| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: System Restore, Spyhunter 4Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.11.2011, 08:14
| #1 |
 |  System Restore, Spyhunter 4 Ein Moin moin erstmal. Vor ungefähr einem Jahr hatte ich auf meinem alten Laptop einen Ansturm an Trojanern und da hat dieses Forum mir wahnsinnig geholfen, ich hoffe dass auch dieses Mal mein PC vor meiner Dummheit gerettet werden kann. Vor einer guten Stunde wurde mein Computer von System Restore angegriffen (und wahrscheinlich einer Armee an anderen Viren und Trojanern), klug wie ich bin habe ich mich auf den erst-besten Eintrag bei Google verlassen, im abgesicherten Modus gestartet, in dem ich mich noch immer befinde, und wie ein dummes Kalb Spyhunter 4 installiert, Applaus, Applaus. Ich glaube allen Lesern sollte jetzt klar sein dass ich mich mit Computern rein garnicht auskenne und dringend Hilfe benötige! Ich bedanke mich im Voraus um schnellen Rat und Hilfe, Sock. |
|
05.11.2011, 16:05
| #2 |
| /// Malware-holic   |  System Restore, Spyhunter 4 hi
__________________Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
__________________ |
|
05.11.2011, 19:26
| #3 |
| | System Restore, Spyhunter 4 Wichtig: Habe vor einigen Stunden Malwarebytes durchlaufen lassen um das Gröbste zu entfernen
__________________OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 05.11.2011 18:15:20 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Tobia\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,98 Gb Total Physical Memory | 3,38 Gb Available Physical Memory | 56,50% Memory free 11,96 Gb Paging File | 8,36 Gb Available in Paging File | 69,87% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1383,98 Gb Total Space | 1119,30 Gb Free Space | 80,88% Space Free | Partition Type: NTFS Drive D: | 6,09 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: GRANJA | User Name: Tobia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Tobia\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe () PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe () PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe () PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) PRC - C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic) PRC - C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe (Giraffic) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE (SoftThinks - Dell) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Users\Tobia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE () PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS) PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell) PRC - C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe () PRC - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe () PRC - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe () PRC - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe () PRC - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () PRC - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe () PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe () PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.) PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) ========== Modules (No Company Name) ========== MOD - C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe () MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe () MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL () MOD - C:\Program Files (x86)\Steam\bin\avformat-52.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-50.dll () MOD - C:\Program Files (x86)\Steam\bin\avcodec-52.dll () MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () MOD - C:\Program Files (x86)\Origin\QtWebKit4.dll () MOD - C:\Program Files (x86)\Origin\imageformats\qtiff4.dll () MOD - C:\Program Files (x86)\Origin\imageformats\qmng4.dll () MOD - C:\Program Files (x86)\Origin\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Origin\imageformats\qico4.dll () MOD - C:\Program Files (x86)\Origin\imageformats\qgif4.dll () MOD - C:\Program Files (x86)\Origin\codecs\qtwcodecs4.dll () MOD - C:\Program Files (x86)\Origin\codecs\qkrcodecs4.dll () MOD - C:\Program Files (x86)\Origin\codecs\qjpcodecs4.dll () MOD - C:\Program Files (x86)\Origin\codecs\qcncodecs4.dll () MOD - C:\Program Files (x86)\Origin\phonon4.dll () MOD - C:\Program Files (x86)\Origin\QtXml4.dll () MOD - C:\Program Files (x86)\Origin\QtNetwork4.dll () MOD - C:\Program Files (x86)\Origin\QtGui4.dll () MOD - C:\Program Files (x86)\Origin\QtCore4.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\60c320dbe033e8ff4830cdc059933f2c\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ebfad289d9759034cd3a887802fadb5b\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\1e861a038748c6e821a1790d87618af5\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f5659a792c1f6832d9a45c1509d03497\System.Transactions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\ccba14fc93de40f4f53d401f07b9bcb8\System.Security.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE () MOD - C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe () MOD - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe () MOD - C:\Program Files (x86)\Dell\Stage Remote\DataService.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\de-DE\UI\ManagerUI.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll () MOD - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtNetwork4.dll () MOD - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtWebKit4.dll () MOD - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtScript4.dll () MOD - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\phonon4.dll () MOD - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtGui4.dll () MOD - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtCore4.dll () MOD - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll () MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe () MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe () MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\QtCore4.dll () MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll () MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\QtGui4.dll () MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll () MOD - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe () MOD - c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe () MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\BBEngineAS.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll () MOD - C:\Windows\SysWOW64\msjetoledb40.dll () MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (SpyHunter 4 Service) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.) SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.) SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV:64bit: - (McODS) -- C:\Program Files\mcafee\VirusScan\mcods.exe (McAfee, Inc.) SRV:64bit: - (McAWFwk) -- c:\Program Files\mcafee\msc\McAWFwk.exe (McAfee, Inc.) SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (TabletServicePen) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.) SRV:64bit: - (TouchServicePen) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (vToolbarUpdater) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) SRV - (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions) SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (VMCService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) ========== Driver Services (SafeList) ========== DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms (PC-Doctor, Inc.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.) DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.) DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.) DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology) DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology) DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology) DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell | MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/" FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7B7f7677de-d826-4d99-9aa3-901caea01735%7D&mid=4ff039fe398247d1af9aa9628d5797ae-42211e9fcf606e94e2734303762b34456d3929b2&ds=AVG&v=8.0.0.40&lang=de&pr=pr&d=2011-11-05%2008%3A31%3A09&sap=ku&q=" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tobia\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011.10.14 15:11:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011.11.05 08:31:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.01 22:04:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.01 17:20:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobia\AppData\Roaming\Mozilla\Extensions [2011.11.05 08:31:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobia\AppData\Roaming\Mozilla\Firefox\Profiles\7tyf4vqm.default\extensions [2011.11.05 08:31:17 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\Tobia\AppData\Roaming\Mozilla\Firefox\Profiles\7tyf4vqm.default\extensions\avg@toolbar [2011.11.05 08:07:58 | 000,003,847 | ---- | M] () -- C:\Users\Tobia\AppData\Roaming\Mozilla\Firefox\Profiles\7tyf4vqm.default\searchplugins\avg-secure-search.xml [2011.09.07 17:46:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.10.15 16:06:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.09.07 17:46:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.11.05 08:31:17 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4 [2011.10.14 15:11:35 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES (X86)\COMMON FILES\MCAFEE\SYSTEMCORE [2011.10.01 22:04:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.08.30 21:35:55 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.08.30 21:29:49 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.08.30 21:35:55 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.08.30 21:35:55 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.08.30 21:35:55 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.08.30 21:35:55 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - Extension: Click to call with Skype = C:\Users\Tobia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20111014002903.dll (McAfee, Inc.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111014002903.dll (McAfee, Inc.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.) O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.) O4:64bit: - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe () O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe () O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) O4 - HKCU..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.) O4 - HKCU..\Run: [NCsoft] File not found O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) O4 - Startup: C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Tobia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{908F7682-1C34-4FAA-9368-845FA6E0E712}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll () O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.09.14 23:52:49 | 000,000,050 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{0164f276-ec70-11e0-a18b-782bcbb37e5d}\Shell - "" = AutoRun O33 - MountPoints2\{0164f276-ec70-11e0-a18b-782bcbb37e5d}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{8a79ab48-d224-11e0-9b9b-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{8a79ab48-d224-11e0-9b9b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Launcher.exe -- [2009.09.22 15:02:07 | 001,668,472 | R--- | M] (Gearbox Software) O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.11.05 18:13:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2011.11.05 18:01:39 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Tobia\Desktop\OTL.exe [2011.11.05 12:07:09 | 000,000,000 | ---D | C] -- C:\Users\Tobia\Documents\Vindictus EU [2011.11.05 12:01:36 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonEU [2011.11.05 11:26:41 | 000,000,000 | ---D | C] -- C:\Download [2011.11.05 11:26:12 | 000,446,464 | ---- | C] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe [2011.11.05 10:48:58 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{0E60EC53-4769-4D3A-9B03-17ADD8905C5A} [2011.11.05 10:48:38 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{11A6A3D9-9558-492A-8207-F35B456D96D0} [2011.11.05 10:40:24 | 000,000,000 | ---D | C] -- C:\Windows\de [2011.11.05 10:37:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.11.05 10:13:58 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{E51E86BE-3B93-48E9-9AAD-CB4D96796927} [2011.11.05 10:13:45 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{DEAE8809-E8C9-4B81-9159-D7B1464E3D18} [2011.11.05 10:06:23 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\ElevatedDiagnostics [2011.11.05 09:30:51 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Roaming\Malwarebytes [2011.11.05 09:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.11.05 09:30:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.11.05 09:30:43 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.11.05 09:30:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.11.05 08:31:39 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Roaming\AVG2012 [2011.11.05 08:31:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012 [2011.11.05 08:31:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search [2011.11.05 08:30:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search [2011.11.05 08:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files [2011.11.05 08:30:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG [2011.11.05 08:30:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012 [2011.11.05 08:30:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG [2011.11.05 08:30:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2011.11.05 08:29:46 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{7FBAA826-D1E0-428C-9645-53DBCB9965FC} [2011.11.05 08:29:25 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{7B3A1DB0-A194-45FB-9A04-12012BB280D1} [2011.11.05 08:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2011.11.05 08:23:54 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{4290D6FA-050C-4E6B-AE84-83CB94F2AF52} [2011.11.05 08:13:17 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{78E29807-5314-4480-82D2-3AD05229C5C0} [2011.11.05 08:12:56 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{52A9BB3B-CBF6-44C0-9D35-F5176037DBE9} [2011.11.05 07:40:54 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter [2011.11.05 07:40:53 | 000,000,000 | ---D | C] -- C:\sh4ldr [2011.11.05 07:40:53 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2011.11.05 07:39:27 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{A674C2E9-A8EE-452C-8D1B-C3DC530FAC35} [2011.11.05 07:27:32 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{012534D9-51D2-40AE-AF88-4C2BEF524D9F} [2011.11.05 07:27:21 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{DC6D0543-628F-4BD6-8461-713D8FD36DD0} [2011.11.05 07:26:31 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore [2011.11.05 07:24:14 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{AE4E555F-1F29-47F6-8741-D1B8C575D1A3} [2011.11.05 07:17:23 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Users\Tobia\taskmgr.exe [2011.11.05 00:41:07 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{20AEBADD-A081-4AA6-8067-8C78F940E3E1} [2011.11.05 00:40:42 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{E6E5F755-4114-47E3-9D44-DEDAB97A2CC2} [2011.11.03 12:39:36 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\SCE [2011.11.03 12:34:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2011.11.03 12:05:21 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{B4191C43-3E24-45A0-B73D-6CBE5367ECE4} [2011.11.03 12:05:07 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{B090C297-7210-42DB-A22F-3753BE6C9CD4} [2011.11.02 20:01:35 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Roaming\Foxit Software [2011.11.02 20:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 5.1 [2011.11.02 20:00:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software [2011.11.02 18:13:55 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll [2011.11.02 18:13:55 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll [2011.11.02 18:13:55 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll [2011.11.02 18:13:55 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll [2011.11.02 18:13:55 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll [2011.11.02 18:13:55 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll [2011.11.02 18:13:54 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll [2011.11.02 18:13:54 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll [2011.11.02 18:13:53 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll [2011.11.02 18:13:53 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll [2011.11.02 18:13:53 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll [2011.11.02 18:13:53 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll [2011.11.02 18:13:52 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll [2011.11.02 18:13:52 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll [2011.11.02 18:13:52 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll [2011.11.02 18:13:52 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll [2011.11.02 18:13:51 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll [2011.11.02 18:13:51 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll [2011.11.02 18:13:51 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll [2011.11.02 18:13:51 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll [2011.11.02 18:13:50 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll [2011.11.02 18:13:50 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll [2011.11.02 18:13:50 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll [2011.11.02 18:13:50 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll [2011.11.02 18:13:49 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll [2011.11.02 18:13:49 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll [2011.11.02 18:13:49 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll [2011.11.02 18:13:48 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll [2011.11.02 18:13:47 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll [2011.11.02 18:13:47 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll [2011.11.02 18:13:47 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll [2011.11.02 18:13:47 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll [2011.11.02 18:13:45 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll [2011.11.02 18:13:44 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll [2011.11.02 18:13:44 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll [2011.11.02 18:13:43 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll [2011.11.02 18:13:43 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll [2011.11.02 18:13:43 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll [2011.11.02 18:13:43 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll [2011.11.02 18:13:43 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll [2011.11.02 18:13:42 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll [2011.11.02 18:13:42 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll [2011.11.02 18:13:42 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll [2011.11.02 18:13:42 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll [2011.11.02 18:13:41 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll [2011.11.02 18:13:41 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll [2011.11.02 18:13:41 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll [2011.11.02 18:13:41 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll [2011.11.02 18:13:40 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll [2011.11.02 18:13:39 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll [2011.11.02 18:13:39 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll [2011.11.02 18:13:39 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll [2011.11.02 18:13:39 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll [2011.11.02 18:13:39 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll [2011.11.02 18:13:39 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll [2011.11.02 18:13:39 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll [2011.11.02 18:13:39 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll [2011.11.02 18:13:38 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll [2011.11.02 18:13:38 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll [2011.11.02 18:13:38 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll [2011.11.02 18:13:38 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll [2011.11.02 18:13:38 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll [2011.11.02 18:13:38 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll [2011.11.02 18:13:37 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll [2011.11.02 18:13:36 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll [2011.11.02 18:13:35 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll [2011.11.02 18:13:35 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll [2011.11.02 18:13:35 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll [2011.11.02 18:13:35 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll [2011.11.02 18:13:35 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll [2011.11.02 18:13:35 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll [2011.11.02 18:13:34 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll [2011.11.02 18:13:34 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll [2011.11.02 18:13:33 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll [2011.11.02 18:13:33 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll [2011.11.02 18:13:33 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll [2011.11.02 18:13:33 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll [2011.11.02 18:13:32 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll [2011.11.02 18:13:32 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll [2011.11.02 18:13:32 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll [2011.11.02 18:13:32 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll [2011.11.02 18:13:31 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll [2011.11.02 18:13:31 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll [2011.11.02 18:13:31 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll [2011.11.02 18:13:31 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll [2011.11.02 18:13:30 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll [2011.11.02 18:13:30 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll [2011.11.02 18:13:30 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll [2011.11.02 18:13:30 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll [2011.11.02 18:13:29 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll [2011.11.02 18:13:29 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll [2011.11.02 15:06:52 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{3C692930-0A4C-419C-BA7C-05D395FB2D0B} [2011.11.02 15:06:31 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{A4F4460C-C252-4897-9B02-C04EB3A24D07} [2011.11.01 15:12:48 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{F60E06F8-15A1-40D0-A32D-850913143E38} [2011.11.01 15:12:24 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{FF13DA99-4D3E-47B6-A036-3B59A136F318} [2011.10.31 15:10:14 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{751F5C10-1153-4865-AFA7-201843D46E79} [2011.10.31 15:09:53 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{E42D435C-11B2-4AAD-BF65-A3B6A57A58FD} [2011.10.30 12:53:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon [2011.10.30 12:12:01 | 000,000,000 | ---D | C] -- C:\Users\Tobia\Documents\Vindictus [2011.10.30 12:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon [2011.10.30 12:09:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BandiMPEG1 [2011.10.30 12:04:47 | 000,000,000 | ---D | C] -- C:\Nexon [2011.10.30 12:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS [2011.10.30 11:13:28 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Roaming\Origin [2011.10.30 11:13:22 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\Origin [2011.10.30 11:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2011.10.30 11:12:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games [2011.10.30 11:12:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2011.10.30 11:12:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin [2011.10.30 11:11:59 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{78952532-B03D-44BB-9FA4-043DFEC05FBC} [2011.10.30 11:11:46 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{D035265E-0175-4EFE-9D11-A7BE8C4FFA6B} [2011.10.30 10:37:37 | 3242,158,167 | ---- | C] (Nexon) -- C:\Users\Tobia\Desktop\VindictusSetupV140.exe [2011.10.30 10:35:44 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\PMB Files [2011.10.30 10:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2011.10.30 10:35:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2011.10.28 14:35:47 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{63BBCDAE-CF9C-4F26-9CDB-3C6478695886} [2011.10.28 14:35:37 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{42C0A10D-BFFD-42D9-A49E-A14F81B3BEFC} [2011.10.27 19:38:40 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Roaming\Tropico 3 [2011.10.27 19:16:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kalypso [2011.10.27 16:18:18 | 000,000,000 | ---D | C] -- C:\Users\Tobia\Documents\Electronic Arts [2011.10.27 16:12:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE [2011.10.27 15:41:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts [2011.10.27 15:32:16 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{BDE89A42-6522-4948-93AB-A856DEE5CDB6} [2011.10.27 15:31:54 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{51B0D853-042F-471B-84CE-B6B590A2EB6E} [2011.10.26 12:37:03 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\NCSoft [2011.10.26 12:28:08 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCsoft [2011.10.26 12:25:57 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\assembly [2011.10.26 12:25:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCsoft [2011.10.26 12:25:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCSoft [2011.10.26 12:23:57 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Roaming\GetRightToGo [2011.10.25 13:44:32 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{D6F7A1C3-615D-4083-B281-CB0650AC4CA0} [2011.10.25 13:44:21 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{DFA35FE1-C0C8-4760-AEC0-BED2DD1EADFD} [2011.10.24 20:20:31 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{C7548BCE-8F85-48D6-8293-B58E45F5A956} [2011.10.24 20:20:13 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{089393E8-ED57-4058-9BD6-B92B6CD92662} [2011.10.22 19:45:49 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{4C72E170-087D-48A3-903D-E0D17E970933} [2011.10.22 19:45:38 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{FFD6196C-895F-42A0-9C1B-97E62AD6FCD6} [2011.10.20 12:15:04 | 000,000,000 | ---D | C] -- C:\Users\Tobia\SyncUP [2011.10.20 08:10:30 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{3496E868-A4E3-40C1-8A15-E2A732D7419E} [2011.10.20 08:10:09 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{9A9ECE23-0F1C-433D-A777-37AA099CAE85} [2011.10.18 11:04:19 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center [2011.10.18 09:45:04 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{2FA9E1DF-10C6-4777-8BAC-D483B6255540} [2011.10.18 09:44:40 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{F789AE94-3C21-4E86-8DF2-FAEA93361496} [2011.10.17 19:13:05 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{9E4BA064-CC76-4D51-9013-F14C0ACF77A6} [2011.10.17 19:12:54 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{971E9732-7D85-4B08-834C-58D30503AB5F} [2011.10.16 17:12:51 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{8380F09D-3D10-453A-A804-B0E344F48F52} [2011.10.16 17:12:40 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{4FB4C20E-0BBD-47B9-A23F-11AAB90962FE} [2011.10.16 08:51:32 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{79F6F1CA-5018-4F63-89E9-C885CFAA230C} [2011.10.16 08:51:12 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{9D08A49D-F400-48F4-A4F8-E9714194166E} [2011.10.15 11:16:43 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Roaming\RIFT [2011.10.15 11:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RIFT [2011.10.15 11:16:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RIFT Game [2011.10.14 15:14:24 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{B2872D61-50AD-4B78-9B5A-AF8DD9A7C65F} [2011.10.14 15:14:13 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{9AA06A5F-1F7C-4062-901C-F71AE977DA6D} [2011.10.13 14:31:23 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{3407F787-8599-4164-BD4B-96DEA7839B02} [2011.10.13 14:31:07 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{63BF9B01-6050-4866-BF12-36E1941C7076} [2011.10.13 06:06:34 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{6A173407-BD29-4F72-98F5-A074E57AF509} [2011.10.13 06:06:23 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{3DA7D71B-B67F-486B-8AA0-FB3C499D33A5} [2011.10.13 02:01:31 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.10.13 02:01:31 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.10.13 02:01:30 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.10.13 02:01:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.10.13 02:01:29 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2011.10.13 02:01:29 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.10.13 02:01:29 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.10.13 02:01:29 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.10.13 02:01:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.10.12 19:37:10 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll [2011.10.12 19:37:09 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll [2011.10.12 19:37:09 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax [2011.10.12 19:37:09 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax [2011.10.12 19:36:50 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll [2011.10.12 19:36:49 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2011.10.12 12:32:23 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{2A19EDFD-9000-49AC-BAF3-6EA24621BF6B} [2011.10.12 12:32:00 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{D1EC1B9F-ECE8-45CA-91EA-CB3E2AA3B387} [2011.10.11 12:59:52 | 000,000,000 | ---D | C] -- C:\Users\Tobia\Mein Backup Datei [2011.10.11 12:43:45 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{489B44B5-33FF-463A-8396-C67F490834AF} [2011.10.11 12:43:20 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{25902334-4BD9-472E-8D58-A6E20730BF9D} [2011.10.11 00:43:50 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{E5FBBADE-B898-490C-9573-05FC25413830} [2011.10.11 00:43:29 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{B9AC70AB-105A-48C5-80EB-ED732A370E2E} [2011.10.10 18:10:36 | 000,000,000 | ---D | C] -- C:\Users\Tobia\Documents\Orcs Must Die [2011.10.10 12:43:29 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{B7D131B8-57F1-4AF3-92F1-870A43E2BC89} [2011.10.09 22:13:56 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{0F7C11D7-FF42-4A3E-ACD0-FD27F7AF35E2} [2011.10.09 22:13:23 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{11B5A492-79A2-43B4-9F38-B19F6280C106} [2011.10.09 10:13:55 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{EE3F22AE-AB4A-4E04-84DF-92B818D6DE3C} [2011.10.08 22:13:38 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{2F5008DF-DEAD-4EE0-B57D-FDA79E475A2A} [2011.10.08 22:13:24 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{7F3DB476-4BDE-42DE-9D78-DF5F7C39EC95} [2011.10.07 06:23:46 | 000,283,728 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys [2011.10.07 03:06:19 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\{2A13E745-3C6A-4CC6-8743-4967FD2B283D} [5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.11.05 18:15:09 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.05 18:15:09 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.05 18:07:22 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.11.05 18:07:12 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2011.11.05 18:07:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.05 18:07:05 | 523,071,487 | -HS- | M] () -- C:\hiberfil.sys [2011.11.05 18:01:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Tobia\Desktop\OTL.exe [2011.11.05 17:48:16 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.11.05 12:30:14 | 108,808,689 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2011.11.05 12:29:10 | 000,030,310 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2011.11.05 12:06:21 | 000,000,183 | ---- | M] () -- C:\Users\Public\Desktop\Vindictus EU.url [2011.11.05 11:26:15 | 000,000,235 | ---- | M] () -- C:\Windows\SysWow64\nxEuUninstall.bat [2011.11.05 11:26:12 | 000,446,464 | ---- | M] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe [2011.11.05 10:30:07 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011.11.05 09:30:46 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.05 08:54:57 | 000,684,297 | ---- | M] () -- C:\Users\Tobia\Desktop\unhide.exe [2011.11.05 08:31:21 | 000,000,218 | ---- | M] () -- C:\Windows\tasks\SidebarExecute.job [2011.11.05 08:31:17 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2011.11.05 08:30:50 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm [2011.11.05 08:30:50 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm [2011.11.05 07:53:59 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat [2011.11.05 07:40:54 | 000,002,216 | ---- | M] () -- C:\Users\Tobia\Desktop\SpyHunter.lnk [2011.11.05 07:39:53 | 000,000,304 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzP [2011.11.05 07:39:53 | 000,000,208 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr [2011.11.05 07:26:33 | 000,000,659 | ---- | M] () -- C:\Users\Tobia\Desktop\System Restore.lnk [2011.11.03 15:38:38 | 000,002,498 | ---- | M] () -- C:\Users\Tobia\Desktop\DC Universe Online Live.lnk [2011.11.03 12:03:27 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2011.11.02 20:06:37 | 000,011,307 | ---- | M] () -- C:\Users\Tobia\Desktop\vollmacht.odt [2011.11.02 20:06:12 | 000,499,943 | ---- | M] () -- C:\Users\Tobia\Desktop\anmeldungummeldung - Tobia.pdf [2011.11.02 20:00:36 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader 5.1.lnk [2011.11.02 16:23:04 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.11.02 16:23:04 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.11.02 16:23:04 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.11.02 16:23:04 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.11.02 16:23:04 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.10.31 15:49:52 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011.10.30 12:09:25 | 000,000,207 | ---- | M] () -- C:\Users\Public\Desktop\Vindictus.url [2011.10.30 12:03:08 | 3242,158,167 | ---- | M] (Nexon) -- C:\Users\Tobia\Desktop\VindictusSetupV140.exe [2011.10.30 11:13:02 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2011.10.30 11:09:12 | 513,290,740 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.10.29 21:33:20 | 000,270,408 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2011.10.29 21:33:20 | 000,270,408 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.10.27 16:12:18 | 000,002,086 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk [2011.10.27 12:20:30 | 001,485,280 | ---- | M] () -- C:\Users\Tobia\Documents\zjhj.wpe [2011.10.26 12:28:08 | 000,002,150 | ---- | M] () -- C:\Users\Tobia\Desktop\City of Heroes.lnk [2011.10.26 12:25:40 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\NCsoft Launcher.lnk [2011.10.25 20:05:20 | 000,941,485 | ---- | M] () -- C:\Users\Tobia\Bild 3.png [2011.10.25 20:05:16 | 000,853,156 | ---- | M] () -- C:\Users\Tobia\Bild 1.png [2011.10.25 20:05:09 | 000,727,018 | ---- | M] () -- C:\Users\Tobia\Bild 2.png [2011.10.25 20:05:08 | 000,594,188 | ---- | M] () -- C:\Users\Tobia\Bild 4.png [2011.10.25 10:24:50 | 001,801,232 | ---- | M] () -- C:\Users\Tobia\Documents\best ever.wpe [2011.10.16 08:50:51 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.10.15 11:18:15 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\Play RIFT.lnk [2011.10.14 16:36:11 | 000,023,350 | ---- | M] () -- C:\Users\Tobia\Desktop\Briefing.odt [2011.10.13 20:01:39 | 000,022,984 | ---- | M] () -- C:\Users\Tobia\Desktop\Briefing Figge.odt [2011.10.13 02:23:06 | 000,348,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.10.11 23:16:18 | 001,581,375 | ---- | M] () -- C:\Users\Tobia\Documents\hotness.wpe [2011.10.10 17:53:07 | 000,000,222 | ---- | M] () -- C:\Users\Tobia\Desktop\Orcs Must Die! Demo.url [2011.10.09 21:47:07 | 000,023,202 | ---- | M] () -- C:\Users\Tobia\Desktop\Briefing Dehnbostel.odt [2011.10.07 06:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys [2011.10.06 19:15:37 | 000,000,219 | ---- | M] () -- C:\Users\Tobia\Desktop\Portal 2.url [5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.11.05 12:30:14 | 108,808,689 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2011.11.05 12:29:10 | 000,030,310 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2011.11.05 12:06:21 | 000,000,183 | ---- | C] () -- C:\Users\Public\Desktop\Vindictus EU.url [2011.11.05 11:26:15 | 000,000,235 | ---- | C] () -- C:\Windows\SysWow64\nxEuUninstall.bat [2011.11.05 10:30:07 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011.11.05 09:30:46 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.05 08:54:54 | 000,684,297 | ---- | C] () -- C:\Users\Tobia\Desktop\unhide.exe [2011.11.05 08:31:21 | 000,000,218 | ---- | C] () -- C:\Windows\tasks\SidebarExecute.job [2011.11.05 08:31:17 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2011.11.05 08:30:50 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm [2011.11.05 08:30:50 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm [2011.11.05 07:53:59 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat [2011.11.05 07:40:54 | 000,002,216 | ---- | C] () -- C:\Users\Tobia\Desktop\SpyHunter.lnk [2011.11.05 07:27:12 | 000,000,304 | ---- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzP [2011.11.05 07:27:12 | 000,000,208 | ---- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr [2011.11.05 07:26:33 | 000,000,659 | ---- | C] () -- C:\Users\Tobia\Desktop\System Restore.lnk [2011.11.03 12:34:37 | 000,002,498 | ---- | C] () -- C:\Users\Tobia\Desktop\DC Universe Online Live.lnk [2011.11.03 12:34:37 | 000,002,430 | ---- | C] () -- C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC Universe Online Live.lnk [2011.11.02 20:06:35 | 000,011,307 | ---- | C] () -- C:\Users\Tobia\Desktop\vollmacht.odt [2011.11.02 20:06:12 | 000,499,943 | ---- | C] () -- C:\Users\Tobia\Desktop\anmeldungummeldung - Tobia.pdf [2011.11.02 20:00:36 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader 5.1.lnk [2011.10.30 12:09:25 | 000,000,207 | ---- | C] () -- C:\Users\Public\Desktop\Vindictus.url [2011.10.30 11:13:02 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2011.10.27 16:12:18 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk [2011.10.27 12:20:30 | 001,485,280 | ---- | C] () -- C:\Users\Tobia\Documents\zjhj.wpe [2011.10.26 12:28:08 | 000,002,150 | ---- | C] () -- C:\Users\Tobia\Desktop\City of Heroes.lnk [2011.10.26 12:25:40 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\NCsoft Launcher.lnk [2011.10.25 20:03:42 | 000,941,485 | ---- | C] () -- C:\Users\Tobia\Bild 3.png [2011.10.25 20:03:42 | 000,853,156 | ---- | C] () -- C:\Users\Tobia\Bild 1.png [2011.10.25 20:03:42 | 000,727,018 | ---- | C] () -- C:\Users\Tobia\Bild 2.png [2011.10.25 20:03:42 | 000,594,188 | ---- | C] () -- C:\Users\Tobia\Bild 4.png [2011.10.25 10:24:50 | 001,801,232 | ---- | C] () -- C:\Users\Tobia\Documents\best ever.wpe [2011.10.18 11:04:31 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2011.10.18 11:04:26 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2011.10.15 11:18:15 | 000,001,933 | ---- | C] () -- C:\Users\Public\Desktop\Play RIFT.lnk [2011.10.14 16:03:30 | 000,023,335 | ---- | C] () -- C:\Users\Tobia\Desktop\Briefing Blank.odt [2011.10.13 20:01:38 | 000,022,984 | ---- | C] () -- C:\Users\Tobia\Desktop\Briefing Figge.odt [2011.10.11 23:16:17 | 001,581,375 | ---- | C] () -- C:\Users\Tobia\Documents\hotness.wpe [2011.10.10 17:53:07 | 000,000,222 | ---- | C] () -- C:\Users\Tobia\Desktop\Orcs Must Die! Demo.url [2011.10.09 19:52:00 | 000,023,202 | ---- | C] () -- C:\Users\Tobia\Desktop\Briefing Dehnbostel.odt [2011.10.06 19:15:37 | 000,000,219 | ---- | C] () -- C:\Users\Tobia\Desktop\Portal 2.url [2011.09.02 21:38:56 | 000,270,408 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.09.02 21:38:46 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.08.29 19:35:58 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.08.29 12:14:23 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini [2011.08.29 12:14:23 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini [2011.08.29 12:14:23 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini [2011.08.29 12:14:17 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2011.08.29 12:14:17 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2011.08.29 10:54:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.05.31 07:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll [2011.05.31 07:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.02.11 11:22:50 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008.06.23 12:02:02 | 000,097,410 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2008.05.23 16:48:50 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml < End of report > EXTRAS.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 05.11.2011 18:15:20 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Tobia\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,98 Gb Total Physical Memory | 3,38 Gb Available Physical Memory | 56,50% Memory free
11,96 Gb Paging File | 8,36 Gb Available in Paging File | 69,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1383,98 Gb Total Space | 1119,30 Gb Free Space | 80,88% Space Free | Partition Type: NTFS
Drive D: | 6,09 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: GRANJA | User Name: Tobia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{0B7465E2-1A7E-4D21-8670-94D9C11449B8}" = AVG 2012
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{42B40185-E134-43FD-9381-69F92B317417}" = AVG 2012
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{6E3D4FFE-9614-4E58-9DE2-F9A036EAD491}" = ATI Catalyst Install Manager
"{83CB95E0-5518-AAC2-9B63-1FDBB4D51263}" = ATI AVIVO64 Codecs
"{89A07279-1DB3-485A-B1DF-584DF86774B9}" = SpyHunter
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{C99B5E76-3EA1-9943-F394-1E9F9EC8B28C}" = ccc-utility64
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"Dell Support Center" = Dell Support Center
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Pen Tablet Driver" = Bamboo
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B043A05-B07C-9307-8CC8-0C72BC8895E2}" = CCC Help Polish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{16D6AA4F-959B-306B-0747-CFBEFCC7A0DE}" = CCC Help Greek
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C1473A1-1A26-4C8F-9548-A52D03066CE7}" = Catalyst Control Center - Branding
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22076B10-37D9-7B32-AB5D-3F97D9E87E15}" = CCC Help Turkish
"{22813428-038B-8C98-5AF8-22B7EF1B6284}" = CCC Help Spanish
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{2BDCCC79-2352-1CD6-80D0-1E1948FEF262}" = CCC Help Italian
"{2D162142-12F7-4419-577C-7BB3204F799F}" = CCC Help Chinese Standard
"{2F4FB074-80B6-118F-42AD-27B6F275D884}" = CCC Help Chinese Traditional
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3255BC3F-32BA-41ED-93A0-B9AEB6CDD9E6}" = Dell MusicStage
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{374EBC77-5E23-0B63-0B65-136AEFF98C1D}" = CCC Help Danish
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{400F29A3-58E9-4848-5BE1-01919F891D44}" = CCC Help Swedish
"{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
"{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{56A0DD94-47D9-4AC8-B5A1-8A8CA77C4B89}" = Dell Stage
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFA3415-7B6A-EF20-225A-B1DC627BBAC5}" = CCC Help Korean
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{81C3E664-CA21-3C4B-312F-54DEB08EF1A5}" = Catalyst Control Center InstallProxy
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{8279F213-ECD0-4C36-A8EC-670FC16218E3}" = CCC Help Dutch
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9842650A-98C5-A238-AC65-189F80285EBD}" = CCC Help Czech
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F41678D-3934-EBBA-F85C-E1A97DB84407}" = CCC Help Thai
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.1) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADDD9902-3576-7071-1196-24E37F15BB52}" = Catalyst Control Center Localization All
"{AF4D3C63-009B-4A17-B02E-D395065DD3F0}" = Dell Stage Remote
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite
"{CA0006CC-FB7D-6358-BF24-3394D509AB9C}" = CCC Help Japanese
"{CA04E3AD-FFAC-0EE9-3605-E9665EC05BF7}" = CCC Help Finnish
"{CCAE8CA3-5C96-FBF2-BD0F-27D4644217D3}" = CCC Help Portuguese
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0C8AC08-1B2C-AD87-E4CE-9C0A2618807E}" = CCC Help English
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4F3A636-92E3-86C4-FA1E-19BC06CBB037}" = CCC Help German
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5F6575A-7567-9230-2BE0-615A46E5721B}" = CCC Help Russian
"{E9656E99-F59E-F377-DC5F-477047CA4FCF}" = CCC Help French
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16B7D69-784E-C12E-D42B-A1D69A38B752}" = CCC Help Hungarian
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB85D440-98E6-B361-1727-DFD81F366943}" = ccc-core-static
"{FC4AAC27-3775-E69E-6DBB-381425D79A94}" = CCC Help Norwegian
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Foxit Reader_is1" = Foxit Reader 5.1
"Giraffic" = Veoh Giraffic Video Accelerator
"Google Chrome" = Google Chrome
"InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"MSC" = McAfee SecurityCenter
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"Steam App 102610" = Orcs Must Die! Demo
"Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
"Steam App 200030" = Hard Reset - Demo
"Steam App 200570" = Blocks That Matter Demo
"Steam App 38750" = EDGE Demo
"Steam App 39000" = Moonbase Alpha
"Steam App 4000" = Garry's Mod
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steam App 47860" = RISK Factions Demo
"Steam App 50130" = Mafia II
"Steam App 550" = Left 4 Dead 2
"Steam App 55370" = Saints Row: The Third - Initiation Station
"Steam App 55410" = Warhammer 40,000: Space Marine Demo
"Steam App 56400" = Warhammer® 40,000®: Dawn of War® II – Retribution™
"Steam App 57750" = Tropico 4 - Demo
"Steam App 620" = Portal 2
"Steam App 63200" = Monday Night Combat
"Steam App 65900" = Sid Meier's Civilization V - Demo
"Steam App 98610" = Demolition, Inc. Demo
"Steam App 99870" = Bulletstorm Demo
"Tropico3" = Tropico 3 1.00
"Veoh Web Player Beta" = Veoh Web Player
"Vindictus" = Vindictus
"Vindictus EU" = Vindictus EU
"VLC media player" = VLC media player 1.1.11
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"ZinioReader4" = Zinio Reader 4
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"NCsoft-CityOfHeroes" = City of Heroes (US)
"SOE-DC Universe Online Live" = DC Universe Online Live
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22.10.2011 12:38:46 | Computer Name = Granja | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 22.10.2011 12:40:23 | Computer Name = Granja | Source = WinMgmt | ID = 10
Description =
Error - 22.10.2011 13:11:10 | Computer Name = Granja | Source = VMCService | ID = 0
Description = GetLoggedOnUser
Error - 22.10.2011 14:44:12 | Computer Name = Granja | Source = VMCService | ID = 0
Description = GetLoggedOnUser
Error - 22.10.2011 14:44:14 | Computer Name = Granja | Source = VMCService | ID = 0
Description = GetLoggedOnUser
Error - 24.10.2011 15:18:27 | Computer Name = Granja | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 24.10.2011 15:19:59 | Computer Name = Granja | Source = WinMgmt | ID = 10
Description =
Error - 24.10.2011 18:08:12 | Computer Name = Granja | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - 25.10.2011 08:42:57 | Computer Name = Granja | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 25.10.2011 08:44:28 | Computer Name = Granja | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 05.11.2011 05:10:11 | Computer Name = Granja | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 05.11.2011 05:10:11 | Computer Name = Granja | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 05.11.2011 05:10:11 | Computer Name = Granja | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 05.11.2011 05:10:11 | Computer Name = Granja | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 05.11.2011 05:10:11 | Computer Name = Granja | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 05.11.2011 05:10:11 | Computer Name = Granja | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 05.11.2011 05:10:11 | Computer Name = Granja | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 05.11.2011 13:07:11 | Computer Name = Granja | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?05.?11.?2011 um 18:05:43 unerwartet heruntergefahren.
Error - 05.11.2011 13:07:51 | Computer Name = Granja | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 05.11.2011 13:08:42 | Computer Name = Granja | Source = WMPNetworkSvc | ID = 866300
Description =
< End of report >
|
|
05.11.2011, 19:38
| #4 |
| /// Malware-holic | System Restore, Spyhunter 4 öffne Malwarebytes logdateien, poste alle logs.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.11.2011, 19:43
| #5 |
| | System Restore, Spyhunter 4 Mbam-Log Malwarebytes' Anti-Malware 1.51.2.1300 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 8089 Windows 6.1.7601 Service Pack 1 (Safe Mode) Internet Explorer 9.0.8112.16421 05.11.2011 10:08:00 mbam-log-2011-11-05 (10-08-00).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 417329 Laufzeit: 35 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 2 Infizierte Verzeichnisse: 1 Infizierte Dateien: 6 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AgVQVkFpNfmITWf.exe (Rogue.FakeAlert) -> Value: AgVQVkFpNfmITWf.exe -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully. Infizierte Dateien: c:\programdata\agvqvkfpnfmitwf.exe (Rogue.FakeAlert) -> Quarantined and deleted successfully. c:\programdata\1kalmig2kb7fzp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\Tobia\AppData\Local\Temp\0.059516283160690464.exe (Trojan.Inject.adb) -> Quarantined and deleted successfully. c:\Users\Tobia\AppData\Local\Temp\p5tm1qbi6dss92.exe.tmp (Rogue.FakeAlert) -> Quarantined and deleted successfully. c:\Users\Tobia\AppData\LocalLow\Sun\Java\deployment\cache\6.0\53\f9b2235-4fbf5917 (Trojan.Inject.adb) -> Quarantined and deleted successfully. c:\Users\Tobia\AppData\Local\Temp\wuauclt.exe (Trojan.Agent) -> Quarantined and deleted successfully. Protection-Log 10:12:57 Tobia MESSAGE Protection started successfully 10:13:00 Tobia MESSAGE IP Protection started successfully 10:18:40 Tobia IP-BLOCK 174.120.244.218 (Type: outgoing, Port: 49700, Process: firefox.exe) 10:27:16 Tobia IP-BLOCK 62.45.153.38 (Type: outgoing, Port: 52957, Process: skype.exe) 10:27:16 Tobia IP-BLOCK 62.45.153.38 (Type: outgoing, Port: 52957, Process: skype.exe) 10:33:55 Tobia IP-BLOCK 85.183.254.9 (Type: outgoing, Port: 50291, Process: msnmsgr.exe) 10:33:55 Tobia IP-BLOCK 85.183.254.9 (Type: outgoing, Port: 50292, Process: msnmsgr.exe) 10:42:11 Tobia IP-BLOCK 85.183.254.9 (Type: outgoing, Port: 50509, Process: wlsetup.exe) 10:49:16 Tobia IP-BLOCK 85.183.254.9 (Type: outgoing, Port: 50804, Process: msnmsgr.exe) 10:49:16 Tobia IP-BLOCK 85.183.254.9 (Type: outgoing, Port: 50805, Process: msnmsgr.exe) 11:01:44 Tobia IP-BLOCK 174.120.244.218 (Type: outgoing, Port: 51159, Process: firefox.exe) 12:05:47 Tobia IP-BLOCK 174.120.244.218 (Type: outgoing, Port: 53258, Process: firefox.exe) 12:05:47 Tobia IP-BLOCK 69.6.27.100 (Type: outgoing, Port: 53265, Process: firefox.exe) 18:09:49 Tobia MESSAGE Protection started successfully 18:09:52 Tobia MESSAGE IP Protection started successfully |
|
05.11.2011, 19:44
| #6 |
| /// Malware-holic | System Restore, Spyhunter 4 nutzt du das system für onlinebanking einkäufe oder sonst was wichtiges, wie zb berufliches?
__________________ --> System Restore, Spyhunter 4 |
|
05.11.2011, 19:46
| #7 |
| | System Restore, Spyhunter 4 Nicht wirklich, nur Schulkram und einige Zeichenaufträge, aber nichts Geldbezogenes, jedenfalls nicht zur Zeit. |
|
05.11.2011, 19:49
| #8 |
| /// Malware-holic | System Restore, Spyhunter 4 naja was heißt nicht zur zeit? du hast einige trojaner auf dem pc, darunter auch den spyeye, der es auf sensible daten abgesehen hatt. eine bereinigung kann man nicht garantieren, neu aufsetzen wäre der sicherste weg, vor allem, wenn du geplant hast in der zukunft über diesen pc zu shoppen. ob du neu aufsetzt is natürlich deine entscheidung, musst mir nur mitteilen wie wir verfahren. wenn du neu aufsetzt, zeige ich dir, wie man das system vernünftig absichert! du bekommst für alles ne anleitung.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.11.2011, 19:53
| #9 |
| | System Restore, Spyhunter 4 Bin kein wirklicher Freund von Onlinebanking/Shopping insofern würde ich auch weiterhin die Finger davon lassen. Beim Neuaufsetzen gäbe es wahrscheinlich keine Möglichkeit einige Dokumente zu sichern ohne sich sicher zu sein dass diese nicht schon korrupt sind, denke ich mal? |
|
05.11.2011, 20:00
| #10 |
| /// Malware-holic | System Restore, Spyhunter 4 doch, dokumente, bilder kannst du sichern. vorher aber autorun aus: Tipparchiv - Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten - WinTotal.de naja, onlinebanking ist eig sicher, das problem sind in 99 % eher die pcs der leute die onlinebanking machen, da diese häufig nicht richtig konfiguriert sind, fehlende updates etc.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.11.2011, 20:03
| #11 |
| | System Restore, Spyhunter 4 Ah! Okay, danke fürs Erklären. Dann, ja, ich denke dass das Neuaufsetzen die durchaus beste Lösung ist um meinen Rechner zu retten. |
|
05.11.2011, 20:05
| #12 |
| /// Malware-holic | System Restore, Spyhunter 4 jo. kannst du das mit dem formatieren selbst oder benötigst du dazu ne anleitung. falls nicht sende ich nur die zum absichern des pcs
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.11.2011, 20:07
| #13 |
| | System Restore, Spyhunter 4 Ah, wie gesagt, kenne mich Computern absolut garnicht aus, wäre also von Vorteil wenn ich da an die Hand genommen werde bevor ich noch mehr Mist baue. |
|
05.11.2011, 20:13
| #14 |
| /// Malware-holic | System Restore, Spyhunter 4 ok, hast du ne windows cd, recovery cd oder recovery partition, falls letzteres, hersteller und gerätebezeichnung posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.11.2011, 20:23
| #15 |
| | System Restore, Spyhunter 4 Hatte mir bei der Bestellung noch eine Recovery CD mitbestellt, habe also vorliegen: Eine CD: Operating System Windows 7 Home Premium SP1 64-BIT sowie eine CD: Drivers and Utilities (Sicherheitshalber noch die Gerätsbezeichnung: Dell XPS 8300) |
|
| Themen zu System Restore, Spyhunter 4 |
| abgesicherten, alten, andere, anderen, applaus, benötige, computer, computern, dringend, forum, gestartet, google, guten, installiert, laptop, modus, restore, schnelle, schnellen, system, system restore. spyhunter 4, trojaner, trojanern, trottel, verlasse, verlassen, viren, wahrscheinlich |
Linear-Darstellung
