2014 03:56:25 XBV00018.VDF : 8.11.153.142 2048 Bytes 06.06.2014 03:56:25 XBV00019.VDF : 8.11.153.142 2048 Bytes 06.06.2014 03:56:25 XBV00020.VDF : 8.11.153.142 2048 Bytes 06.06.2014 03:56:25 XBV00021.VDF : 8.11.153.142 2048 Bytes 06.06.2014 03:56:25 XBV00022.VDF : 8.11.153.142 2048 Bytes 06.06.2014 03:56:25 XBV00023.VDF : 8.11.153.142 2048 Bytes 06.06.2014 03:56:25 XBV00024.VDF : 8.11.153.142 2048 Bytes 06.06.2014 03:56:25 XBV00025.VDF : 8.11.153.142 2048 Bytes 06.06.2014 03:56:25 XBV00026.VDF : 8.11.153.142 2048 Bytes 06.06.2014 03:56:25 XBV00027.VDF : 8.11.153.142 2048 Bytes 06.06.2014 03:56:25 XBV00028.VDF : 8.11.153.142 2048 Bytes 06.06.2014 03:56:25 XBV00029.VDF : 8.11.153.142 2048 Bytes 06.06.2014 03:56:25 XBV00030.VDF : 8.11.153.142 2048 Bytes 06.06.2014 03:56:25 XBV00031.VDF : 8.11.153.142 2048 Bytes 06.06.2014 03:56:25 XBV00032.VDF : 8.11.153.142 2048 Bytes 06.06.2014 03:56:25 XBV00033.VDF : 8.11.153.142 2048 Bytes 06.06.2014 03:56:25 XBV00034.VDF : 8.11.153.142 2048 Bytes 06.06.2014 03:56:25 XBV00035.VDF : 8.11.153.142 2048 Bytes 06.06.2014 03:56:25 XBV00036.VDF : 8.11.153.142 2048 Bytes 06.06.2014 03:56:26 XBV00037.VDF : 8.11.153.142 2048 Bytes 06.06.2014 03:56:26 XBV00038.VDF : 8.11.153.142 2048 Bytes 06.06.2014 03:56:26 XBV00039.VDF : 8.11.153.142 2048 Bytes 06.06.2014 03:56:26 XBV00040.VDF : 8.11.153.142 2048 Bytes 06.06.2014 03:56:26 XBV00041.VDF : 8.11.153.142 2048 Bytes 06.06.2014 03:56:26 XBV00136.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:25 XBV00137.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:25 XBV00138.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:25 XBV00139.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:25 XBV00140.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:25 XBV00141.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:25 XBV00142.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:25 XBV00143.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:25 XBV00144.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:25 XBV00145.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:26 XBV00146.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:26 XBV00147.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:26 XBV00148.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:26 XBV00149.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:26 XBV00150.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:26 XBV00151.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:26 XBV00152.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:26 XBV00153.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:26 XBV00154.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:26 XBV00155.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:26 XBV00156.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:26 XBV00157.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:26 XBV00158.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:26 XBV00159.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:27 XBV00160.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:27 XBV00161.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:27 XBV00162.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:27 XBV00163.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:27 XBV00164.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:27 XBV00165.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:27 XBV00166.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:27 XBV00167.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:27 XBV00168.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:27 XBV00169.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:27 XBV00170.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:27 XBV00171.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:27 XBV00172.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:27 XBV00173.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:27 XBV00174.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:27 XBV00175.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:27 XBV00176.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:27 XBV00177.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:27 XBV00178.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:27 XBV00179.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:28 XBV00180.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:28 XBV00181.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:28 XBV00182.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:28 XBV00183.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:28 XBV00184.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:28 XBV00185.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:28 XBV00186.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:28 XBV00187.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:28 XBV00188.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:28 XBV00189.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:28 XBV00190.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:28 XBV00191.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:28 XBV00192.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:28 XBV00193.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:28 XBV00194.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:28 XBV00195.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:28 XBV00196.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:28 XBV00197.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:28 XBV00198.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:28 XBV00199.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:28 XBV00200.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:29 XBV00201.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:29 XBV00202.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:29 XBV00203.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:29 XBV00204.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:29 XBV00205.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:29 XBV00206.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:29 XBV00207.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:29 XBV00208.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:29 XBV00209.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:29 XBV00210.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:29 XBV00211.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:29 XBV00212.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:29 XBV00213.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:29 XBV00214.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:29 XBV00215.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:29 XBV00216.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:29 XBV00217.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:29 XBV00218.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:29 XBV00219.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:29 XBV00220.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:29 XBV00221.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:30 XBV00222.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:30 XBV00223.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:30 XBV00224.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:30 XBV00225.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:30 XBV00226.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:30 XBV00227.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:30 XBV00228.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:30 XBV00229.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:30 XBV00230.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:30 XBV00231.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:30 XBV00232.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:30 XBV00233.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:30 XBV00234.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:30 XBV00235.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:30 XBV00236.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:30 XBV00237.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:30 XBV00238.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:30 XBV00239.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:30 XBV00240.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:30 XBV00241.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:31 XBV00242.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:31 XBV00243.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:31 XBV00244.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:31 XBV00245.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:31 XBV00246.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:31 XBV00247.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:31 XBV00248.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:31 XBV00249.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:31 XBV00250.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:31 XBV00251.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:31 XBV00252.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:31 XBV00253.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:31 XBV00254.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:31 XBV00255.VDF : 8.11.159.102 2048 Bytes 08.07.2014 13:53:31 XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 13:08:46 XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 15:02:32 XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 19:24:53 XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 21:24:00 XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 20:37:16 XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 16:44:59 XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 17:48:17 XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 19:09:13 XBV00042.VDF : 8.11.153.142 710656 Bytes 06.06.2014 03:56:26 XBV00043.VDF : 8.11.155.44 1013760 Bytes 16.06.2014 03:56:27 XBV00044.VDF : 8.11.159.102 1662976 Bytes 08.07.2014 13:53:21 XBV00045.VDF : 8.11.159.104 13824 Bytes 08.07.2014 13:53:21 XBV00046.VDF : 8.11.159.108 13312 Bytes 08.07.2014 13:53:21 XBV00047.VDF : 8.11.159.112 30720 Bytes 09.07.2014 13:53:21 XBV00048.VDF : 8.11.159.114 6144 Bytes 09.07.2014 13:53:21 XBV00049.VDF : 8.11.159.116 10240 Bytes 09.07.2014 13:53:21 XBV00050.VDF : 8.11.159.118 5632 Bytes 09.07.2014 13:53:21 XBV00051.VDF : 8.11.159.122 7168 Bytes 09.07.2014 13:53:21 XBV00052.VDF : 8.11.159.126 180736 Bytes 09.07.2014 05:30:18 XBV00053.VDF : 8.11.159.148 174080 Bytes 09.07.2014 05:30:19 XBV00054.VDF : 8.11.159.168 2560 Bytes 09.07.2014 05:30:19 XBV00055.VDF : 8.11.159.188 15360 Bytes 09.07.2014 05:30:19 XBV00056.VDF : 8.11.159.210 25600 Bytes 09.07.2014 14:14:16 XBV00057.VDF : 8.11.159.212 7168 Bytes 09.07.2014 14:14:16 XBV00058.VDF : 8.11.159.218 27648 Bytes 10.07.2014 14:14:16 XBV00059.VDF : 8.11.159.220 2048 Bytes 10.07.2014 14:14:16 XBV00060.VDF : 8.11.159.222 29696 Bytes 10.07.2014 14:14:16 XBV00061.VDF : 8.11.159.224 167936 Bytes 10.07.2014 14:14:16 XBV00062.VDF : 8.11.159.226 35328 Bytes 10.07.2014 14:14:16 XBV00063.VDF : 8.11.159.230 186368 Bytes 10.07.2014 20:28:31 XBV00064.VDF : 8.11.159.250 16896 Bytes 10.07.2014 20:28:31 XBV00065.VDF : 8.11.159.252 2048 Bytes 10.07.2014 20:28:31 XBV00066.VDF : 8.11.160.16 6144 Bytes 10.07.2014 20:28:31 XBV00067.VDF : 8.11.160.40 17408 Bytes 10.07.2014 08:30:26 XBV00068.VDF : 8.11.160.42 2048 Bytes 11.07.2014 08:30:26 XBV00069.VDF : 8.11.160.46 179200 Bytes 11.07.2014 08:30:27 XBV00070.VDF : 8.11.160.48 203264 Bytes 11.07.2014 04:52:39 XBV00071.VDF : 8.11.160.50 6144 Bytes 11.07.2014 04:52:39 XBV00072.VDF : 8.11.160.52 2048 Bytes 11.07.2014 04:52:39 XBV00073.VDF : 8.11.160.54 2048 Bytes 11.07.2014 04:52:39 XBV00074.VDF : 8.11.160.58 22016 Bytes 11.07.2014 04:52:39 XBV00075.VDF : 8.11.160.60 2048 Bytes 11.07.2014 04:52:39 XBV00076.VDF : 8.11.160.62 8192 Bytes 11.07.2014 04:52:39 XBV00077.VDF : 8.11.160.66 198656 Bytes 12.07.2014 12:53:50 XBV00078.VDF : 8.11.160.68 7168 Bytes 12.07.2014 12:53:50 XBV00079.VDF : 8.11.160.70 14848 Bytes 12.07.2014 12:53:50 XBV00080.VDF : 8.11.160.72 7168 Bytes 12.07.2014 12:53:50 XBV00081.VDF : 8.11.160.92 40448 Bytes 13.07.2014 12:53:50 XBV00082.VDF : 8.11.160.112 2048 Bytes 13.07.2014 12:53:50 XBV00083.VDF : 8.11.160.130 193024 Bytes 13.07.2014 10:36:44 XBV00084.VDF : 8.11.160.132 2048 Bytes 13.07.2014 10:36:44 XBV00085.VDF : 8.11.160.152 20480 Bytes 13.07.2014 10:36:44 XBV00086.VDF : 8.11.160.154 2048 Bytes 13.07.2014 10:36:44 XBV00087.VDF : 8.11.160.156 20992 Bytes 14.07.2014 10:36:44 XBV00088.VDF : 8.11.160.158 2560 Bytes 14.07.2014 10:36:44 XBV00089.VDF : 8.11.160.160 11264 Bytes 14.07.2014 10:36:44 XBV00090.VDF : 8.11.160.162 2560 Bytes 14.07.2014 10:36:44 XBV00091.VDF : 8.11.160.166 14336 Bytes 14.07.2014 17:15:45 XBV00092.VDF : 8.11.160.168 5120 Bytes 14.07.2014 17:15:45 XBV00093.VDF : 8.11.160.178 7168 Bytes 14.07.2014 17:15:45 XBV00094.VDF : 8.11.160.180 2048 Bytes 14.07.2014 17:15:45 XBV00095.VDF : 8.11.160.182 2048 Bytes 14.07.2014 17:15:46 XBV00096.VDF : 8.11.160.188 256000 Bytes 14.07.2014 05:31:01 XBV00097.VDF : 8.11.160.190 7680 Bytes 14.07.2014 05:31:01 XBV00098.VDF : 8.11.160.194 18432 Bytes 15.07.2014 05:31:01 XBV00099.VDF : 8.11.160.212 184832 Bytes 15.07.2014 12:38:04 XBV00100.VDF : 8.11.160.230 289792 Bytes 15.07.2014 18:52:20 XBV00101.VDF : 8.11.160.232 2048 Bytes 15.07.2014 18:52:20 XBV00102.VDF : 8.11.160.234 176128 Bytes 15.07.2014 18:52:20 XBV00103.VDF : 8.11.160.254 18432 Bytes 15.07.2014 05:10:57 XBV00104.VDF : 8.11.161.16 6144 Bytes 16.07.2014 14:38:17 XBV00105.VDF : 8.11.161.32 2048 Bytes 16.07.2014 14:38:17 XBV00106.VDF : 8.11.161.34 2048 Bytes 16.07.2014 14:38:17 XBV00107.VDF : 8.11.161.52 26624 Bytes 16.07.2014 14:38:17 XBV00108.VDF : 8.11.161.68 184832 Bytes 16.07.2014 05:29:07 XBV00109.VDF : 8.11.161.84 2048 Bytes 16.07.2014 05:29:07 XBV00110.VDF : 8.11.162.2 2560 Bytes 16.07.2014 05:29:07 XBV00111.VDF : 8.11.162.6 16896 Bytes 16.07.2014 05:29:07 XBV00112.VDF : 8.11.162.8 24064 Bytes 16.07.2014 05:29:07 XBV00113.VDF : 8.11.162.10 2560 Bytes 16.07.2014 05:29:07 XBV00114.VDF : 8.11.162.14 41472 Bytes 17.07.2014 14:54:08 XBV00115.VDF : 8.11.162.16 2048 Bytes 17.07.2014 14:54:09 XBV00116.VDF : 8.11.162.18 215040 Bytes 17.07.2014 14:54:09 XBV00117.VDF : 8.11.162.22 184320 Bytes 17.07.2014 14:54:09 XBV00118.VDF : 8.11.162.40 258048 Bytes 17.07.2014 20:54:08 XBV00119.VDF : 8.11.162.42 3584 Bytes 17.07.2014 20:54:08 XBV00120.VDF : 8.11.162.58 3072 Bytes 17.07.2014 07:54:44 XBV00121.VDF : 8.11.162.78 2048 Bytes 17.07.2014 07:54:44 XBV00122.VDF : 8.11.162.94 2048 Bytes 17.07.2014 07:54:44 XBV00123.VDF : 8.11.162.110 35840 Bytes 17.07.2014 07:54:44 XBV00124.VDF : 8.11.162.112 2048 Bytes 18.07.2014 07:54:44 XBV00125.VDF : 8.11.162.130 23040 Bytes 18.07.2014 07:54:44 XBV00126.VDF : 8.11.162.134 184320 Bytes 18.07.2014 07:54:45 XBV00127.VDF : 8.11.162.136 2048 Bytes 18.07.2014 07:54:45 XBV00128.VDF : 8.11.162.152 231424 Bytes 18.07.2014 13:54:43 XBV00129.VDF : 8.11.162.154 2048 Bytes 18.07.2014 13:54:43 XBV00130.VDF : 8.11.162.170 108032 Bytes 18.07.2014 21:13:41 XBV00131.VDF : 8.11.162.172 9728 Bytes 18.07.2014 21:13:41 XBV00132.VDF : 8.11.162.174 2048 Bytes 18.07.2014 21:13:41 XBV00133.VDF : 8.11.162.188 20992 Bytes 18.07.2014 21:13:42 XBV00134.VDF : 8.11.162.192 2048 Bytes 18.07.2014 21:13:42 XBV00135.VDF : 8.11.162.194 2048 Bytes 18.07.2014 21:13:42 LOCAL001.VDF : 8.11.162.194 109239808 Bytes 18.07.2014 21:13:54 Engineversion : 8.3.20.34 AEVDF.DLL : 8.3.0.4 118976 Bytes 20.03.2014 15:15:44 AESCRIPT.DLL : 8.1.4.220 532680 Bytes 11.07.2014 17:19:17 AESCN.DLL : 8.3.1.2 135360 Bytes 29.05.2014 05:31:44 AESBX.DLL : 8.2.20.24 1409224 Bytes 09.05.2014 00:30:20 AERDL.DLL : 8.2.0.138 704888 Bytes 02.12.2013 14:50:27 AEPACK.DLL : 8.4.0.42 786632 Bytes 02.07.2014 20:02:10 AEOFFICE.DLL : 8.3.0.10 209096 Bytes 11.07.2014 17:19:17 AEHEUR.DLL : 8.1.4.1160 7229640 Bytes 11.07.2014 17:19:17 AEHELP.DLL : 8.3.1.0 278728 Bytes 29.05.2014 05:31:41 AEGEN.DLL : 8.1.7.28 450752 Bytes 06.06.2014 16:54:51 AEEXP.DLL : 8.4.2.6 237760 Bytes 27.06.2014 21:32:33 AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 22:30:06 AEDROID.DLL : 8.4.2.24 442568 Bytes 04.06.2014 20:06:05 AECORE.DLL : 8.3.1.4 241864 Bytes 06.06.2014 16:54:51 AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 16:46:33 AVWINLL.DLL : 14.0.5.320 24144 Bytes 03.07.2014 13:34:36 AVPREF.DLL : 14.0.5.320 50256 Bytes 03.07.2014 13:34:39 AVREP.DLL : 14.0.5.320 219216 Bytes 03.07.2014 13:34:40 AVARKT.DLL : 14.0.5.368 226384 Bytes 03.07.2014 13:34:36 AVEVTLOG.DLL : 14.0.5.320 182352 Bytes 03.07.2014 13:34:38 SQLITE3.DLL : 14.0.5.320 452176 Bytes 03.07.2014 13:34:56 AVSMTP.DLL : 14.0.5.320 76368 Bytes 03.07.2014 13:34:42 NETNT.DLL : 14.0.5.320 13392 Bytes 03.07.2014 13:34:53 RCIMAGE.DLL : 14.0.5.320 4998224 Bytes 03.07.2014 13:34:36 RCTEXT.DLL : 14.0.5.322 73808 Bytes 03.07.2014 13:34:36 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: D:\program files (x86)\avira\antivir desktop\sysscan.avp Protokollierung.......................: standard Primäre Aktion........................: Interaktiv Sekundäre Aktion......................: Ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, D:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Prüfe alle Dateien....................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Abweichende Gefahrenkategorien........: +JOKE, Beginn des Suchlaufs: Samstag, 19. Juli 2014 00:58 Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'HDD0(C:, D' [INFO] Es wurde kein Virus gefunden! Der Suchlauf nach versteckten Objekten wird begonnen. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'nvvsvc.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'nvSCPAPISvr.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '88' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '98' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '83' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '171' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '80' Modul(e) wurden durchsucht Durchsuche Prozess 'nvxdsync.exe' - '54' Modul(e) wurden durchsucht Durchsuche Prozess 'nvvsvc.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '84' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '60' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'taskhost.exe' - '74' Modul(e) wurden durchsucht Durchsuche Prozess 'Dwm.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '195' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '107' Modul(e) wurden durchsucht Durchsuche Prozess 'AppleMobileDeviceService.exe' - '73' Modul(e) wurden durchsucht Durchsuche Prozess 'adminservice.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'avmike.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'BFNService.exe' - '57' Modul(e) wurden durchsucht Durchsuche Prozess 'RAVCpl64.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'mDNSResponder.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'SkypeC2CAutoUpdateSvc.exe' - '54' Modul(e) wurden durchsucht Durchsuche Prozess 'BtvStack.exe' - '85' Modul(e) wurden durchsucht Durchsuche Prozess 'AthBtTray.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'SkypeC2CPNRSvc.exe' - '25' Modul(e) wurden durchsucht Durchsuche Prozess 'certsrv.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'IProsetMonitor.exe' - '22' Modul(e) wurden durchsucht Durchsuche Prozess 'NvBackend.exe' - '60' Modul(e) wurden durchsucht Durchsuche Prozess 'E_FATIBEE.EXE' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'Skype.exe' - '141' Modul(e) wurden durchsucht Durchsuche Prozess 'NvNetworkService.exe' - '41' Modul(e) wurden durchsucht Durchsuche Prozess 'Updater.exe' - '56' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'KillerNetManager.exe' - '75' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '122' Modul(e) wurden durchsucht Durchsuche Prozess 'soffice.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'nvstreamsvc.exe' - '54' Modul(e) wurden durchsucht Durchsuche Prozess 'nvtray.exe' - '56' Modul(e) wurden durchsucht Durchsuche Prozess 'iTunesHelper.exe' - '83' Modul(e) wurden durchsucht Durchsuche Prozess 'nwtsrv.exe' - '48' Modul(e) wurden durchsucht Durchsuche Prozess 'PnkBstrA.exe' - '50' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'TeamViewer_Service.exe' - '107' Modul(e) wurden durchsucht Durchsuche Prozess 'AVWEBGRD.EXE' - '74' Modul(e) wurden durchsucht Durchsuche Prozess 'iPodService.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'nvstreamsvc.exe' - '71' Modul(e) wurden durchsucht Durchsuche Prozess 'nvstreamsvc.exe' - '71' Modul(e) wurden durchsucht Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht Durchsuche Prozess 'conhost.exe' - '20' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchIndexer.exe' - '57' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiprvse.exe' - '48' Modul(e) wurden durchsucht Durchsuche Prozess 'wmpnetwk.exe' - '93' Modul(e) wurden durchsucht Durchsuche Prozess 'TeamViewer.exe' - '124' Modul(e) wurden durchsucht Durchsuche Prozess 'tv_w32.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'tv_x64.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'soffice.bin' - '97' Modul(e) wurden durchsucht Durchsuche Prozess 'NASvc.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '69' Modul(e) wurden durchsucht Durchsuche Prozess 'wmplayer.exe' - '135' Modul(e) wurden durchsucht Durchsuche Prozess 'Origin.exe' - '157' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '150' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '117' Modul(e) wurden durchsucht Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiprvse.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchProtocolHost.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'wininit.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '39' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '67' Modul(e) wurden durchsucht Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '1715' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' C:\Users\Proske\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A17XW2PI\eGdpSvc[1].exe [FUND] Ist das Trojanische Pferd TR/Wysotot.Gen [0] Archivtyp: Runtime Packed --> C:\$Recycle.Bin\S-1-5-21-2019897337-1326489766-2704048417-1000\$RAZQ0HA.exe [1] Archivtyp: Runtime Packed --> C:\Users\Proske\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe [2] Archivtyp: Runtime Packed --> C:\Users\Proske\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe [3] Archivtyp: Runtime Packed --> C:\Users\Proske\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe [4] Archivtyp: Runtime Packed --> C:\Users\Proske\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe [5] Archivtyp: Runtime Packed --> C:\Users\Proske\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe [6] Archivtyp: Runtime Packed --> C:\Users\Proske\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe [7] Archivtyp: Runtime Packed --> C:\Users\Proske\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe [8] Archivtyp: Runtime Packed --> C:\Users\Proske\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe [9] Archivtyp: Runtime Packed --> C:\Users\Proske\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe [10] Archivtyp: Runtime Packed --> C:\Users\Proske\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe [11] Archivtyp: Runtime Packed --> C:\Users\Proske\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe [12] Archivtyp: Runtime Packed --> C:\Users\Proske\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe [13] Archivtyp: Runtime Packed --> C:\Users\Proske\AppData\Local\Temp\LyricsMonkey_1060-1053_v120.exe [14] Archivtyp: NSIS --> ProgramFilesDir/126.dll [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden --> ProgramFilesDir/LyrMonkeyUpd.exe [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden C:\Users\Proske\AppData\Local\Temp\LyricsMonkey_1060-1053_v120.exe [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen --> C:\Users\Proske\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\3edfa214-51966613 [14] Archivtyp: ZIP --> Guvijb.class [FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Rafold.A.Gen [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden --> udevi.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Pesur.JT.3 [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden --> WwBghYvMY.class [FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Rafold.D.Gen [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden C:\Users\Proske\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\3edfa214-51966613 [FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Rafold.D.Gen Beginne mit der Suche in 'D:\' Beginne mit der Desinfektion: C:\Users\Proske\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\3edfa214-51966613 [FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Rafold.D.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '51a0a0e6.qua' verschoben! C:\Users\Proske\AppData\Local\Temp\LyricsMonkey_1060-1053_v120.exe [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49258f55.qua' verschoben! C:\Users\Proske\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A17XW2PI\eGdpSvc[1].exe [FUND] Ist das Trojanische Pferd TR/Wysotot.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1b68d58b.qua' verschoben! Ende des Suchlaufs: Samstag, 19. Juli 2014 08:21 Benötigte Zeit: 1:29:14 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 49157 Verzeichnisse wurden überprüft 1329418 Dateien wurden geprüft 8 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 3 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 1329410 Dateien ohne Befall 13623 Archive wurden durchsucht 5 Warnungen 3 Hinweise 766534 Objekte wurden beim Rootkitscan durchsucht 0 Versteckte Objekte wurden gefunden Dieser Beitrag wurde am 27.07.2014 um 00:31 Uhr von alleshab editiert.
|
|
|
||
29.07.2014, 11:15
Member
Beiträge: 4730 |
#6
Zitat alleshab posteteDas ist normal. Zitat wiegesagt ich hab noch einiges in quarantäne verschoben, was soll ich damit anstellen?Löschen oder in der Quarantäne lassen... egal Zitat und wie bekomme ich die adware wieder weg?Ask.com solltest Du über Systemsteuerung - Programme und Funktionen deinstallieren können. Wenn Du ne veraltete Version von Avira hast, dann kann es sein, dass der Schutz dann nicht mehr komplett funktioniert (weil Avira ne Zeit lang mit Ask.com gekoppelt war - also Avira auf die aktuelle Version upgraden). Wenn es mit Nero reingekommen ist, dann hat es keine Auswirkungen. Bei Nero kannst Du am Anfang der Installation auswählen, ob Ask.com installiert werden soll. Möglicherweise bekommt man diese Auswahl nur, wenn man eine benutzerdefinierte Installation macht. Keine Ahnung, von Nero lasse ich seit vielen Jahren die Finger (wegen der AdWare/Spyware und weil es bessere Programme gibt). Kann aber auch ein anderes "Freeware"-Programm gewesen sein, welches Ask.com mitgebracht hat. Einige Programme werden kostenlos angeboten, weil sie mit so ner AdWare/Spyware gekoppelt sind, für die der Entwickler pro Installation eine Provision erhält. __________ Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren. Der Grabsteinschubser |
|
|
||
30.07.2014, 01:06
Member
Themenstarter Beiträge: 35 |
#7
ok danke fürs drüberschaun und die damit verbundene arbeit!
werd mal schaun ob es was bringt. miese sache mit der provision...wenn man noch wüsste was die nun wieder ausspionieren... an und für sich hab ich dann wohl nicht viel falsch gemacht mit malwarebytes und eset??? |
|
|
||
30.07.2014, 10:57
Member
Beiträge: 4730 |
#8
Nein, alles ok.
Ask.com spioniert Dich nicht wirklich aus. Im Grunde ist Ask.com eine Suchmaschine (laut Wikipedia die viertgrößte in den USA). Es wird eine Toolbar in Deinen Browsern installiert und evtl. die Standardsuchmaschine durch Ask.com ersetzt. Die Suchergebnisse sind aber recht bescheiden und beschränken sich zumindest auf den ersten Ergebnisseiten auf kommerzielle Anbieter, die ask.com dafür bezahlen. Wenn Du über ask.com suchst, wird Dein Suchverhalten und entsprechend dann auch Dein Surfverhalten aufgezeichnet und monetarisiert (also analysiert und auf Deine persönlichen Vorlieben zugeschnittene Werbung angezeigt). Es ist weitgehend harmlos (abgesehen vom Datenschutz). Früher hat sich die Software aber auch manchmal ziemlich tief im System festgesetzt, dass manchmal nur eine Neuinstallation des Betriebssystems geholfen hat, den Mist loszuwerden. Inzwischen habe ich die Erfahrung gemacht, dass die Deinstallation einfacher und sauber geschieht. __________ Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren. Der Grabsteinschubser |
|
|
||
04.08.2014, 21:45
Member
Themenstarter Beiträge: 35 |
#9
wie gesagt danke nochmal! habe es deinstalliert und gemerkt das java es mit einschleppt wenn man nicht aufpasst und das häkchen beim installieren weg macht. nach der deinstallation habe ich auch direkt gemerkt das sehr viel werbung weniger im browser unterwegs ist.
|
|
|
||
Ich antivir durchlaufen lassen und gleich mehrere funde gehabt, habe ich soweit erst mal in quarantäne verschoben. Allerdings war ich mir nicht sicher was nun damit machen?! Löschen ist nicht immer so gut?
Leider hier erst zu spät gesehn, hab ich schon ein wenig auf eigene faust gehandelt.
Habe Malwarebytes im abgesicherten modus suchen lassen und auch hier dateien in quarantäne verschoben.
Anschließend habe ich auch Eset onlinescanner verwendet und dateien in quarantäne verschoben sowie von eset selbst gelöscht.
Grund meines durchdrehens des ganzen gescanne war eigentlich nur das ich dauernd nervige popups habe trotz popupblocker von firefox, das javaupdate nicht mehr funktionierte, mein computer manchmal im standbymodus unerwartet runterfährt und anschließend ich auswählen muss wie er starten soll.
Ich hoffe ich habe noch nicht zuviel kaputt gemacht um mir helfen zu können?!?
OTL.exe habe ich mir eben grad runtergeladen.
Hier ein Auszug von den Funden; PUP.Optional.SearchProtect.A
PUP.Optional.FrostwireTB.A
EXP/JAVA.Rafold.D.Gen
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Pesur.JT.3
[FUND] Ist das Trojanische Pferd TR/Wysotot.Gen
MSIL/DomaIQ.A
Variante von Win32/Conduit.SearchProtect.I
Variante von Win32/ClientConnect.A
Scanberichte wenn ihr da durchseht würde ich natürlich bei Bedarf zur Verfügung stellen und mich nackig machen, warte aber eben nochmal eure Anwort ab wegen meines dummen eigenhandelns...
LG[/u][/b]