|
Plagegeister aller Art und deren Bekämpfung: BKA/Ukash-Trojaner/Virus und seine FolgenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
25.12.2011, 03:55 | #1 |
| BKA/Ukash-Trojaner/Virus und seine Folgen Hallo, vor ca. zwei Stunden habe ich mir den lästigen BKA-Trojaner eingefangen. Mithilfe des Abgesicherten Modus und dem löschen einer kryptischen *.exe in meinem Benutzerfolder, könnte ich mein System wieder normal starten. Auch wenn jetzt alles wieder normal wirkt, heißt dies ja bekanntlich nicht das auch alles wieder in Normalzustand ist. Daher wollte ich mir gerne euren Rat anhören, welche weiteren Schritte ich durchführen muss um das Ärgernis zu 99,9% zu beseitigen und ihn und seinen Freunden daran zu hindern wieder auf mein System zu gelangen. OTL.txt war zu groß, deswegen habe ich die in das Archiv gepackt. Vielen Dank für eure Hilfe |
25.12.2011, 03:59 | #2 | |||
/// Helfer-Team | BKA/Ukash-Trojaner/Virus und seine Folgen Hallo und Herzlich Willkommen!
__________________Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! Ich habe zwei Vorschläge: : 1. Wenn du glaubst zu kennen die Zeitpunkt wo dein System noch einwandfrei funktioniert hat, die Systemwiederherstellung ist einen Versuch Wert!: - Gibt es einen "relativ einfachen Weg",wenn eine frische Infektion vorliegt, oder mal bestimmte Probleme bekommt man auch gelöst, was man sogleich ausprobieren sollte. Dies bietet Dir die Möglichkeit, Systemänderungen am Computer ohne Auswirkung auf persönliche Dateien, wie z. B. E-Mails, Dokumente oder Fotos, rückgängig zu machen. Zitat:
(Kannst noch immer bis zum heutigen Zeitpunkt rückgängig machen, falls liefert nicht das gewünschte Ergebnis) ► berichte mir auch, ob die SWH funktioniert hat, bzw ob Du das System auf einen früheren Wiederherstellungspunkt zurückstellen können? 2. Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
3. Systemscan mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
4. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool CCleaner herunter → Download installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
25.12.2011, 17:48 | #3 |
| BKA/Ukash-Trojaner/Virus und seine Folgen OTL.txt
__________________OTL Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 25.12.2011 14:34:52 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Andreas\Desktop 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 38,12% Memory free 7,99 Gb Paging File | 5,30 Gb Available in Paging File | 66,33% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 55,80 Gb Total Space | 3,00 Gb Free Space | 5,37% Space Free | Partition Type: NTFS Drive D: | 372,61 Gb Total Space | 26,79 Gb Free Space | 7,19% Space Free | Partition Type: NTFS Drive F: | 931,51 Gb Total Space | 753,60 Gb Free Space | 80,90% Space Free | Partition Type: NTFS Drive H: | 931,51 Gb Total Space | 637,24 Gb Free Space | 68,41% Space Free | Partition Type: NTFS Computer Name: ANDREAS-PC | User Name: Andreas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.25 03:25:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe PRC - [2011.12.23 03:42:24 | 003,621,040 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe PRC - [2011.12.23 03:42:14 | 002,779,824 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe PRC - [2011.12.08 22:21:05 | 000,419,624 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2011.12.05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2011.11.09 16:29:12 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011.10.30 15:11:27 | 000,490,448 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\program files (x86)\avira\antivir desktop\avscan.exe PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.10.11 13:59:36 | 000,306,128 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\program files (x86)\avira\antivir desktop\avcenter.exe PRC - [2011.08.31 17:00:48 | 001,047,208 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.08.03 10:17:40 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Spiele\Steam\Steam.exe PRC - [2011.02.22 20:52:54 | 000,086,016 | ---- | M] () -- C:\Programme\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe PRC - [2011.02.10 10:00:58 | 000,091,432 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe PRC - [2010.11.22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe PRC - [2010.11.11 13:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2010.11.11 13:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2010.11.11 13:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe PRC - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe PRC - [2010.11.01 17:09:12 | 000,802,816 | ---- | M] (Sphinx Software) -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe PRC - [2010.11.01 16:49:58 | 000,401,408 | ---- | M] (Sphinx Software) -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe PRC - [2010.01.19 03:31:26 | 000,072,304 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe PRC - [2009.12.21 08:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe PRC - [2007.09.25 09:10:50 | 002,007,088 | ---- | M] (FlashGet.com) -- C:\Program Files (x86)\FlashGet\flashget.exe ========== Modules (No Company Name) ========== MOD - [2011.12.13 16:57:48 | 000,071,680 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\gecko8\WINNT_x86-msvc\SSSLauncher.dll MOD - [2011.12.08 22:21:03 | 014,410,024 | ---- | M] () -- D:\Spiele\Steam\bin\libcef.dll MOD - [2011.12.08 22:21:01 | 000,194,344 | ---- | M] () -- D:\Spiele\Steam\bin\chromehtml.dll MOD - [2011.12.08 22:20:59 | 000,091,432 | ---- | M] () -- D:\Spiele\Steam\bin\avutil-50.dll MOD - [2011.12.08 22:20:57 | 000,155,432 | ---- | M] () -- D:\Spiele\Steam\bin\avformat-52.dll MOD - [2011.12.08 22:20:55 | 000,914,216 | ---- | M] () -- D:\Spiele\Steam\bin\avcodec-52.dll MOD - [2011.11.09 16:29:12 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011.10.11 13:59:51 | 000,398,288 | ---- | M] () -- C:\program files (x86)\avira\antivir desktop\sqlite3.dll MOD - [2011.03.01 14:08:25 | 006,053,536 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll MOD - [2007.06.15 07:35:38 | 000,626,688 | ---- | M] () -- C:\Program Files (x86)\FlashGet\FGBTCORE.dll MOD - [2007.06.14 11:52:06 | 001,327,184 | ---- | M] () -- C:\Program Files (x86)\FlashGet\FGEMCORE.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.05.03 13:12:03 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:64bit: - [2011.02.22 20:52:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe -- (mi-raysat_3dsmax2012_64) SRV:64bit: - [2010.09.29 02:51:08 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2008.07.29 12:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90) SRV - [2011.12.23 03:42:32 | 001,148,632 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe -- (ST2012_Svc) SRV - [2011.12.08 22:21:05 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.02.10 10:00:58 | 000,091,432 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe -- (FreeAgentGoFlex Service) SRV - [2010.11.22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2010.11.11 13:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2010.11.11 13:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2010.11.11 13:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService) SRV - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService) SRV - [2010.11.01 16:49:58 | 000,401,408 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService) SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.19 03:31:26 | 000,072,304 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.12.25 02:45:08 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2) DRV:64bit: - [2011.12.09 12:44:42 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2010.12.07 14:33:34 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.11.11 13:49:12 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2010.11.11 13:49:00 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2010.11.11 13:47:12 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd) DRV:64bit: - [2010.11.11 13:47:00 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2010.11.11 12:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2010.11.11 10:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2010.11.11 10:04:52 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb) DRV:64bit: - [2010.11.11 10:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2010.09.29 03:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.09.29 02:14:48 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.03.22 10:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.01.27 09:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2010.01.27 04:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2010.01.27 03:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf) DRV:64bit: - [2009.12.31 11:04:57 | 000,360,712 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2009.11.20 12:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2009.11.20 12:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.10.29 12:04:28 | 000,172,544 | ---- | M] (OMNIKEY) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cxbu0x64.sys -- (cxbu0x64) DRV:64bit: - [2009.09.23 02:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2009.09.23 02:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2009.09.23 02:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2009.09.16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle) DRV:64bit: - [2009.08.21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2007.01.24 16:24:12 | 000,046,616 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcblan.sys -- (RemoteControl-USBLAN) DRV - [2010.12.12 15:43:23 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64) DRV - [2010.12.12 15:43:07 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2010.08.19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.11.14 02:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60747 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 CA 13 AA 0F BF CC 01 [binary data] IE - HKCU\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.search.selectedEngine: "Google.de" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5 FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.5.3.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: H:\PROGRA~1\Visio\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: H:\PROGRA~1\Visio\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files (x86)\Crawler\Toolbar\firefox\ [2011.12.25 02:45:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.09 16:29:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.31 11:46:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.21 17:59:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.12.05 23:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions [2010.12.05 23:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.12.18 14:20:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions [2011.12.15 21:13:10 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2010.12.05 22:56:58 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.06.30 11:11:29 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\de-DE@dictionaries.addons.mozilla.org [2009.07.01 13:19:32 | 000,000,894 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8e7gwvkr.default\searchplugins\conduit.xml [2011.11.27 20:44:15 | 000,002,101 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8e7gwvkr.default\searchplugins\googlede.xml [2011.11.09 16:29:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions () (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI () (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI () (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{9D1F059C-CADA-4111-9696-41A62D64E3BA}.XPI () (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI () (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.11.09 16:29:12 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.10.03 19:04:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.03 19:04:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2007.07.26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml [2011.10.03 19:04:56 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.10.03 19:04:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.03 19:04:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.03 19:04:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll CHR - plugin: Webpage Screenshot Chrome Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\plugin/np.dll CHR - plugin: Screen Capture Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\plugin/npcapture.dll CHR - plugin: FireShot Chrome Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\legfpnnmhhnhjgekmmbkilmijnjoehne\0.92_0\plugin/npfireshot.dll CHR - plugin: FireShot Chrome Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\legfpnnmhhnhjgekmmbkilmijnjoehne\0.92_0\plugin/npfshtml.dll CHR - plugin: Harmony Firefox Plugin (Enabled) = C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll CHR - plugin: Google Update (Enabled) = C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.4.6.3_0\ CHR - Extension: Google-Suche = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Plugin helper for chrome = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\ CHR - Extension: Click to change the icon's color = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\legfpnnmhhnhjgekmmbkilmijnjoehne\0.92_0\ CHR - Extension: Google Mail = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File not found O2 - BHO: (&Crawler Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com) O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - H:\Programme\Visio\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com) O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com) O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Program Files (x86)\FireShot for IE\FSAddin-0.92.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O4 - HKLM..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Flashget] C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows7FirewallControl] C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software) O4 - HKCU..\Run: [Update] C:\Users\Andreas\AppData\Roaming\0.9445476154460077.exe File not found O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm () O8:64bit: - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm () O8:64bit: - Extra context menu item: Crawler Search - tbr:iemenu File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm () O8 - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm () O8 - Extra context menu item: Crawler Search - tbr:iemenu File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com) O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE1D4120-E5ED-479C-AE53-79338240EB6A}: DhcpNameServer = 7.254.254.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB7DE6DF-2830-42C0-A30E-F3928516262A}: NameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\tbr - No CLSID value found O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.10.06 17:32:15 | 000,000,000 | ---D | M] - H:\Autodesk -- [ NTFS ] O33 - MountPoints2\{50945162-941b-11e0-a18b-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{50945162-941b-11e0-a18b-005056c00008}\Shell\AutoRun\command - "" = G:\iStudio.exe O33 - MountPoints2\{7aa50e66-5319-11e0-ad73-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{7aa50e66-5319-11e0-ad73-005056c00008}\Shell\AutoRun\command - "" = F:\setup.exe -a O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell - "" = AutoRun O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell\AutoRun\command - "" = E:\SETUP.EXE O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell\configure\command - "" = E:\SETUP.EXE O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell\install\command - "" = E:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.25 12:16:31 | 003,562,624 | ---- | C] (Piriform Ltd) -- C:\Users\Andreas\Desktop\ccsetup314.exe [2011.12.25 12:01:08 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.12.25 12:00:57 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Malwarebytes [2011.12.25 12:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.25 12:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.25 12:00:49 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.12.25 12:00:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.12.25 11:59:37 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Andreas\Desktop\mbam-setup-1.51.2.1300.exe [2011.12.25 03:25:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe [2011.12.25 02:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar [2011.12.25 02:45:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Crawler [2011.12.25 02:45:08 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2011.12.25 02:45:05 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Spyware Terminator [2011.12.25 02:45:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator [2011.12.25 02:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012 [2011.12.25 02:44:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator [2011.12.25 02:42:23 | 000,799,832 | ---- | C] (Crawler.com ) -- C:\Users\Andreas\Desktop\Spyware30050TerminatorSetup.exe [2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Adobe [2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Adobe [2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2011.12.22 18:55:19 | 000,750,440 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPM5312.dll [2011.12.22 18:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2011.12.22 18:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2011.12.22 18:55:14 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2011.12.22 18:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP [2011.12.22 18:54:19 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\HP [2011.12.18 18:41:39 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Documents\Nexus Mod Manager [2011.12.18 18:41:39 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Black_Tree_Gaming [2011.12.18 18:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager [2011.12.18 18:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\Nexus Mod Manager [2011.12.16 13:58:24 | 000,000,000 | R--D | C] -- C:\Users\Andreas\Dropbox [2011.12.16 13:57:30 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2011.12.16 13:56:46 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Dropbox [2011.12.15 00:41:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2011.12.15 00:41:18 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.12.15 00:41:18 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011.12.15 00:41:18 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.12.15 00:41:18 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011.12.15 00:41:18 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.12.15 00:41:18 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.12.15 00:41:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.12.15 00:41:18 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.12.15 00:41:18 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.12.15 00:41:18 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.12.15 00:41:18 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.12.15 00:41:18 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011.12.15 00:41:18 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.12.15 00:41:18 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011.12.15 00:41:18 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2011.12.15 00:41:04 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2011.12.15 00:41:04 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2011.12.09 13:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard [2011.12.09 13:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard [2011.12.09 13:37:42 | 000,210,432 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmml118.dll [2011.12.09 13:37:42 | 000,193,592 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hppdcompio.dll [2011.12.09 13:37:42 | 000,182,784 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmpm081.dll [2011.12.09 13:37:42 | 000,167,480 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysWow64\hppccompio.dll [2011.12.09 13:37:42 | 000,157,696 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmja118.dll [2011.12.09 13:37:42 | 000,155,648 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmtp118.dll [2011.12.09 13:37:42 | 000,067,584 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmpw081.dll [2011.12.09 13:37:39 | 000,511,488 | ---- | C] (HP) -- C:\Windows\SysWow64\hpcdmc32.dll [2011.12.09 13:37:39 | 000,311,808 | ---- | C] (Hewlett-Packard Corporation) -- C:\Windows\SysNative\hpcpn118.dll [2011.12.09 13:36:29 | 000,000,000 | ---D | C] -- C:\HP Universal Print Driver [2011.12.05 14:00:41 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallJammer Registry [2011.12.05 14:00:36 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Application Data [2011.12.05 14:00:31 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GmoteServer [2011.12.05 14:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GmoteServer [2011.12.05 14:00:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GmoteServer [2011.12.05 13:39:42 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Desktop\vp71 [2011.12.05 13:33:52 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\vlc [2011.12.05 13:33:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.12.05 13:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2011.12.04 00:41:53 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Skyrim [4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.25 14:11:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2744733067-2877928380-3086995166-1000UA.job [2011.12.25 12:16:34 | 003,562,624 | ---- | M] (Piriform Ltd) -- C:\Users\Andreas\Desktop\ccsetup314.exe [2011.12.25 12:01:08 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.12.25 12:00:52 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.25 11:59:37 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Andreas\Desktop\mbam-setup-1.51.2.1300.exe [2011.12.25 11:58:30 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.25 11:58:30 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.25 11:56:37 | 001,771,670 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.25 11:56:37 | 000,759,010 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.25 11:56:37 | 000,702,730 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.25 11:56:37 | 000,174,268 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.25 11:56:37 | 000,141,122 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.25 11:51:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.25 11:51:16 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys [2011.12.25 04:09:56 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat [2011.12.25 03:49:23 | 000,034,731 | ---- | M] () -- C:\Users\Andreas\Desktop\OTL.zip [2011.12.25 03:48:15 | 000,013,856 | ---- | M] () -- C:\Users\Andreas\Desktop\Extras.zip [2011.12.25 03:25:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe [2011.12.25 03:21:40 | 000,000,020 | ---- | M] () -- C:\Users\Andreas\defogger_reenable [2011.12.25 03:21:05 | 000,050,477 | ---- | M] () -- C:\Users\Andreas\Desktop\Defogger.exe [2011.12.25 02:45:08 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2011.12.25 02:45:04 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk [2011.12.25 02:42:25 | 000,799,832 | ---- | M] (Crawler.com ) -- C:\Users\Andreas\Desktop\Spyware30050TerminatorSetup.exe [2011.12.22 21:49:02 | 000,468,444 | ---- | M] () -- C:\Users\Andreas\Desktop\Unbenannt-1.psd [2011.12.22 18:55:18 | 000,002,224 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk [2011.12.22 18:55:18 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk [2011.12.22 18:55:18 | 000,001,224 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk [2011.12.22 18:55:18 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk [2011.12.21 17:11:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2744733067-2877928380-3086995166-1000Core.job [2011.12.18 18:48:44 | 000,001,478 | ---- | M] () -- C:\Users\Andreas\Desktop\Skyrim.lnk [2011.12.16 13:58:24 | 000,001,043 | ---- | M] () -- C:\Users\Andreas\Desktop\Dropbox.lnk [2011.12.16 13:57:34 | 000,001,023 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.12.15 10:53:45 | 000,323,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.12.14 11:22:09 | 000,002,010 | -H-- | M] () -- C:\Users\Andreas\Documents\Default.rdp [2011.12.13 15:32:53 | 001,440,354 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-13_153242.tif [2011.12.13 15:28:14 | 000,175,439 | ---- | M] () -- C:\Users\Andreas\AppData\Local\debuggee.mdmp [2011.12.09 16:38:14 | 000,265,294 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-09_163808.jpg [2011.12.09 13:37:55 | 000,000,000 | ---- | M] () -- C:\Windows\HPMProp.INI [2011.12.09 12:44:42 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.12.05 13:39:22 | 001,101,819 | ---- | M] () -- C:\Users\Andreas\Desktop\vp71.zip [2011.12.05 13:33:31 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.25 12:00:52 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.25 03:49:23 | 000,034,731 | ---- | C] () -- C:\Users\Andreas\Desktop\OTL.zip [2011.12.25 03:48:15 | 000,013,856 | ---- | C] () -- C:\Users\Andreas\Desktop\Extras.zip [2011.12.25 03:21:40 | 000,000,020 | ---- | C] () -- C:\Users\Andreas\defogger_reenable [2011.12.25 03:21:04 | 000,050,477 | ---- | C] () -- C:\Users\Andreas\Desktop\Defogger.exe [2011.12.25 02:45:04 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk [2011.12.22 21:49:02 | 000,468,444 | ---- | C] () -- C:\Users\Andreas\Desktop\Unbenannt-1.psd [2011.12.22 18:55:22 | 000,000,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk [2011.12.22 18:55:18 | 000,002,224 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk [2011.12.22 18:55:18 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk [2011.12.22 18:55:18 | 000,001,224 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk [2011.12.22 18:55:18 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk [2011.12.18 18:48:50 | 000,001,478 | ---- | C] () -- C:\Users\Andreas\Desktop\Skyrim.lnk [2011.12.16 13:58:24 | 000,001,043 | ---- | C] () -- C:\Users\Andreas\Desktop\Dropbox.lnk [2011.12.16 13:57:34 | 000,001,023 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.12.13 15:32:53 | 001,440,354 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-13_153242.tif [2011.12.09 16:38:14 | 000,265,294 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-09_163808.jpg [2011.12.09 13:37:55 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI [2011.12.09 13:37:39 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\hpcc3118.dll [2011.12.05 13:39:19 | 001,101,819 | ---- | C] () -- C:\Users\Andreas\Desktop\vp71.zip [2011.12.05 13:33:31 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.11.04 01:03:36 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe [2011.11.01 15:10:20 | 000,175,439 | ---- | C] () -- C:\Users\Andreas\AppData\Local\debuggee.mdmp [2011.10.08 14:28:17 | 001,995,776 | ---- | C] () -- C:\Windows\SysWow64\cxcore200.dll [2011.10.08 14:28:17 | 001,623,040 | ---- | C] () -- C:\Windows\SysWow64\cv200.dll [2011.10.08 14:28:16 | 001,174,467 | ---- | C] () -- C:\Windows\unins000.exe [2011.10.08 14:28:16 | 000,010,123 | ---- | C] () -- C:\Windows\unins000.dat [2011.10.07 14:31:05 | 000,000,316 | ---- | C] () -- C:\Windows\ODBC.INI [2011.07.10 14:41:28 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI [2011.05.24 22:06:22 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011.05.08 16:50:42 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll [2011.05.08 16:50:13 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.12.29 23:37:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat [2010.12.22 19:07:26 | 000,000,551 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\AutoGK.ini [2010.12.15 13:18:38 | 000,010,752 | ---- | C] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.13 16:29:32 | 000,000,600 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\winscp.rnd [2010.12.10 17:07:57 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2010.12.10 14:11:50 | 001,752,372 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.12.08 14:12:55 | 000,002,063 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat [2010.12.08 14:11:47 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI [2010.12.05 23:05:05 | 000,007,605 | ---- | C] () -- C:\Users\Andreas\AppData\Local\resmon.resmoncfg [2010.12.05 21:31:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.12.05 21:30:09 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.12.05 20:56:15 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2010.12.05 20:53:29 | 000,072,304 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe [2010.12.05 20:49:53 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2010.01.27 03:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2009.08.27 08:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.01.25 22:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009.01.09 00:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2002.10.15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2002.09.17 23:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe ========== LOP Check ========== [2011.01.05 17:01:49 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\.minecraft [2011.12.22 18:47:09 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ALFBanCo4 [2011.05.03 12:27:23 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Autodesk [2010.12.09 21:55:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\BITS [2011.09.04 21:30:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Braid [2011.08.11 15:41:21 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Brawsome [2011.01.10 18:03:20 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Broken Rules [2010.12.08 16:51:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Canneverbe Limited [2010.12.13 00:46:56 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Cherry [2010.12.08 11:10:02 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DAEMON Tools Lite [2011.01.10 22:23:00 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DocClockGame [2011.12.25 11:55:08 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Dropbox [2011.08.13 19:16:42 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DVDVideoSoft [2011.08.13 12:35:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers [2011.08.10 20:00:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FireShot [2010.12.10 13:43:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FlashGet [2010.12.08 14:11:41 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FlashGetBHO [2011.11.12 13:29:30 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\fotw [2010.12.12 04:23:52 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Foxit Software [2011.07.10 14:45:43 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Fujitsu [2011.03.06 18:42:08 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\gtk-2.0 [2010.12.22 15:18:46 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\HandBrake [2011.11.05 12:40:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Heinz Nixdorf Institut [2011.03.07 15:03:55 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\JavaEditor [2011.08.21 22:43:59 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\LucasArts [2011.11.13 22:47:26 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Nicalis [2011.02.27 21:18:55 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Nokia [2011.01.07 14:12:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\OpenOffice.org [2011.07.10 14:47:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PFU [2010.12.13 22:49:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PMS [2011.02.24 16:45:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Processing [2010.12.05 21:41:45 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\QIP [2011.12.25 02:45:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Spyware Terminator [2011.10.07 14:53:59 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Subversion [2011.08.11 00:03:46 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\System [2010.12.17 15:35:28 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Systweak [2010.12.05 23:34:20 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Thunderbird [2011.11.20 18:55:00 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TS3Client [2011.02.13 19:25:39 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Tunngle [2011.11.04 01:03:50 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\VDownloader [2011.11.14 00:08:17 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Wargaming.net [2011.08.11 00:10:53 | 000,000,000 | -HSD | M] -- C:\Users\Andreas\AppData\Roaming\wyUpdate AU [2011.12.03 11:46:51 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > --- --- --- [/Code] Extra.txt OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 25.12.2011 14:34:52 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Andreas\Desktop 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 38,12% Memory free 7,99 Gb Paging File | 5,30 Gb Available in Paging File | 66,33% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 55,80 Gb Total Space | 3,00 Gb Free Space | 5,37% Space Free | Partition Type: NTFS Drive D: | 372,61 Gb Total Space | 26,79 Gb Free Space | 7,19% Space Free | Partition Type: NTFS Drive F: | 931,51 Gb Total Space | 753,60 Gb Free Space | 80,90% Space Free | Partition Type: NTFS Drive H: | 931,51 Gb Total Space | 637,24 Gb Free Space | 68,41% Space Free | Partition Type: NTFS Computer Name: ANDREAS-PC | User Name: Andreas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () "C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool "{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de "{197B3774-B7E6-4D50-AD0D-7F99B1E264D2}" = Microsoft SQL Server System CLR Types (x64) "{1D5F34D0-6329-4D92-B81A-E24E9028910C}" = Crystal Reports Basic Runtime German Language Pack for Visual Studio 2008 (x64) "{1DD03A94-C815-46EF-A43A-B36694002A7C}" = TortoiseSVN 1.6.16.21511 (64 bit) "{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer "{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit) "{29421E62-F88F-45F1-8686-8EAE6748AE59}" = Turbo Squid Tentacles 3ds Max 2009 64-bit "{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64) "{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU "{391ED0B2-B886-A6D0-B1A6-C25A7FE5B452}" = ATI AVIVO64 Codecs "{47BA3A3A-6B4E-307F-A43B-724079FE90C6}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU "{5D068141-189F-39E2-A052-E40D4B561256}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{60A95961-E9F4-17C6-2A91-578C34ED9A0C}" = ATI Catalyst Install Manager "{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Tools "{64A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24 (64-bit) "{6DF41AAD-B5F7-84BE-37F5-4C93184F5FBE}" = ccc-utility64 "{723C8298-C7B0-0407-A1B6-C3BA6F3FFAB1}" = Autodesk 3ds Max 2012 64-bit - German "{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de "{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7ECA1AEA-2B61-3DE6-8276-6A9A2693F111}" = Microsoft Device Emulator (64 Bit) Version 3.0 - DEU "{83ED5086-5D6B-698F-5CD4-2F631DA8FD69}" = AMD Drag and Drop Transcoding "{8583E7E3-2237-4981-B957-E28E5E9AB678}" = Microsoft SQL Server 2008 R2 Management Objects (x64) "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU "{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools "{AC888A60-9557-3B74-B52B-F353D01BD544}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - deu "{ACD875CC-A146-3125-8F99-D3766F46FD86}" = Visual Studio .NET Prerequisites - English "{B49673F8-7AB6-4A14-8213-C8A7BE370010}" = UltraMon "{BC741628-0AFC-405C-8946-DD46D1005A0A}" = 64 Bit HP CIO Components Installer "{C31A4909-9C18-3121-AAD4-EAD92013B6E5}" = Microsoft Visual Studio 2008 Remote Debugger - DEU "{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU "{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2 "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{E0FE1E14-3A7A-4DB0-9FFA-0DD945AE84DB}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät "{EA234BC3-39FE-4734-B72F-076086889F6D}" = Composite 2012 64-bit "{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager "Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit "Autodesk 3ds Max 2012 64-bit - German" = Autodesk 3ds Max 2012 64-bit - German "Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit" = Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit "GPL Ghostscript 9.02" = GPL Ghostscript "GSview 4.9" = GSview 4.9 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU "Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU "Microsoft Visual Studio 2008 Remote Debugger - DEU" = Microsoft Visual Studio 2008 Remote Debugger - DEU "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd "{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{07BFA98D-6DB0-6D9C-95D5-7EF347AF587B}" = HydraVision "{08DA8E46-ED67-451A-9246-50E0FF6959C9}" = Microsoft Sync Framework SDK v1.0 SP1 de "{0DF3AE91-E533-3960-8516-B23737F8B7A2}" = Visual C++ 2008 x64 Runtime - (v9.0.30729) "{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01" = Visual C++ 2008 x64 Runtime - v9.0.30729.01 "{105E14C1-C2C6-486F-81B0-3217DFDA1086}" = QAliber VS 2008 Plugin "{11477E2B-84F7-4ED6-AA41-BFEEE3925A02}" = NVIDIA Developer Tools Software Activation "{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011 "{14469957-C777-49D6-B937-69F31F756A66}" = ScanSnap "{18E1FD72-60FA-3E10-A66B-640970B5559F}" = Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU "{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware "{1C3ADB5F-750E-4453-AC98-B75C5323845C}" = Microsoft SQL Server Compact 3.5 for Devices DEU "{1D33BBA9-75E5-7B82-9776-277DEA2C4BA2}" = Catalyst Control Center Graphics Previews Vista "{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.7 "{20D197D0-8E7B-42A5-B58E-8E510350F352}" = QAliber Test Builder "{2198B991-FCB1-F74E-26C9-5F7127B9DB0F}" = ccc-core-static "{22E23C71-C27A-3F30-8849-BB6129E50679}" = Visual C++ 2008 IA64 Runtime - (v9.0.30729) "{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01" = Visual C++ 2008 IA64 Runtime - v9.0.30729.01 "{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20 "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24 "{2FB04107-7BC2-449C-915A-530B29B5E0FE}" = UE3Redist "{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU "{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24 "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime "{3924C3E7-C440-4B23-9740-9A9EC0545F21}" = Crystal Reports Basic German Language Pack for Visual Studio 2008 "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer "{3A880920-8CCB-4847-A1BD-A97644FD18B3}_is1" = QAliber Test Suite 1.0 "{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2012.0.0 "{3F0BBF8C-9BAF-5F16-A2BF-B513D528F1B9}" = Catalyst Control Center Graphics Previews Common "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{3F8D9A47-9C50-3F46-8F12-B92DD5CA0A2E}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.6161) "{3F8D9A47-9C50-3F46-8F12-B92DD5CA0A2E}.vc_x86runtime_30729_6161" = Visual C++ 2008 x86 Runtime - v9.0.30729.6161 "{445174EA-3D3A-308E-84AD-446127E71441}" = Microsoft Visual Studio 2008 Professional Edition - DEU "{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm "{45410935-B52C-468A-A836-0D1000038201}" = BulletStorm "{45410935-B52C-468A-A836-0D1000058201}" = BulletStorm "{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}" = Microsoft Document Explorer 2008 Language Pack - DEU "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI "{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012 "{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7 "{5DB161C0-7C9C-41D7-8DA1-CB112F60946B}" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack "{5FFEC1CA-DD48-43C4-8BA1-01A82B2C8837}" = QIP 2010 4444 Jeak-Edition "{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2 "{60E2C8C9-6CF3-4B1A-9618-E304946C94E6}" = Python 2.4.4 "{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software "{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012 "{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1" = Java-Editor 9.19b, 2010.01.31 "{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008 "{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU "{6B6383FE-C0CE-479A-BDDF-BD34579B676A}" = NVIDIA FX Composer 2.5 "{6D1496ED-3150-FCD5-CA3B-4C08B89D00D0}" = Catalyst Control Center Localization All "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{721B5CF0-D220-4955-BB6F-EBCFB1096DE7}" = Windows Mobile 5.0 SDK R2 for Pocket PC "{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime "{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5 "{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch) "{7B33F480-496D-334A-BAC2-205DEC0CBC2D}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.4148) "{7B33F480-496D-334A-BAC2-205DEC0CBC2D}.vc_x86runtime_30729_4148" = Visual C++ 2008 x86 Runtime - v9.0.30729.4148 "{7C3228AC-BDE5-448E-8C01-E39BB0782DE8}" = Motorola Software Update "{803910CC-3A39-45E3-A594-0D5512A60A86}" = Microsoft Silverlight 4 SDK - Deutsch "{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7 "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver "{84F3557A-A7F2-47D7-9242-5DC623261213}" = ScanSnap Organizer "{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Hilfe "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012 "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007 "{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0021-0407-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (German) 2007 "{90120000-0021-0407-0000-0000000FF1CE}_VisualWebDeveloper_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.VISIOR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.VISIOR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.VISIOR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010 "{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.VISIOR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010 "{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1) "{91DDF870-EE18-44D8-9D93-F4C122B80908}" = Seagate Drive Settings Installer "{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch "{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service "{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{990DB057-BB98-4FD8-8442-ACFCB0DB5CAF}" = GLEE "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework "{A0855EE1-F653-3A5A-C7AF-D6CC3BF7A506}" = Catalyst Control Center InstallProxy "{A0D2B948-BB85-589F-D283-2145A54BB11B}" = CCC Help English "{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects "{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation "{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.6.943 "{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008 "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch "{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k "{B1060346-9388-4C5B-AA52-176C39819E43}" = Microsoft .NET Compact Framework 2.0 SP2 "{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS "{B4552068-73FD-406A-816B-2196F4DFCF75}" = NVIDIA FX Composer 2.5 Shader Debugger plugin "{B5751715-EC10-43D9-8C95-62E1368433EF}" = Autodesk Material Library Medium Resolution Image Library 2012 "{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.48 (April 23, 2011) Version v2011.build.48 "{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition "{C08DB64D-E569-41A8-8405-5B6F53FCA7C2}" = Microsoft Visual Studio 2008 SDK 1.1 "{C10AD9B6-5039-473C-9C0A-E2A7D50C159C}" = OMEGA Process Modeller "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR "{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux "{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1 "{DA7F48EF-5F56-45FE-9169-3B8159A7A323}" = Windows Mobile 5.0 SDK R2 for Smartphone "{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}" = ScanSnap Manager "{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding "{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU "{E58F3B88-3B3E-4F85-9323-04789D979C15}" = ScanSnap Organizer "{E64B588A-56D5-4061-A9E1-1C388C34B763}" = QAliber Agent "{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012 "{ED56EF4F-35FF-48D4-B616-A66E791EF1B6}" = Die Siedler 2 - Die nächste Generation "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F7B32144-0618-495B-8BA3-8A5B8037F72F}" = mental mill (R) Artist Edition "{F7DAC756-8358-484B-928C-457F4E0E4B82}" = Cherry Smart Device Package V1.10 Build 4 "{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows "1489-3350-5074-6281" = JDownloader 0.9 "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "Alf-BanCo4_is1" = ALF-BanCo 4 "Avira AntiVir Desktop" = Avira Free Antivirus "AviSynth" = AviSynth 2.5 "Cg Toolkit_is1" = NVIDIA Cg Toolkit 3.0 February 2011 "CMake" = CMake 2.8, a cross-platform, open-source build system "CToolbar_UNINSTALL" = Web Security Guard with Crawler Toolbar "DDA23392-9C73-4909-A221-BC12C6D2664D" = GmoteServer "DiskSpeed32" = DiskSpeed32 "ENTERPRISE" = Microsoft Office Enterprise 2007 "FastStone Capture" = FastStone Capture 5.3 "ffdshow_is1" = ffdshow [rev 2527] [2008-12-19] "FlashGet" = FlashGet 1.9.6.1073 "Foxit Reader" = Foxit Reader "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.7.804 "GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm "ggobi" = GGobi Interactive Graphics Platform "Gtk+ Runtime Environment" = Gtk+ Runtime Environment 2.12.9-2 "Handbrake" = Handbrake 0.9.4 "InstallShield_{2FB04107-7BC2-449C-915A-530B29B5E0FE}" = UE3Redist "InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1 "InstallShield_{91DDF870-EE18-44D8-9D93-F4C122B80908}" = Seagate Drive Settings Installer "InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "JDownloader" = JDownloader "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300 "Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010) "Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008 "Microsoft Document Explorer 2008 Language Pack - DEU" = Microsoft Document Explorer 2008 Language Pack - DEU "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime "Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack "Microsoft Visual Studio 2008 Professional Edition - DEU" = Microsoft Visual Studio 2008 Professional Edition - DEU "Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de) "Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0) "Office14.VISIOR" = Microsoft Visio Professional 2010 "OpenAL" = OpenAL "RevengeOfTheTitansHIB" = Revenge of the Titans HIB (remove only) "Shader Designer_is1" = Shader Designer 1.5.9.4 "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "StarCraft II" = StarCraft II "Steam App 10" = Counter-Strike "Steam App 102600" = Orcs Must Die! "Steam App 10680" = Aliens vs. Predator "Steam App 12500" = Puzzle Quest "Steam App 22000" = World of Goo "Steam App 22180" = Penumbra: Overture "Steam App 34010" = Alpha Protocol "Steam App 37420" = Ben There, Dan That! "Steam App 400" = Portal "Steam App 41210" = Eufloria "Steam App 4540" = Titan Quest "Steam App 4550" = Titan Quest: Immortal Throne "Steam App 6200" = Ghost Master "Steam App 630" = Alien Swarm "Steam App 72200" = Universe Sandbox "Steam App 72850" = The Elder Scrolls V: Skyrim "Steam App 80200" = Fate of the World "Steam App 8930" = Sid Meier's Civilization V "Steam App 99700" = NightSky "TeamSpeak 3 Client" = TeamSpeak 3 Client "Tunatic" = Tunatic "Tunngle beta_is1" = Tunngle beta "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime "Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU" = Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU "VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component "VLC media player" = VLC media player 1.1.11 "VMware_Workstation" = VMware Workstation "VobSub" = VobSub v2.23 (Remove Only) "Winamp" = Winamp "Windows7FirewallControl_is1" = Windows7FirewallControl (i386) 4.0.144.38 "WinPcapInst" = WinPcap 4.1.1 "XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Advanced Archive Password Recovery" = Advanced Archive Password Recovery "Dropbox" = Dropbox "FXAA Post Process Injector" = FXAA Post Process Injector "Google Chrome" = Google Chrome "ShadowMapping" = ShadowMapping ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > [/Code] |
25.12.2011, 17:51 | #4 |
| BKA/Ukash-Trojaner/Virus und seine Folgen protection log Code:
ATTFilter 12:01:18 Andreas MESSAGE Protection started successfully 12:01:22 Andreas MESSAGE IP Protection started successfully 12:02:17 Andreas ERROR Scheduled update failed: I/O error failed with error code 2 12:15:30 Andreas IP-BLOCK 58.241.216.207 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 12:34:02 Andreas IP-BLOCK 212.113.33.142 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 12:34:28 Andreas IP-BLOCK 62.45.221.68 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 12:42:37 Andreas IP-BLOCK 58.241.21.226 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 12:43:41 Andreas IP-BLOCK 212.117.179.52 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 12:45:09 Andreas IP-BLOCK 58.241.40.75 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 12:58:55 Andreas IP-BLOCK 188.130.176.7 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 13:05:38 Andreas IP-BLOCK 62.45.232.153 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 13:28:20 Andreas IP-BLOCK 218.9.208.142 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 13:30:44 Andreas IP-BLOCK 89.28.116.78 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 13:33:44 Andreas IP-BLOCK 58.240.104.30 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 13:35:52 Andreas IP-BLOCK 62.45.221.68 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 13:42:56 Andreas IP-BLOCK 222.65.255.111 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 13:46:41 Andreas IP-BLOCK 218.8.173.89 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 14:00:57 Andreas IP-BLOCK 222.70.128.131 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 14:01:21 Andreas IP-BLOCK 79.135.150.182 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 14:05:21 Andreas IP-BLOCK 212.117.163.239 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 14:15:38 Andreas IP-BLOCK 212.117.179.52 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 14:16:10 Andreas IP-BLOCK 98.142.246.148 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 14:16:42 Andreas IP-BLOCK 58.241.40.75 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 14:19:14 Andreas IP-BLOCK 91.218.38.214 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 14:28:35 Andreas IP-BLOCK 83.243.13.40 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 14:28:43 Andreas IP-BLOCK 89.28.100.109 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 14:30:59 Andreas IP-BLOCK 79.135.150.182 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 14:31:55 Andreas IP-BLOCK 58.241.40.75 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 14:33:47 Andreas IP-BLOCK 218.9.172.13 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 14:35:23 Andreas IP-BLOCK 58.241.86.78 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 14:44:51 Andreas IP-BLOCK 212.117.179.52 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 14:47:08 Andreas IP-BLOCK 85.234.172.178 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 14:59:16 Andreas IP-BLOCK 91.203.147.75 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 15:01:32 Andreas IP-BLOCK 85.234.172.178 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 15:16:45 Andreas IP-BLOCK 85.234.172.178 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 15:19:17 Andreas IP-BLOCK 58.240.184.206 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 15:19:49 Andreas IP-BLOCK 58.240.184.206 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 15:20:45 Andreas IP-BLOCK 62.45.221.68 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 15:32:46 Andreas IP-BLOCK 85.234.172.178 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 15:45:34 Andreas IP-BLOCK 218.9.123.149 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 15:45:58 Andreas IP-BLOCK 212.113.33.227 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 15:47:10 Andreas IP-BLOCK 85.234.172.178 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 15:47:58 Andreas IP-BLOCK 89.28.41.79 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 16:02:31 Andreas IP-BLOCK 85.234.172.178 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 16:06:40 Andreas IP-BLOCK 58.240.194.188 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 16:08:32 Andreas IP-BLOCK 89.28.123.215 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 16:13:52 Andreas IP-BLOCK 91.188.50.210 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 16:15:04 Andreas IP-BLOCK 58.241.227.13 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 16:17:45 Andreas IP-BLOCK 85.234.172.178 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 16:18:41 Andreas IP-BLOCK 121.125.68.226 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 16:24:02 Andreas IP-BLOCK 89.28.123.215 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 16:32:18 Andreas IP-BLOCK 91.188.37.145 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 16:32:42 Andreas IP-BLOCK 85.234.172.178 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 16:35:07 Andreas IP-BLOCK 58.240.104.30 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 16:36:35 Andreas IP-BLOCK 219.152.77.140 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 16:45:31 Andreas IP-BLOCK 58.241.227.13 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 16:49:39 Andreas IP-BLOCK 218.9.172.13 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 17:01:16 Andreas IP-BLOCK 212.117.167.212 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 17:02:36 Andreas IP-BLOCK 85.234.172.178 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 17:07:00 Andreas IP-BLOCK 62.45.232.153 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 17:16:53 Andreas IP-BLOCK 109.95.112.240 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 17:18:13 Andreas IP-BLOCK 85.234.172.178 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 17:18:37 Andreas IP-BLOCK 124.217.231.117 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 17:18:45 Andreas IP-BLOCK 91.215.156.70 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 17:33:26 Andreas IP-BLOCK 58.241.141.70 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 17:45:18 Andreas IP-BLOCK 121.10.137.43 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 17:48:55 Andreas IP-BLOCK 58.240.184.10 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) 17:50:23 Andreas IP-BLOCK 212.113.33.142 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe) Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 911122501 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 25.12.2011 13:41:07 mbam-log-2011-12-25 (13-41-07).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|H:\|) Durchsuchte Objekte: 790439 Laufzeit: 1 Stunde(n), 39 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Code:
ATTFilter @BIOS GIGABYTE 04.12.2010 2.08 Adobe Flash Player 10 ActiveX 64-bit Adobe Systems Incorporated 14.05.2011 6,00MB 10.3.162.28 Adobe Flash Player 10 Plugin Adobe Systems Incorporated 28.02.2011 6,00MB 10.2.152.32 Adobe Flash Player 9 ActiveX Adobe Systems Incorporated 15.04.2011 9 Adobe Reader X (10.1.1) - Deutsch Adobe Systems Incorporated 30.10.2011 119,2MB 10.1.1 Adobe SVG Viewer 3.0 31.10.2011 3.0 Advanced Archive Password Recovery ElcomSoft Co. Ltd. 14.01.2011 4.53 ALF-BanCo 4 ALF AG 12.12.2010 48,7MB Alien Swarm Valve 10.12.2010 Aliens vs. Predator Rebellion 12.12.2010 Alpha Protocol Obsidian Entertainment 21.08.2011 ATI Catalyst Install Manager ATI Technologies, Inc. 04.12.2010 22,4MB 3.0.795.0 Autodesk 3ds Max 2012 64-bit - German Autodesk 02.05.2011 14.0 Autodesk Backburner 2012.0.0 Autodesk, Inc. 02.05.2011 13,0MB 2012.0.0 Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit Autodesk 02.05.2011 Autodesk Material Library 2012 Autodesk 02.05.2011 97,9MB 2.5.0.8 Autodesk Material Library Base Resolution Image Library 2012 Autodesk 02.05.2011 71,4MB 2.5.0.8 Autodesk Material Library Medium Resolution Image Library 2012 Autodesk 02.05.2011 740MB 2.5.0.8 Avira Free Antivirus Avira 21.12.2011 104,8MB 12.0.0.872 AviSynth 2.5 21.12.2010 Ben There, Dan That! Zombie Cow 12.11.2011 Bulletstorm EA 08.05.2011 1.0.0000.130 CCleaner Piriform 24.12.2011 3.14 CDBurnerXP CDBurnerXP 07.12.2010 11,2MB 4.3.8.2474 Cherry Smart Device Package V1.10 Build 4 ZF Electronics GmbH 12.12.2010 11,3MB 1.10.0.4 CMake 2.8, a cross-platform, open-source build system Kitware 21.02.2011 2.8.4 Composite 2012 64-bit Autodesk 02.05.2011 387MB 7.0.0 Counter-Strike Valve 05.12.2010 Crysis® 2 Electronic Arts 06.06.2011 3.661MB 1.0.0.0 Crystal Reports Basic for Visual Studio 2008 Business Objects 06.10.2011 173,2MB 10.5.0.0 Crystal Reports Basic German Language Pack for Visual Studio 2008 Business Objects 06.10.2011 19,1MB 10.5.0.0 Crystal Reports Basic Runtime for Visual Studio 2008 (x64) Business Objects 06.10.2011 64,6MB 10.5.0.0 Crystal Reports Basic Runtime German Language Pack for Visual Studio 2008 (x64) Business Objects 06.10.2011 2,51MB 10.5.0.0 Die Siedler 2 - Die nächste Generation UBISOFT 01.10.2011 1.00.0000 DiskSpeed32 10.05.2011 3, 0, 0, 5 Dropbox Dropbox, Inc. 15.12.2011 1.2.49 Easy Tune 6 B10.0516.1 GIGABYTE 04.12.2010 26,5MB 1.00.0000 Eufloria 09.01.2011 FastStone Capture 5.3 FastStone Soft 10.05.2011 5.3 Fate of the World 10.11.2011 ffdshow [rev 2527] [2008-12-19] 09.12.2010 1.0 FlashGet 1.9.6.1073 hxxp://www.FlashGet.com 09.12.2010 1.9.6.1073 Foxit Reader Foxit Corporation 11.12.2010 11,1MB 4.3.0.1110 Free YouTube to MP3 Converter version 3.10.7.804 DVDVideoSoft Limited. 12.08.2011 45,3MB FXAA Post Process Injector 03.12.2011 GGobi Interactive Graphics Platform 05.03.2011 Ghost Master Empire Interactive 12.11.2011 Gigabyte Raid Configurer GIGABYTE Technologies, Inc. 04.12.2010 1.00.0001 GLEE Microsoft Research 07.10.2011 6,18MB 1.0.000 GmoteServer Gmote.org 04.12.2011 2.0.2 Google Chrome Google Inc. 09.08.2011 16.0.912.63 GPL Ghostscript Artifex Software Inc. 22.04.2011 9.02 GSview 4.9 22.04.2011 Gtk+ Runtime Environment 2.12.9-2 05.03.2011 2.12.9-2 Handbrake 0.9.4 21.12.2010 0.9.4 HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät Hewlett-Packard Co. 21.12.2011 180,5MB 22.50.231.0 HP Officejet Pro 8500 A910 Hilfe Hewlett Packard 21.12.2011 24,2MB 140.0.2.2 I.R.I.S. OCR HP 21.12.2011 69,0MB 12.3.4.0 Java(TM) 6 Update 20 Sun Microsystems, Inc. 06.01.2011 97,2MB 6.0.200 Java(TM) 6 Update 24 Oracle 12.12.2010 95,0MB 6.0.240 Java(TM) 6 Update 24 (64-bit) Oracle 06.03.2011 90,8MB 6.0.240 Java(TM) SE Development Kit 6 Update 24 Oracle 06.04.2011 127,9MB 1.6.0.240 Java(TM) SE Development Kit 6 Update 24 (64-bit) Oracle 06.03.2011 146,0MB 1.6.0.240 Java-Editor 9.19b, 2010.01.31 Gerhard Röhner 06.03.2011 8,28MB JDownloader AppWork UG (haftungsbeschränkt) 12.12.2010 JDownloader 0.9 AppWork GmbH 21.05.2011 0.9 Logitech Harmony Remote Software Logitech 18.03.2011 0.6.0201 Logitech Harmony Remote Software 7 Logitech 21.03.2011 7.7.0.0 Malwarebytes' Anti-Malware Version 1.51.2.1300 Malwarebytes Corporation 24.12.2011 13,8MB 1.51.2.1300 mental mill (R) Artist Edition mental images GmbH 07.05.2011 132,0MB 1.0 Microsoft .NET Compact Framework 2.0 SP2 Microsoft Corporation 06.10.2011 93,2MB 2.0.7045 Microsoft .NET Compact Framework 3.5 Microsoft Corporation 06.10.2011 81,5MB 3.5.7283 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 06.12.2010 38,8MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 21.02.2011 2,94MB 4.0.30319 Microsoft .NET Framework 4 Extended Microsoft Corporation 21.02.2011 52,0MB 4.0.30319 Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 21.02.2011 10,7MB 4.0.30319 Microsoft ASP.NET MVC 2 - DEU Microsoft Corporation 21.02.2011 25,00KB 2.0.50331.0 Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU Microsoft Corporation 21.02.2011 2,07MB 2.0.50331.0 Microsoft Device Emulator (64 Bit) Version 3.0 - DEU Microsoft Corporation 06.10.2011 2,33MB 9.0.21022 Microsoft DirectX SDK (June 2010) Microsoft Corporation 07.10.2011 9.29.1962.0 Microsoft Document Explorer 2008 Microsoft Corporation 06.10.2011 Microsoft Document Explorer 2008 Language Pack - DEU Microsoft Corporation 06.10.2011 Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 09.05.2011 31,3MB 3.5.88.0 Microsoft Games for Windows Marketplace Microsoft Corporation 09.05.2011 6,04MB 3.5.50.0 Microsoft Help Viewer 1.0 Language Pack - DEU Microsoft Corporation 21.02.2011 1,95MB 1.0.30319 Microsoft Office Enterprise 2007 Microsoft Corporation 09.05.2011 12.0.6425.1000 Microsoft Silverlight Microsoft Corporation 13.10.2011 145,8MB 4.0.60831.0 Microsoft Silverlight 3 SDK - Deutsch Microsoft Corporation 21.02.2011 32,8MB 3.0.40818.0 Microsoft Silverlight 4 SDK - Deutsch Microsoft Corporation 06.10.2011 52,4MB 4.0.50826.0 Microsoft SQL Server 2005 Microsoft Corporation 06.10.2011 Microsoft SQL Server 2008 R2 Data-Tier Application Project Microsoft Corporation 21.02.2011 14,1MB 10.50.1447.4 Microsoft SQL Server 2008 R2 Management Objects Microsoft Corporation 21.02.2011 17,2MB 10.50.1447.4 Microsoft SQL Server 2008 R2 Management Objects (x64) Microsoft Corporation 21.02.2011 10,4MB 10.50.1447.4 Microsoft SQL Server 2008 R2 Transact-SQL Language Service Microsoft Corporation 21.02.2011 5,41MB 10.50.1447.4 Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework Microsoft Corporation 21.02.2011 0,37MB 10.50.1447.4 Microsoft SQL Server Compact 3.5 for Devices DEU Microsoft Corporation 06.10.2011 46,5MB 3.5.5386.0 Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch) Microsoft Corporation 07.10.2011 9,09MB 3.5.5692.0 Microsoft SQL Server Compact 3.5 SP2 DEU Microsoft Corporation 21.02.2011 3,69MB 3.5.8080.0 Microsoft SQL Server Compact 3.5 SP2 x64 DEU Microsoft Corporation 21.02.2011 4,81MB 3.5.8080.0 Microsoft SQL Server Database Publishing Wizard 1.3 Microsoft Corporation 07.10.2011 10,4MB 10.0.1600.22 Microsoft SQL Server Native Client Microsoft Corporation 07.10.2011 5,89MB 9.00.5000.00 Microsoft SQL Server System CLR Types Microsoft Corporation 21.02.2011 2,55MB 10.50.1447.4 Microsoft SQL Server System CLR Types (x64) Microsoft Corporation 21.02.2011 0,81MB 10.50.1447.4 Microsoft SQL Server VSS Writer Microsoft Corporation 07.10.2011 1,12MB 9.00.5000.00 Microsoft Sync Framework Runtime v1.0 SP1 (x64) de Microsoft Corporation 21.02.2011 1,04MB 1.0.3010.0 Microsoft Sync Framework SDK v1.0 SP1 de Microsoft Corporation 21.02.2011 30,0MB 1.0.3010.0 Microsoft Sync Framework Services v1.0 SP1 (x64) de Microsoft Corporation 21.02.2011 2,89MB 1.0.3010.0 Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de Microsoft Corporation 21.02.2011 0,58MB 2.0.3010.0 Microsoft Team Foundation Server 2010-Objektmodell - DEU Microsoft Corporation 06.10.2011 10.0.30319 Microsoft Visio Professional 2010 Microsoft Corporation 10.11.2011 14.0.6029.1000 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 07.10.2011 0,29MB 8.0.61001 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 07.10.2011 0,77MB 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 07.10.2011 1,41MB 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 07.10.2011 0,57MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 07.10.2011 0,59MB 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 14.10.2011 13,7MB 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 24.10.2011 12,3MB 10.0.40219 Microsoft Visual F# 2.0 Runtime Microsoft Corporation 21.02.2011 5,82MB 10.0.30319 Microsoft Visual F# 2.0 Runtime Language Pack - DEU Microsoft Corporation 21.02.2011 1,30MB 10.0.30319 Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack Microsoft Corporation 07.10.2011 Microsoft Visual Studio 2008 Professional Edition - DEU Microsoft Corporation 07.10.2011 Microsoft Visual Studio 2008 Remote Debugger - DEU Microsoft Corporation 07.10.2011 Microsoft Visual Studio 2008 SDK 1.1 Microsoft Corporation 07.10.2011 418MB 9.0.30820 Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 21.02.2011 10.0.30319 Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU Microsoft Corporation 21.02.2011 10.0.30319 Microsoft Visual Studio Web Authoring Component Microsoft Corporation 07.10.2011 12.0.4518.1066 Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - deu Microsoft Corporation 07.10.2011 44,1MB 3.5.21022 Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries Microsoft Corporation 07.10.2011 115,0MB 6.1.5288.17011 Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense Microsoft Corporation 07.10.2011 6,65MB 6.1.5288.17011 Microsoft Windows SDK for Visual Studio 2008 SP1 Tools Microsoft Corporation 07.10.2011 15,6MB 6.1.5294.17011 Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools Microsoft Corporation 07.10.2011 20,1MB 6.1.5294.17011 Microsoft WSE 3.0 Runtime Microsoft Corp. 15.04.2011 0,92MB 3.0.5305.0 Microsoft Xbox 360 Accessories 1.2 Microsoft 16.12.2010 7,79MB 1.20.146.0 Motorola Software Update Motorola 19.03.2011 59,7MB 01.16.08 Mozilla Firefox 8.0 (x86 de) Mozilla 08.11.2011 35,6MB 8.0 Mozilla Thunderbird (8.0) Mozilla 09.11.2011 8.0 (de) MSXML 4.0 SP2 (KB954430) Microsoft Corporation 20.03.2011 1,28MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 20.03.2011 1,33MB 4.20.9876.0 NEC Electronics USB 3.0 Host Controller Driver NEC Electronics Corporation 04.12.2010 0,97MB 1.0.18.0 Nexus Mod Manager Black Tree Gaming 17.12.2011 7,22MB 0.12.18 NightSky 10.11.2011 NVIDIA Cg Toolkit 3.0 February 2011 NVIDIA Corporation 07.05.2011 88,6MB NVIDIA Developer Tools Software Activation 07.05.2011 1.0 NVIDIA FX Composer 2.5 07.05.2011 2.5 NVIDIA FX Composer 2.5 Shader Debugger plugin 07.05.2011 1.00.000 NVIDIA PhysX NVIDIA Corporation 22.10.2011 78,9MB 9.10.0513 OMEGA Process Modeller UNITY 10.11.2011 21,3MB 3.2.0 OpenAL 07.08.2011 OpenOffice.org 3.2 OpenOffice.org 06.01.2011 364MB 3.2.9502 Orcs Must Die! 23.11.2011 PDFCreator Frank Heindörfer, Philip Chinery 17.04.2011 1.2.0 Penumbra: Overture Frictional Games 21.12.2010 Portal Valve 05.05.2011 Pro Evolution Soccer 2011 KONAMI 16.12.2010 1.637MB 1.00.0000 Pro Evolution Soccer 2012 KONAMI 14.11.2011 2.019MB 1.02.0000 Puzzle Quest Infinite Interactive 17.09.2011 Python 2.4.4 Martin v. Löwis 07.05.2011 29,4MB 2.4.4150 QAliber Agent QAlibers 07.10.2011 0,84MB 1.0.0 QAliber Test Builder QAlibers 07.10.2011 2,94MB 1.0.0 QAliber Test Suite 1.0 QAlibers (c) 07.10.2011 21,0MB QAliber VS 2008 Plugin QAlibers 07.10.2011 2,20MB 1.0.0 QIP 2010 4444 Jeak-Edition jeak.de 04.12.2010 19,0MB 3.0.4444 Realtek Ethernet Controller Driver For Windows 7 Realtek 04.12.2010 7.18.322.2010 Realtek HDMI Audio Driver for ATI Realtek Semiconductor Corp. 04.12.2010 6.0.1.6034 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 04.12.2010 6.0.1.6083 Remote Control USB Driver 21.03.2011 2.3.2.317 Revenge of the Titans HIB (remove only) 14.12.2010 ScanSnap Manager PFU 09.07.2011 V5.1L11 ScanSnap Organizer PFU 09.07.2011 V4.1L11 Seagate Drive Settings Installer Seagate Technologies LLC 28.05.2011 29,2MB 1.00.0000 Shader Designer 1.5.9.4 TyphoonLabs 24.05.2011 ShadowMapping Matthias Grumet 26.05.2011 Sid Meier's Civilization V Firaxis Games 09.02.2011 Skype™ 5.5 Skype Technologies S.A. 20.08.2011 17,0MB 5.5.113 Spyware Terminator 2012 Crawler.com 24.12.2011 19,5MB 3.0.0.50 StarCraft II Blizzard Entertainment 08.11.2011 1.4.2.20141 SUPER © v2011.build.48 (April 23, 2011) Version v2011.build.48 eRightSoft 23.05.2011 39,5MB v2011.build.48 TeamSpeak 3 Client TeamSpeak Systems GmbH 05.12.2010 The Elder Scrolls V: Skyrim Bethesda Game Studios 02.12.2011 Titan Quest IronLore 18.11.2011 Titan Quest: Immortal Throne IronLore 18.11.2011 TortoiseSVN 1.6.16.21511 (64 bit) TortoiseSVN 06.10.2011 22,1MB 1.6.21511 Tunatic 12.08.2011 Tunngle beta Tunngle.net GmbH 28.12.2010 Turbo Squid Tentacles 3ds Max 2009 64-bit Turbo Squid 15.04.2011 8,38MB 3.2.0 UE3Redist Epic Games 11.12.2010 57,2MB 1.00.0000 UltraMon Realtime Soft Ltd 05.12.2010 5,87MB 3.0.10 Universe Sandbox 09.08.2011 Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) Microsoft Corporation 07.10.2011 30,6MB 9.00.5000.00 VDownloader 3.6.943 Vitzo Limited 03.11.2011 37,4MB Visual Studio .NET Prerequisites - English Microsoft Corporation 07.10.2011 2,28MB 9.0.30729 Visual Studio 2005 Tools for Office Second Edition Runtime Microsoft Corporation 07.10.2011 Visual Studio Tools for the Office system 3.0 Runtime Microsoft Corporation 06.10.2011 Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU Microsoft Corporation 06.10.2011 VLC media player 1.1.11 VideoLAN 04.12.2011 1.1.11 VMware Workstation VMware, Inc 09.12.2010 3.333MB 7.1.3.14951 VobSub v2.23 (Remove Only) 21.12.2010 WCF RIA Services V1.0 SP1 Microsoft Corporation 06.10.2011 12,3MB 4.1.60114.0 Web Deployment Tool Microsoft Corporation 21.02.2011 3,10MB 1.1.0618 Web Security Guard with Crawler Toolbar Crawler, LLC 24.12.2011 Winamp Nullsoft, Inc 11.12.2010 5.601 Windows Live ID Sign-in Assistant Microsoft Corporation 09.05.2011 10,0MB 6.500.3165.0 Windows Mobile 5.0 SDK R2 for Pocket PC Microsoft Corporation 06.10.2011 130,4MB 5.00.1700.5.14343.06 Windows Mobile 5.0 SDK R2 for Smartphone Microsoft Corporation 06.10.2011 79,2MB 5.00.1700.5.14343.06 Windows7FirewallControl (i386) 4.0.144.38 Sphinx Software 04.12.2010 4.0.144.38 WinPcap 4.1.1 CACE Technologies 03.11.2011 4.1.0.1753 WinRAR 06.12.2010 World of Goo 2D Boy 21.12.2010 World of Tanks v.0.6.7 Wargaming.net 13.11.2011 XviD MPEG4 Video Codec (remove only) 21.12.2010 |
26.12.2011, 14:19 | #5 | |
/// Helfer-Team | BKA/Ukash-Trojaner/Virus und seine Folgen 1. Deinstalliere: Zitat:
2. Deine Javaversion ist nicht aktuell! → Downloade nun die Offline-Version von Java Version 6 Update 30 von Oracle herunter Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)! 3. reinige dein System mit CCleaner:
4.
5. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung 6. -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< 7. erneut einen Scan mit OTL:
► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
27.12.2011, 20:47 | #6 |
| BKA/Ukash-Trojaner/Virus und seine Folgen SuperAntiSpyware log Code:
ATTFilter SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 12/27/2011 at 06:38 PM Application Version : 5.0.1142 Core Rules Database Version : 8088 Trace Rules Database Version: 5900 Scan type : Complete Scan Total Scan Time : 01:06:07 Operating System Information Windows 7 Professional 64-bit (Build 6.01.7600) UAC On - Limited User Memory items scanned : 785 Memory threats detected : 0 Registry items scanned : 75506 Registry threats detected : 0 File items scanned : 153151 File threats detected : 68 Adware.Tracking Cookie C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@ad.ad-srv[2].txt [ /ad.ad-srv ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@ad.yieldmanager[1].txt [ /ad.yieldmanager ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@ad.zanox[1].txt [ /ad.zanox ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@adfarm1.adition[2].txt [ /adfarm1.adition ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@adviva[1].txt [ /adviva ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@content.yieldmanager[2].txt [ /content.yieldmanager ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@download1006.mediafire[2].txt [ /download1006.mediafire ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@download859.mediafire[2].txt [ /download859.mediafire ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@files.youporn[1].txt [ /files.youporn ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@media1.gamefront[2].txt [ /media1.gamefront ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@smartadserver[2].txt [ /smartadserver ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@specificclick[2].txt [ /specificclick ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@tracking.mlsat02[1].txt [ /tracking.mlsat02 ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@tracking.quisma[1].txt [ /tracking.quisma ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@traffictrack[1].txt [ /traffictrack ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@unitymedia[2].txt [ /unitymedia ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@webmasterplan[2].txt [ /webmasterplan ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@www.zanox-affiliate[1].txt [ /www.zanox-affiliate ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@yadro[1].txt [ /yadro ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@zanox-affiliate[1].txt [ /zanox-affiliate ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@zanox[2].txt [ /zanox ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\JZCLVR8W.txt [ /doubleclick.net ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\5X6UWT01.txt [ /media6degrees.com ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\BEDA73WT.txt [ /googleads.g.doubleclick.net ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\TKGR6XA8.txt [ Cookie:andreas@smartadserver.com/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\M9AVO4NW.txt [ Cookie:andreas@ad4.adfarm1.adition.com/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\KGH22ECJ.txt [ Cookie:andreas@ad3.adfarm1.adition.com/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@ad.adition[2].txt [ Cookie:andreas@ad.adition.net/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\7P1ZGZZN.txt [ Cookie:andreas@doubleclick.net/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@imrworldwide[2].txt [ Cookie:andreas@imrworldwide.com/cgi-bin ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\TU3HS8JU.txt [ Cookie:andreas@ad.zanox.com/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@counters.gigya[1].txt [ Cookie:andreas@counters.gigya.com/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@zanox-affiliate[2].txt [ Cookie:andreas@zanox-affiliate.de/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\46680IPU.txt [ Cookie:andreas@ad2.adfarm1.adition.com/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@invitemedia[2].txt [ Cookie:andreas@invitemedia.com/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@adviva[1].txt [ Cookie:andreas@adviva.net/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@tradedoubler[2].txt [ Cookie:andreas@tradedoubler.com/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@traffictrack[1].txt [ Cookie:andreas@traffictrack.de/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@banners.thgimages.co[2].txt [ Cookie:andreas@banners.thgimages.co.uk/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@adserver[1].txt [ Cookie:andreas@adserver.gs/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\E8TZSZ3C.txt [ Cookie:andreas@zanox.com/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@www.active-tracking[1].txt [ Cookie:andreas@www.active-tracking.de/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@ad.yieldmanager[2].txt [ Cookie:andreas@ad.yieldmanager.com/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@eas.apm.emediate[2].txt [ Cookie:andreas@eas.apm.emediate.eu/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\HX2IUTDX.txt [ Cookie:andreas@tracking.quisma.com/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@www.googleadservices[2].txt [ Cookie:andreas@www.googleadservices.com/pagead/conversion/1058160226/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@adtech[2].txt [ Cookie:andreas@adtech.de/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@content.yieldmanager[1].txt [ Cookie:andreas@content.yieldmanager.com/ ] C:\USERS\ANDREAS\Cookies\JZCLVR8W.txt [ Cookie:andreas@doubleclick.net/ ] C:\USERS\ANDREAS\Cookies\andreas@ad.zanox[1].txt [ Cookie:andreas@ad.zanox.com/ ] C:\USERS\ANDREAS\Cookies\andreas@zanox-affiliate[1].txt [ Cookie:andreas@zanox-affiliate.de/ ] C:\USERS\ANDREAS\Cookies\andreas@content.yieldmanager[2].txt [ Cookie:andreas@content.yieldmanager.com/ ] C:\USERS\ANDREAS\Cookies\andreas@adviva[1].txt [ Cookie:andreas@adviva.net/ ] C:\USERS\ANDREAS\Cookies\andreas@traffictrack[1].txt [ Cookie:andreas@traffictrack.de/ ] C:\USERS\ANDREAS\Cookies\andreas@ad.yieldmanager[1].txt [ Cookie:andreas@ad.yieldmanager.com/ ] C:\USERS\ANDREAS\Cookies\andreas@zanox[2].txt [ Cookie:andreas@zanox.com/ ] C:\USERS\ANDREAS\Cookies\andreas@tracking.quisma[1].txt [ Cookie:andreas@tracking.quisma.com/ ] C:\USERS\ANDREAS\Cookies\andreas@download859.mediafire[2].txt [ Cookie:andreas@download859.mediafire.com/4lrt40ptni6g/udggwj1ntkm/ ] C:\USERS\ANDREAS\Cookies\andreas@smartadserver[2].txt [ Cookie:andreas@smartadserver.com/ ] C:\USERS\ANDREAS\Cookies\5X6UWT01.txt [ Cookie:andreas@media6degrees.com/ ] C:\USERS\ANDREAS\Cookies\andreas@tracking.mlsat02[1].txt [ Cookie:andreas@tracking.mlsat02.de/tmobile/ ] C:\USERS\ANDREAS\Cookies\BEDA73WT.txt [ Cookie:andreas@googleads.g.doubleclick.net/ ] de.sitestat.com [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ] www.blogcounter.de [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ] .2o7.net [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ] .2o7.net [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ] de.sitestat.com [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ] Code:
ATTFilter SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 12/27/2011 at 06:38 PM Application Version : 5.0.1142 Core Rules Database Version : 8088 Trace Rules Database Version: 5900 Scan type : Complete Scan Total Scan Time : 01:06:07 Operating System Information Windows 7 Professional 64-bit (Build 6.01.7600) UAC On - Limited User Memory items scanned : 785 Memory threats detected : 0 Registry items scanned : 75506 Registry threats detected : 0 File items scanned : 153151 File threats detected : 68 Adware.Tracking Cookie C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@ad.ad-srv[2].txt [ /ad.ad-srv ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@ad.yieldmanager[1].txt [ /ad.yieldmanager ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@ad.zanox[1].txt [ /ad.zanox ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@adfarm1.adition[2].txt [ /adfarm1.adition ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@adviva[1].txt [ /adviva ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@content.yieldmanager[2].txt [ /content.yieldmanager ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@download1006.mediafire[2].txt [ /download1006.mediafire ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@download859.mediafire[2].txt [ /download859.mediafire ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@files.youporn[1].txt [ /files.youporn ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@media1.gamefront[2].txt [ /media1.gamefront ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@smartadserver[2].txt [ /smartadserver ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@specificclick[2].txt [ /specificclick ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@tracking.mlsat02[1].txt [ /tracking.mlsat02 ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@tracking.quisma[1].txt [ /tracking.quisma ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@traffictrack[1].txt [ /traffictrack ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@unitymedia[2].txt [ /unitymedia ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@webmasterplan[2].txt [ /webmasterplan ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@www.zanox-affiliate[1].txt [ /www.zanox-affiliate ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@yadro[1].txt [ /yadro ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@zanox-affiliate[1].txt [ /zanox-affiliate ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@zanox[2].txt [ /zanox ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\JZCLVR8W.txt [ /doubleclick.net ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\5X6UWT01.txt [ /media6degrees.com ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\BEDA73WT.txt [ /googleads.g.doubleclick.net ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\TKGR6XA8.txt [ Cookie:andreas@smartadserver.com/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\M9AVO4NW.txt [ Cookie:andreas@ad4.adfarm1.adition.com/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\KGH22ECJ.txt [ Cookie:andreas@ad3.adfarm1.adition.com/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@ad.adition[2].txt [ Cookie:andreas@ad.adition.net/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\7P1ZGZZN.txt [ Cookie:andreas@doubleclick.net/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@imrworldwide[2].txt [ Cookie:andreas@imrworldwide.com/cgi-bin ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\TU3HS8JU.txt [ Cookie:andreas@ad.zanox.com/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@counters.gigya[1].txt [ Cookie:andreas@counters.gigya.com/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@zanox-affiliate[2].txt [ Cookie:andreas@zanox-affiliate.de/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\46680IPU.txt [ Cookie:andreas@ad2.adfarm1.adition.com/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@invitemedia[2].txt [ Cookie:andreas@invitemedia.com/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@adviva[1].txt [ Cookie:andreas@adviva.net/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@tradedoubler[2].txt [ Cookie:andreas@tradedoubler.com/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@traffictrack[1].txt [ Cookie:andreas@traffictrack.de/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@banners.thgimages.co[2].txt [ Cookie:andreas@banners.thgimages.co.uk/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@adserver[1].txt [ Cookie:andreas@adserver.gs/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\E8TZSZ3C.txt [ Cookie:andreas@zanox.com/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@www.active-tracking[1].txt [ Cookie:andreas@www.active-tracking.de/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@ad.yieldmanager[2].txt [ Cookie:andreas@ad.yieldmanager.com/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@eas.apm.emediate[2].txt [ Cookie:andreas@eas.apm.emediate.eu/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\HX2IUTDX.txt [ Cookie:andreas@tracking.quisma.com/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@www.googleadservices[2].txt [ Cookie:andreas@www.googleadservices.com/pagead/conversion/1058160226/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@adtech[2].txt [ Cookie:andreas@adtech.de/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@content.yieldmanager[1].txt [ Cookie:andreas@content.yieldmanager.com/ ] C:\USERS\ANDREAS\Cookies\JZCLVR8W.txt [ Cookie:andreas@doubleclick.net/ ] C:\USERS\ANDREAS\Cookies\andreas@ad.zanox[1].txt [ Cookie:andreas@ad.zanox.com/ ] C:\USERS\ANDREAS\Cookies\andreas@zanox-affiliate[1].txt [ Cookie:andreas@zanox-affiliate.de/ ] C:\USERS\ANDREAS\Cookies\andreas@content.yieldmanager[2].txt [ Cookie:andreas@content.yieldmanager.com/ ] C:\USERS\ANDREAS\Cookies\andreas@adviva[1].txt [ Cookie:andreas@adviva.net/ ] C:\USERS\ANDREAS\Cookies\andreas@traffictrack[1].txt [ Cookie:andreas@traffictrack.de/ ] C:\USERS\ANDREAS\Cookies\andreas@ad.yieldmanager[1].txt [ Cookie:andreas@ad.yieldmanager.com/ ] C:\USERS\ANDREAS\Cookies\andreas@zanox[2].txt [ Cookie:andreas@zanox.com/ ] C:\USERS\ANDREAS\Cookies\andreas@tracking.quisma[1].txt [ Cookie:andreas@tracking.quisma.com/ ] C:\USERS\ANDREAS\Cookies\andreas@download859.mediafire[2].txt [ Cookie:andreas@download859.mediafire.com/4lrt40ptni6g/udggwj1ntkm/ ] C:\USERS\ANDREAS\Cookies\andreas@smartadserver[2].txt [ Cookie:andreas@smartadserver.com/ ] C:\USERS\ANDREAS\Cookies\5X6UWT01.txt [ Cookie:andreas@media6degrees.com/ ] C:\USERS\ANDREAS\Cookies\andreas@tracking.mlsat02[1].txt [ Cookie:andreas@tracking.mlsat02.de/tmobile/ ] C:\USERS\ANDREAS\Cookies\BEDA73WT.txt [ Cookie:andreas@googleads.g.doubleclick.net/ ] de.sitestat.com [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ] www.blogcounter.de [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ] .2o7.net [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ] .2o7.net [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ] de.sitestat.com [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ] Code:
ATTFilter SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 12/27/2011 at 06:38 PM Application Version : 5.0.1142 Core Rules Database Version : 8088 Trace Rules Database Version: 5900 Scan type : Complete Scan Total Scan Time : 01:06:07 Operating System Information Windows 7 Professional 64-bit (Build 6.01.7600) UAC On - Limited User Memory items scanned : 785 Memory threats detected : 0 Registry items scanned : 75506 Registry threats detected : 0 File items scanned : 153151 File threats detected : 68 Adware.Tracking Cookie C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@ad.ad-srv[2].txt [ /ad.ad-srv ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@ad.yieldmanager[1].txt [ /ad.yieldmanager ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@ad.zanox[1].txt [ /ad.zanox ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@adfarm1.adition[2].txt [ /adfarm1.adition ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@adviva[1].txt [ /adviva ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@content.yieldmanager[2].txt [ /content.yieldmanager ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@download1006.mediafire[2].txt [ /download1006.mediafire ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@download859.mediafire[2].txt [ /download859.mediafire ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@files.youporn[1].txt [ /files.youporn ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@media1.gamefront[2].txt [ /media1.gamefront ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@smartadserver[2].txt [ /smartadserver ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@specificclick[2].txt [ /specificclick ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@tracking.mlsat02[1].txt [ /tracking.mlsat02 ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@tracking.quisma[1].txt [ /tracking.quisma ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@traffictrack[1].txt [ /traffictrack ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@unitymedia[2].txt [ /unitymedia ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@webmasterplan[2].txt [ /webmasterplan ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@www.zanox-affiliate[1].txt [ /www.zanox-affiliate ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@yadro[1].txt [ /yadro ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@zanox-affiliate[1].txt [ /zanox-affiliate ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@zanox[2].txt [ /zanox ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\JZCLVR8W.txt [ /doubleclick.net ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\5X6UWT01.txt [ /media6degrees.com ] C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\BEDA73WT.txt [ /googleads.g.doubleclick.net ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\TKGR6XA8.txt [ Cookie:andreas@smartadserver.com/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\M9AVO4NW.txt [ Cookie:andreas@ad4.adfarm1.adition.com/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\KGH22ECJ.txt [ Cookie:andreas@ad3.adfarm1.adition.com/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@ad.adition[2].txt [ Cookie:andreas@ad.adition.net/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\7P1ZGZZN.txt [ Cookie:andreas@doubleclick.net/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@imrworldwide[2].txt [ Cookie:andreas@imrworldwide.com/cgi-bin ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\TU3HS8JU.txt [ Cookie:andreas@ad.zanox.com/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@counters.gigya[1].txt [ Cookie:andreas@counters.gigya.com/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@zanox-affiliate[2].txt [ Cookie:andreas@zanox-affiliate.de/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\46680IPU.txt [ Cookie:andreas@ad2.adfarm1.adition.com/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@invitemedia[2].txt [ Cookie:andreas@invitemedia.com/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@adviva[1].txt [ Cookie:andreas@adviva.net/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@tradedoubler[2].txt [ Cookie:andreas@tradedoubler.com/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@traffictrack[1].txt [ Cookie:andreas@traffictrack.de/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@banners.thgimages.co[2].txt [ Cookie:andreas@banners.thgimages.co.uk/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@adserver[1].txt [ Cookie:andreas@adserver.gs/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\E8TZSZ3C.txt [ Cookie:andreas@zanox.com/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@www.active-tracking[1].txt [ Cookie:andreas@www.active-tracking.de/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@ad.yieldmanager[2].txt [ Cookie:andreas@ad.yieldmanager.com/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@eas.apm.emediate[2].txt [ Cookie:andreas@eas.apm.emediate.eu/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\HX2IUTDX.txt [ Cookie:andreas@tracking.quisma.com/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@www.googleadservices[2].txt [ Cookie:andreas@www.googleadservices.com/pagead/conversion/1058160226/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@adtech[2].txt [ Cookie:andreas@adtech.de/ ] C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@content.yieldmanager[1].txt [ Cookie:andreas@content.yieldmanager.com/ ] C:\USERS\ANDREAS\Cookies\JZCLVR8W.txt [ Cookie:andreas@doubleclick.net/ ] C:\USERS\ANDREAS\Cookies\andreas@ad.zanox[1].txt [ Cookie:andreas@ad.zanox.com/ ] C:\USERS\ANDREAS\Cookies\andreas@zanox-affiliate[1].txt [ Cookie:andreas@zanox-affiliate.de/ ] C:\USERS\ANDREAS\Cookies\andreas@content.yieldmanager[2].txt [ Cookie:andreas@content.yieldmanager.com/ ] C:\USERS\ANDREAS\Cookies\andreas@adviva[1].txt [ Cookie:andreas@adviva.net/ ] C:\USERS\ANDREAS\Cookies\andreas@traffictrack[1].txt [ Cookie:andreas@traffictrack.de/ ] C:\USERS\ANDREAS\Cookies\andreas@ad.yieldmanager[1].txt [ Cookie:andreas@ad.yieldmanager.com/ ] C:\USERS\ANDREAS\Cookies\andreas@zanox[2].txt [ Cookie:andreas@zanox.com/ ] C:\USERS\ANDREAS\Cookies\andreas@tracking.quisma[1].txt [ Cookie:andreas@tracking.quisma.com/ ] C:\USERS\ANDREAS\Cookies\andreas@download859.mediafire[2].txt [ Cookie:andreas@download859.mediafire.com/4lrt40ptni6g/udggwj1ntkm/ ] C:\USERS\ANDREAS\Cookies\andreas@smartadserver[2].txt [ Cookie:andreas@smartadserver.com/ ] C:\USERS\ANDREAS\Cookies\5X6UWT01.txt [ Cookie:andreas@media6degrees.com/ ] C:\USERS\ANDREAS\Cookies\andreas@tracking.mlsat02[1].txt [ Cookie:andreas@tracking.mlsat02.de/tmobile/ ] C:\USERS\ANDREAS\Cookies\BEDA73WT.txt [ Cookie:andreas@googleads.g.doubleclick.net/ ] de.sitestat.com [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ] www.blogcounter.de [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ] .2o7.net [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ] .2o7.net [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ] de.sitestat.com [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ] Aktuell kann ich über keine Probleme berichten |
29.12.2011, 00:08 | #7 |
/// Helfer-Team | BKA/Ukash-Trojaner/Virus und seine Folgen die Schritte 5., 6., und 7., fehlen noch!
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
29.12.2011, 12:15 | #8 |
| BKA/Ukash-Trojaner/Virus und seine Folgen Eigentlich schon erledigt 5. Genereller Hinweis das man öfters scannen sollte und Autorunfunktion deaktiviert 6. Online Scan durchgeführt. Keine Meldungen 7. Siehe postet Code im vorigen Beitrag. |
29.12.2011, 12:36 | #9 |
/// Helfer-Team | BKA/Ukash-Trojaner/Virus und seine Folgen zu Punkt 7.: seit Posting #5. habe nicht erhalten! ein ganz frisch erstelltes versteht sich...
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
29.12.2011, 13:37 | #10 |
| BKA/Ukash-Trojaner/Virus und seine Folgen Posting #6 beinhalten die Logs von OTL die erstellt worden sind nachdem Punkt 1-6 ausgeführt wurden sind |
31.12.2011, 07:54 | #11 |
/// Helfer-Team | BKA/Ukash-Trojaner/Virus und seine Folgen Posting #6? habe da 3x Logergebnisse von SUPERAntiSpyware! also bitte nochmal.... erneut einen Scan mit OTL:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
01.01.2012, 19:07 | #12 |
| BKA/Ukash-Trojaner/Virus und seine Folgen OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.12.2011 13:41:58 - Run 4 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Andreas\Desktop 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 59,84% Memory free 7,99 Gb Paging File | 5,44 Gb Available in Paging File | 68,06% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 55,80 Gb Total Space | 3,55 Gb Free Space | 6,37% Space Free | Partition Type: NTFS Drive D: | 372,61 Gb Total Space | 26,78 Gb Free Space | 7,19% Space Free | Partition Type: NTFS Drive E: | 7,51 Gb Total Space | 2,22 Gb Free Space | 29,52% Space Free | Partition Type: FAT32 Drive F: | 931,51 Gb Total Space | 744,63 Gb Free Space | 79,94% Space Free | Partition Type: NTFS Drive H: | 931,51 Gb Total Space | 638,06 Gb Free Space | 68,50% Space Free | Partition Type: NTFS Computer Name: ANDREAS-PC | User Name: Andreas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.29 21:05:24 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011.12.25 03:25:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe PRC - [2011.12.05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2011.11.10 10:43:32 | 000,399,512 | ---- | M] (Mozilla Messaging) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.02.22 20:52:54 | 000,086,016 | ---- | M] () -- C:\Programme\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe PRC - [2011.02.10 10:00:58 | 000,091,432 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe PRC - [2010.11.24 14:02:50 | 005,853,056 | ---- | M] (QIP) -- C:\Program Files (x86)\jeak.de\QIP 2010\qip.exe PRC - [2010.11.22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe PRC - [2010.11.11 13:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2010.11.11 13:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2010.11.11 13:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe PRC - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe PRC - [2010.11.01 17:09:12 | 000,802,816 | ---- | M] (Sphinx Software) -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe PRC - [2010.11.01 16:49:58 | 000,401,408 | ---- | M] (Sphinx Software) -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe PRC - [2010.01.19 03:31:26 | 000,072,304 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe PRC - [2009.12.21 08:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe PRC - [2007.09.25 09:10:50 | 002,007,088 | ---- | M] (FlashGet.com) -- C:\Program Files (x86)\FlashGet\flashget.exe ========== Modules (No Company Name) ========== MOD - [2011.12.29 21:05:24 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011.12.13 16:57:50 | 000,071,680 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\gecko9\WINNT_x86-msvc\SSSLauncher.dll MOD - [2011.11.10 10:43:33 | 001,988,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll MOD - [2011.11.10 10:43:32 | 000,161,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll MOD - [2011.11.10 10:43:32 | 000,021,656 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll MOD - [2010.11.24 14:03:02 | 000,483,712 | ---- | M] () -- C:\Program Files (x86)\jeak.de\QIP 2010\Protos\Social\Social.dll MOD - [2010.11.24 14:03:02 | 000,048,000 | ---- | M] () -- C:\Program Files (x86)\jeak.de\QIP 2010\Protos\MRA\pics.dll MOD - [2010.11.24 14:03:00 | 002,367,872 | ---- | M] () -- C:\Program Files (x86)\jeak.de\QIP 2010\Protos\MRA\MRA.dll MOD - [2010.11.24 14:02:58 | 002,654,080 | ---- | M] () -- C:\Program Files (x86)\jeak.de\QIP 2010\Protos\InfICQ\InfICQ.dll MOD - [2010.11.24 14:02:56 | 000,087,424 | ---- | M] () -- C:\Program Files (x86)\jeak.de\QIP 2010\Core\WebWindow.dll MOD - [2007.06.15 07:35:38 | 000,626,688 | ---- | M] () -- C:\Program Files (x86)\FlashGet\FGBTCORE.dll MOD - [2007.06.14 11:52:06 | 001,327,184 | ---- | M] () -- C:\Program Files (x86)\FlashGet\FGEMCORE.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.08.12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV:64bit: - [2011.05.03 13:12:03 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:64bit: - [2011.02.22 20:52:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe -- (mi-raysat_3dsmax2012_64) SRV:64bit: - [2010.09.29 02:51:08 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2008.07.29 12:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90) SRV - [2011.12.08 22:21:05 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.02.10 10:00:58 | 000,091,432 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe -- (FreeAgentGoFlex Service) SRV - [2010.11.22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2010.11.11 13:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2010.11.11 13:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2010.11.11 13:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService) SRV - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService) SRV - [2010.11.01 16:49:58 | 000,401,408 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService) SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.19 03:31:26 | 000,072,304 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.12.09 12:44:42 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2010.12.07 14:33:34 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.11.11 13:49:12 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2010.11.11 13:49:00 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2010.11.11 13:47:12 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd) DRV:64bit: - [2010.11.11 13:47:00 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2010.11.11 12:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2010.11.11 10:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2010.11.11 10:04:52 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb) DRV:64bit: - [2010.11.11 10:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2010.09.29 03:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.09.29 02:14:48 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.03.22 10:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.01.27 09:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2010.01.27 04:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2010.01.27 03:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf) DRV:64bit: - [2009.12.31 11:04:57 | 000,360,712 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2009.11.20 12:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2009.11.20 12:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.10.29 12:04:28 | 000,172,544 | ---- | M] (OMNIKEY) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cxbu0x64.sys -- (cxbu0x64) DRV:64bit: - [2009.09.23 02:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2009.09.23 02:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2009.09.23 02:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2009.09.16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle) DRV:64bit: - [2009.08.21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2007.01.24 16:24:12 | 000,046,616 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcblan.sys -- (RemoteControl-USBLAN) DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV - [2010.12.12 15:43:23 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64) DRV - [2010.12.12 15:43:07 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2010.08.19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.11.14 02:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60747 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 CA 13 AA 0F BF CC 01 [binary data] IE - HKCU\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.search.selectedEngine: "Google.de" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5 FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.5.3.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: H:\PROGRA~1\Visio\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: H:\PROGRA~1\Visio\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files (x86)\Crawler\Toolbar\firefox\ [2011.12.25 02:45:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.29 21:05:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.27 12:16:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.21 17:59:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.12.05 23:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions [2010.12.05 23:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.12.27 12:17:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions [2011.12.15 21:13:10 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2010.12.05 22:56:58 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.06.30 11:11:29 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\de-DE@dictionaries.addons.mozilla.org [2009.07.01 13:19:32 | 000,000,894 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8e7gwvkr.default\searchplugins\conduit.xml [2011.11.27 20:44:15 | 000,002,101 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8e7gwvkr.default\searchplugins\googlede.xml [2011.12.29 21:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions () (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI () (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI () (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{9D1F059C-CADA-4111-9696-41A62D64E3BA}.XPI () (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI () (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.12.29 21:05:24 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.10.03 19:04:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.03 19:04:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2007.07.26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml [2011.10.03 19:04:56 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.10.03 19:04:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.03 19:04:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.03 19:04:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll CHR - plugin: Webpage Screenshot Chrome Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\plugin/np.dll CHR - plugin: Screen Capture Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\plugin/npcapture.dll CHR - plugin: FireShot Chrome Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\legfpnnmhhnhjgekmmbkilmijnjoehne\0.92_0\plugin/npfireshot.dll CHR - plugin: FireShot Chrome Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\legfpnnmhhnhjgekmmbkilmijnjoehne\0.92_0\plugin/npfshtml.dll CHR - plugin: Harmony Firefox Plugin (Enabled) = C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll CHR - plugin: Google Update (Enabled) = C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\ CHR - Extension: YouTube = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.4.6.3_0\ CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.4.7.4_0\ CHR - Extension: Google-Suche = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Google-Suche = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\ CHR - Extension: Plugin helper for chrome = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\ CHR - Extension: Click to change the icon's color = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\legfpnnmhhnhjgekmmbkilmijnjoehne\0.92_0\ CHR - Extension: Google Mail = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ CHR - Extension: Google Mail = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No CLSID value found. O2 - BHO: (&Crawler Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com) O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - H:\Programme\Visio\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com) O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com) O3 - HKLM\..\Toolbar: (no name) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Flashget] C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows7FirewallControl] C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_Plugin.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm () O8:64bit: - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm () O8:64bit: - Extra context menu item: Crawler Search - tbr:iemenu File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm () O8 - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm () O8 - Extra context menu item: Crawler Search - tbr:iemenu File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com) O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE1D4120-E5ED-479C-AE53-79338240EB6A}: DhcpNameServer = 7.254.254.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB7DE6DF-2830-42C0-A30E-F3928516262A}: NameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\tbr - No CLSID value found O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.10.06 17:32:15 | 000,000,000 | ---D | M] - H:\Autodesk -- [ NTFS ] O33 - MountPoints2\{50945162-941b-11e0-a18b-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{50945162-941b-11e0-a18b-005056c00008}\Shell\AutoRun\command - "" = G:\iStudio.exe O33 - MountPoints2\{7aa50e66-5319-11e0-ad73-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{7aa50e66-5319-11e0-ad73-005056c00008}\Shell\AutoRun\command - "" = F:\setup.exe -a O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell - "" = AutoRun O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell\AutoRun\command - "" = E:\SETUP.EXE O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell\configure\command - "" = E:\SETUP.EXE O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell\install\command - "" = E:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.27 18:47:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.12.27 18:47:35 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Andreas\Desktop\esetsmartinstaller_enu.exe [2011.12.27 17:31:00 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\SUPERAntiSpyware.com [2011.12.27 17:30:42 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2011.12.27 17:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2011.12.27 17:30:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2011.12.27 12:19:00 | 013,732,320 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Andreas\Desktop\SUPERAntiSpyware.exe [2011.12.27 12:15:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.12.27 12:14:10 | 000,910,112 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Andreas\Desktop\jxpiinstall.exe [2011.12.25 16:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.12.25 12:16:31 | 003,562,624 | ---- | C] (Piriform Ltd) -- C:\Users\Andreas\Desktop\ccsetup314.exe [2011.12.25 12:00:57 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Malwarebytes [2011.12.25 12:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.25 12:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.25 12:00:49 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.12.25 12:00:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.12.25 11:59:37 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Andreas\Desktop\mbam-setup-1.51.2.1300.exe [2011.12.25 03:25:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe [2011.12.25 02:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar [2011.12.25 02:45:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Crawler [2011.12.25 02:45:08 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2011.12.25 02:42:23 | 000,799,832 | ---- | C] (Crawler.com ) -- C:\Users\Andreas\Desktop\Spyware30050TerminatorSetup.exe [2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Adobe [2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Adobe [2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2011.12.22 18:55:19 | 000,750,440 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPM5312.dll [2011.12.22 18:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2011.12.22 18:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2011.12.22 18:55:14 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2011.12.22 18:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP [2011.12.22 18:54:19 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\HP [2011.12.18 18:41:39 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Documents\Nexus Mod Manager [2011.12.18 18:41:39 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Black_Tree_Gaming [2011.12.18 18:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager [2011.12.18 18:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\Nexus Mod Manager [2011.12.16 13:58:24 | 000,000,000 | R--D | C] -- C:\Users\Andreas\Dropbox [2011.12.16 13:57:30 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2011.12.16 13:56:46 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Dropbox [2011.12.15 00:41:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2011.12.15 00:41:18 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.12.15 00:41:18 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011.12.15 00:41:18 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.12.15 00:41:18 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011.12.15 00:41:18 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.12.15 00:41:18 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.12.15 00:41:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.12.15 00:41:18 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.12.15 00:41:18 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.12.15 00:41:18 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.12.15 00:41:18 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.12.15 00:41:18 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011.12.15 00:41:18 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.12.15 00:41:18 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011.12.15 00:41:18 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2011.12.15 00:41:04 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2011.12.15 00:41:04 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2011.12.09 13:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard [2011.12.09 13:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard [2011.12.09 13:37:42 | 000,210,432 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmml118.dll [2011.12.09 13:37:42 | 000,193,592 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hppdcompio.dll [2011.12.09 13:37:42 | 000,182,784 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmpm081.dll [2011.12.09 13:37:42 | 000,167,480 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysWow64\hppccompio.dll [2011.12.09 13:37:42 | 000,157,696 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmja118.dll [2011.12.09 13:37:42 | 000,155,648 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmtp118.dll [2011.12.09 13:37:42 | 000,067,584 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmpw081.dll [2011.12.09 13:37:39 | 000,511,488 | ---- | C] (HP) -- C:\Windows\SysWow64\hpcdmc32.dll [2011.12.09 13:37:39 | 000,311,808 | ---- | C] (Hewlett-Packard Corporation) -- C:\Windows\SysNative\hpcpn118.dll [2011.12.09 13:36:29 | 000,000,000 | ---D | C] -- C:\HP Universal Print Driver [2011.12.05 14:00:41 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallJammer Registry [2011.12.05 14:00:36 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Application Data [2011.12.05 14:00:31 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GmoteServer [2011.12.05 14:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GmoteServer [2011.12.05 14:00:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GmoteServer [2011.12.05 13:39:42 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Desktop\vp71 [2011.12.05 13:33:52 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\vlc [2011.12.05 13:33:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.12.05 13:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2011.12.04 00:41:53 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Skyrim [4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.31 13:11:03 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2744733067-2877928380-3086995166-1000UA.job [2011.12.31 12:50:49 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.31 12:50:49 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.31 12:47:56 | 001,771,670 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.31 12:47:56 | 000,759,010 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.31 12:47:56 | 000,702,730 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.31 12:47:56 | 000,174,268 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.31 12:47:56 | 000,141,122 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.31 12:43:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.31 12:43:37 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys [2011.12.30 19:19:58 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat [2011.12.30 17:11:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2744733067-2877928380-3086995166-1000Core.job [2011.12.27 23:57:47 | 000,041,737 | ---- | M] () -- C:\Users\Andreas\Desktop\4.jpg [2011.12.27 23:57:34 | 000,043,150 | ---- | M] () -- C:\Users\Andreas\Desktop\3.jpg [2011.12.27 23:57:24 | 000,035,556 | ---- | M] () -- C:\Users\Andreas\Desktop\2.jpg [2011.12.27 23:57:11 | 000,035,633 | ---- | M] () -- C:\Users\Andreas\Desktop\1.jpg [2011.12.27 22:34:18 | 000,001,852 | ---- | M] () -- C:\Users\Andreas\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.12.27 22:33:48 | 000,040,359 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-27_223347.jpg [2011.12.27 22:33:36 | 000,039,310 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-27_223335.jpg [2011.12.27 22:33:23 | 000,038,623 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-27_223322.jpg [2011.12.27 22:33:06 | 000,039,328 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-27_223259.jpg [2011.12.27 18:47:35 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Andreas\Desktop\esetsmartinstaller_enu.exe [2011.12.27 12:23:17 | 000,137,950 | ---- | M] () -- C:\Users\Andreas\Desktop\cc_20111227_122304.reg [2011.12.27 12:19:32 | 013,732,320 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Andreas\Desktop\SUPERAntiSpyware.exe [2011.12.27 12:14:12 | 000,910,112 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Andreas\Desktop\jxpiinstall.exe [2011.12.25 16:19:26 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.12.25 12:16:34 | 003,562,624 | ---- | M] (Piriform Ltd) -- C:\Users\Andreas\Desktop\ccsetup314.exe [2011.12.25 12:00:52 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.25 11:59:37 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Andreas\Desktop\mbam-setup-1.51.2.1300.exe [2011.12.25 03:49:23 | 000,034,731 | ---- | M] () -- C:\Users\Andreas\Desktop\OTL.zip [2011.12.25 03:48:15 | 000,013,856 | ---- | M] () -- C:\Users\Andreas\Desktop\Extras.zip [2011.12.25 03:25:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe [2011.12.25 03:21:40 | 000,000,020 | ---- | M] () -- C:\Users\Andreas\defogger_reenable [2011.12.25 03:21:05 | 000,050,477 | ---- | M] () -- C:\Users\Andreas\Desktop\Defogger.exe [2011.12.25 02:45:08 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2011.12.25 02:42:25 | 000,799,832 | ---- | M] (Crawler.com ) -- C:\Users\Andreas\Desktop\Spyware30050TerminatorSetup.exe [2011.12.22 21:49:02 | 000,468,444 | ---- | M] () -- C:\Users\Andreas\Desktop\Unbenannt-1.psd [2011.12.22 18:55:18 | 000,002,224 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk [2011.12.22 18:55:18 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk [2011.12.22 18:55:18 | 000,001,224 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk [2011.12.22 18:55:18 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk [2011.12.18 18:48:44 | 000,001,478 | ---- | M] () -- C:\Users\Andreas\Desktop\Skyrim.lnk [2011.12.16 13:58:24 | 000,001,043 | ---- | M] () -- C:\Users\Andreas\Desktop\Dropbox.lnk [2011.12.16 13:57:34 | 000,001,023 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.12.15 10:53:45 | 000,323,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.12.14 11:22:09 | 000,002,010 | -H-- | M] () -- C:\Users\Andreas\Documents\Default.rdp [2011.12.13 15:32:53 | 001,440,354 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-13_153242.tif [2011.12.13 15:28:14 | 000,175,439 | ---- | M] () -- C:\Users\Andreas\AppData\Local\debuggee.mdmp [2011.12.09 16:38:14 | 000,265,294 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-09_163808.jpg [2011.12.09 13:37:55 | 000,000,000 | ---- | M] () -- C:\Windows\HPMProp.INI [2011.12.09 12:44:42 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.12.05 13:39:22 | 001,101,819 | ---- | M] () -- C:\Users\Andreas\Desktop\vp71.zip [2011.12.05 13:33:31 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.27 23:57:47 | 000,041,737 | ---- | C] () -- C:\Users\Andreas\Desktop\4.jpg [2011.12.27 23:57:34 | 000,043,150 | ---- | C] () -- C:\Users\Andreas\Desktop\3.jpg [2011.12.27 23:57:24 | 000,035,556 | ---- | C] () -- C:\Users\Andreas\Desktop\2.jpg [2011.12.27 23:57:11 | 000,035,633 | ---- | C] () -- C:\Users\Andreas\Desktop\1.jpg [2011.12.27 22:33:48 | 000,040,359 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-27_223347.jpg [2011.12.27 22:33:36 | 000,039,310 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-27_223335.jpg [2011.12.27 22:33:23 | 000,038,623 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-27_223322.jpg [2011.12.27 22:33:06 | 000,039,328 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-27_223259.jpg [2011.12.27 17:30:42 | 000,001,852 | ---- | C] () -- C:\Users\Andreas\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.12.27 12:23:09 | 000,137,950 | ---- | C] () -- C:\Users\Andreas\Desktop\cc_20111227_122304.reg [2011.12.25 16:19:26 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.12.25 12:00:52 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.25 03:49:23 | 000,034,731 | ---- | C] () -- C:\Users\Andreas\Desktop\OTL.zip [2011.12.25 03:48:15 | 000,013,856 | ---- | C] () -- C:\Users\Andreas\Desktop\Extras.zip [2011.12.25 03:21:40 | 000,000,020 | ---- | C] () -- C:\Users\Andreas\defogger_reenable [2011.12.25 03:21:04 | 000,050,477 | ---- | C] () -- C:\Users\Andreas\Desktop\Defogger.exe [2011.12.22 21:49:02 | 000,468,444 | ---- | C] () -- C:\Users\Andreas\Desktop\Unbenannt-1.psd [2011.12.22 18:55:22 | 000,000,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk [2011.12.22 18:55:18 | 000,002,224 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk [2011.12.22 18:55:18 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk [2011.12.22 18:55:18 | 000,001,224 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk [2011.12.22 18:55:18 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk [2011.12.18 18:48:50 | 000,001,478 | ---- | C] () -- C:\Users\Andreas\Desktop\Skyrim.lnk [2011.12.16 13:58:24 | 000,001,043 | ---- | C] () -- C:\Users\Andreas\Desktop\Dropbox.lnk [2011.12.16 13:57:34 | 000,001,023 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.12.13 15:32:53 | 001,440,354 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-13_153242.tif [2011.12.09 16:38:14 | 000,265,294 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-09_163808.jpg [2011.12.09 13:37:55 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI [2011.12.09 13:37:39 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\hpcc3118.dll [2011.12.05 13:39:19 | 001,101,819 | ---- | C] () -- C:\Users\Andreas\Desktop\vp71.zip [2011.12.05 13:33:31 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.11.04 01:03:36 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe [2011.11.01 15:10:20 | 000,175,439 | ---- | C] () -- C:\Users\Andreas\AppData\Local\debuggee.mdmp [2011.10.08 14:28:17 | 001,995,776 | ---- | C] () -- C:\Windows\SysWow64\cxcore200.dll [2011.10.08 14:28:17 | 001,623,040 | ---- | C] () -- C:\Windows\SysWow64\cv200.dll [2011.10.08 14:28:16 | 001,174,467 | ---- | C] () -- C:\Windows\unins000.exe [2011.10.08 14:28:16 | 000,010,123 | ---- | C] () -- C:\Windows\unins000.dat [2011.10.07 14:31:05 | 000,000,316 | ---- | C] () -- C:\Windows\ODBC.INI [2011.07.10 14:41:28 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI [2011.05.24 22:06:22 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011.05.08 16:50:42 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll [2011.05.08 16:50:13 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.12.29 23:37:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat [2010.12.22 19:07:26 | 000,000,551 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\AutoGK.ini [2010.12.15 13:18:38 | 000,010,752 | ---- | C] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.13 16:29:32 | 000,000,600 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\winscp.rnd [2010.12.10 17:07:57 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2010.12.10 14:11:50 | 001,752,372 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.12.08 14:12:55 | 000,002,063 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat [2010.12.08 14:11:47 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI [2010.12.05 23:05:05 | 000,007,605 | ---- | C] () -- C:\Users\Andreas\AppData\Local\resmon.resmoncfg [2010.12.05 21:31:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.12.05 21:30:09 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.12.05 20:56:15 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2010.12.05 20:53:29 | 000,072,304 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe [2010.12.05 20:49:53 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2010.01.27 03:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2009.08.27 08:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.01.25 22:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009.01.09 00:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2002.10.15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2002.09.17 23:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe ========== LOP Check ========== [2011.01.05 17:01:49 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\.minecraft [2011.12.22 18:47:09 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ALFBanCo4 [2011.05.03 12:27:23 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Autodesk [2010.12.09 21:55:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\BITS [2011.09.04 21:30:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Braid [2011.08.11 15:41:21 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Brawsome [2011.01.10 18:03:20 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Broken Rules [2010.12.08 16:51:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Canneverbe Limited [2010.12.13 00:46:56 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Cherry [2011.12.25 17:48:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DAEMON Tools Lite [2011.01.10 22:23:00 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DocClockGame [2011.12.31 12:44:48 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Dropbox [2011.08.13 19:16:42 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DVDVideoSoft [2011.08.13 12:35:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers [2011.08.10 20:00:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FireShot [2010.12.10 13:43:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FlashGet [2010.12.08 14:11:41 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FlashGetBHO [2011.11.12 13:29:30 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\fotw [2010.12.12 04:23:52 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Foxit Software [2011.07.10 14:45:43 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Fujitsu [2011.03.06 18:42:08 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\gtk-2.0 [2010.12.22 15:18:46 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\HandBrake [2011.11.05 12:40:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Heinz Nixdorf Institut [2011.03.07 15:03:55 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\JavaEditor [2011.08.21 22:43:59 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\LucasArts [2011.11.13 22:47:26 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Nicalis [2011.02.27 21:18:55 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Nokia [2011.01.07 14:12:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\OpenOffice.org [2011.07.10 14:47:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PFU [2010.12.13 22:49:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PMS [2011.02.24 16:45:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Processing [2010.12.05 21:41:45 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\QIP [2011.10.07 14:53:59 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Subversion [2011.08.11 00:03:46 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\System [2010.12.17 15:35:28 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Systweak [2010.12.05 23:34:20 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Thunderbird [2011.12.29 13:35:09 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TS3Client [2011.02.13 19:25:39 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Tunngle [2011.11.04 01:03:50 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\VDownloader [2011.11.14 00:08:17 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Wargaming.net [2011.08.11 00:10:53 | 000,000,000 | -HSD | M] -- C:\Users\Andreas\AppData\Roaming\wyUpdate AU [2011.12.03 11:46:51 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
01.01.2012, 19:08 | #13 |
| BKA/Ukash-Trojaner/Virus und seine Folgen Extra.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.12.2011 13:41:58 - Run 4 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Andreas\Desktop 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 59,84% Memory free 7,99 Gb Paging File | 5,44 Gb Available in Paging File | 68,06% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 55,80 Gb Total Space | 3,55 Gb Free Space | 6,37% Space Free | Partition Type: NTFS Drive D: | 372,61 Gb Total Space | 26,78 Gb Free Space | 7,19% Space Free | Partition Type: NTFS Drive E: | 7,51 Gb Total Space | 2,22 Gb Free Space | 29,52% Space Free | Partition Type: FAT32 Drive F: | 931,51 Gb Total Space | 744,63 Gb Free Space | 79,94% Space Free | Partition Type: NTFS Drive H: | 931,51 Gb Total Space | 638,06 Gb Free Space | 68,50% Space Free | Partition Type: NTFS Computer Name: ANDREAS-PC | User Name: Andreas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.29 21:05:24 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011.12.25 03:25:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe PRC - [2011.12.05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2011.11.10 10:43:32 | 000,399,512 | ---- | M] (Mozilla Messaging) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.02.22 20:52:54 | 000,086,016 | ---- | M] () -- C:\Programme\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe PRC - [2011.02.10 10:00:58 | 000,091,432 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe PRC - [2010.11.24 14:02:50 | 005,853,056 | ---- | M] (QIP) -- C:\Program Files (x86)\jeak.de\QIP 2010\qip.exe PRC - [2010.11.22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe PRC - [2010.11.11 13:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2010.11.11 13:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2010.11.11 13:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe PRC - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe PRC - [2010.11.01 17:09:12 | 000,802,816 | ---- | M] (Sphinx Software) -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe PRC - [2010.11.01 16:49:58 | 000,401,408 | ---- | M] (Sphinx Software) -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe PRC - [2010.01.19 03:31:26 | 000,072,304 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe PRC - [2009.12.21 08:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe PRC - [2007.09.25 09:10:50 | 002,007,088 | ---- | M] (FlashGet.com) -- C:\Program Files (x86)\FlashGet\flashget.exe ========== Modules (No Company Name) ========== MOD - [2011.12.29 21:05:24 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011.12.13 16:57:50 | 000,071,680 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\gecko9\WINNT_x86-msvc\SSSLauncher.dll MOD - [2011.11.10 10:43:33 | 001,988,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll MOD - [2011.11.10 10:43:32 | 000,161,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll MOD - [2011.11.10 10:43:32 | 000,021,656 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll MOD - [2010.11.24 14:03:02 | 000,483,712 | ---- | M] () -- C:\Program Files (x86)\jeak.de\QIP 2010\Protos\Social\Social.dll MOD - [2010.11.24 14:03:02 | 000,048,000 | ---- | M] () -- C:\Program Files (x86)\jeak.de\QIP 2010\Protos\MRA\pics.dll MOD - [2010.11.24 14:03:00 | 002,367,872 | ---- | M] () -- C:\Program Files (x86)\jeak.de\QIP 2010\Protos\MRA\MRA.dll MOD - [2010.11.24 14:02:58 | 002,654,080 | ---- | M] () -- C:\Program Files (x86)\jeak.de\QIP 2010\Protos\InfICQ\InfICQ.dll MOD - [2010.11.24 14:02:56 | 000,087,424 | ---- | M] () -- C:\Program Files (x86)\jeak.de\QIP 2010\Core\WebWindow.dll MOD - [2007.06.15 07:35:38 | 000,626,688 | ---- | M] () -- C:\Program Files (x86)\FlashGet\FGBTCORE.dll MOD - [2007.06.14 11:52:06 | 001,327,184 | ---- | M] () -- C:\Program Files (x86)\FlashGet\FGEMCORE.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.08.12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV:64bit: - [2011.05.03 13:12:03 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:64bit: - [2011.02.22 20:52:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe -- (mi-raysat_3dsmax2012_64) SRV:64bit: - [2010.09.29 02:51:08 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2008.07.29 12:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90) SRV - [2011.12.08 22:21:05 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.02.10 10:00:58 | 000,091,432 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe -- (FreeAgentGoFlex Service) SRV - [2010.11.22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2010.11.11 13:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2010.11.11 13:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2010.11.11 13:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService) SRV - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService) SRV - [2010.11.01 16:49:58 | 000,401,408 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService) SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.19 03:31:26 | 000,072,304 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.12.09 12:44:42 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2010.12.07 14:33:34 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.11.11 13:49:12 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2010.11.11 13:49:00 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2010.11.11 13:47:12 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd) DRV:64bit: - [2010.11.11 13:47:00 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2010.11.11 12:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2010.11.11 10:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2010.11.11 10:04:52 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb) DRV:64bit: - [2010.11.11 10:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2010.09.29 03:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.09.29 02:14:48 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.03.22 10:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.01.27 09:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2010.01.27 04:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2010.01.27 03:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf) DRV:64bit: - [2009.12.31 11:04:57 | 000,360,712 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2009.11.20 12:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2009.11.20 12:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.10.29 12:04:28 | 000,172,544 | ---- | M] (OMNIKEY) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cxbu0x64.sys -- (cxbu0x64) DRV:64bit: - [2009.09.23 02:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2009.09.23 02:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2009.09.23 02:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2009.09.16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle) DRV:64bit: - [2009.08.21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2007.01.24 16:24:12 | 000,046,616 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcblan.sys -- (RemoteControl-USBLAN) DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV - [2010.12.12 15:43:23 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64) DRV - [2010.12.12 15:43:07 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2010.08.19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.11.14 02:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60747 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 CA 13 AA 0F BF CC 01 [binary data] IE - HKCU\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.search.selectedEngine: "Google.de" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5 FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.5.3.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: H:\PROGRA~1\Visio\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: H:\PROGRA~1\Visio\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files (x86)\Crawler\Toolbar\firefox\ [2011.12.25 02:45:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.29 21:05:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.27 12:16:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.21 17:59:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.12.05 23:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions [2010.12.05 23:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.12.27 12:17:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions [2011.12.15 21:13:10 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2010.12.05 22:56:58 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.06.30 11:11:29 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\de-DE@dictionaries.addons.mozilla.org [2009.07.01 13:19:32 | 000,000,894 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8e7gwvkr.default\searchplugins\conduit.xml [2011.11.27 20:44:15 | 000,002,101 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8e7gwvkr.default\searchplugins\googlede.xml [2011.12.29 21:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions () (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI () (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI () (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{9D1F059C-CADA-4111-9696-41A62D64E3BA}.XPI () (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI () (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.12.29 21:05:24 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.10.03 19:04:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.03 19:04:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2007.07.26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml [2011.10.03 19:04:56 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.10.03 19:04:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.03 19:04:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.03 19:04:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll CHR - plugin: Webpage Screenshot Chrome Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\plugin/np.dll CHR - plugin: Screen Capture Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\plugin/npcapture.dll CHR - plugin: FireShot Chrome Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\legfpnnmhhnhjgekmmbkilmijnjoehne\0.92_0\plugin/npfireshot.dll CHR - plugin: FireShot Chrome Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\legfpnnmhhnhjgekmmbkilmijnjoehne\0.92_0\plugin/npfshtml.dll CHR - plugin: Harmony Firefox Plugin (Enabled) = C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll CHR - plugin: Google Update (Enabled) = C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\ CHR - Extension: YouTube = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.4.6.3_0\ CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.4.7.4_0\ CHR - Extension: Google-Suche = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Google-Suche = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\ CHR - Extension: Plugin helper for chrome = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\ CHR - Extension: Click to change the icon's color = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\legfpnnmhhnhjgekmmbkilmijnjoehne\0.92_0\ CHR - Extension: Google Mail = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ CHR - Extension: Google Mail = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No CLSID value found. O2 - BHO: (&Crawler Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com) O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - H:\Programme\Visio\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com) O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com) O3 - HKLM\..\Toolbar: (no name) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Flashget] C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows7FirewallControl] C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_Plugin.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm () O8:64bit: - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm () O8:64bit: - Extra context menu item: Crawler Search - tbr:iemenu File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm () O8 - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm () O8 - Extra context menu item: Crawler Search - tbr:iemenu File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com) O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE1D4120-E5ED-479C-AE53-79338240EB6A}: DhcpNameServer = 7.254.254.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB7DE6DF-2830-42C0-A30E-F3928516262A}: NameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\tbr - No CLSID value found O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.10.06 17:32:15 | 000,000,000 | ---D | M] - H:\Autodesk -- [ NTFS ] O33 - MountPoints2\{50945162-941b-11e0-a18b-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{50945162-941b-11e0-a18b-005056c00008}\Shell\AutoRun\command - "" = G:\iStudio.exe O33 - MountPoints2\{7aa50e66-5319-11e0-ad73-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{7aa50e66-5319-11e0-ad73-005056c00008}\Shell\AutoRun\command - "" = F:\setup.exe -a O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell - "" = AutoRun O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell\AutoRun\command - "" = E:\SETUP.EXE O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell\configure\command - "" = E:\SETUP.EXE O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell\install\command - "" = E:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.27 18:47:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.12.27 18:47:35 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Andreas\Desktop\esetsmartinstaller_enu.exe [2011.12.27 17:31:00 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\SUPERAntiSpyware.com [2011.12.27 17:30:42 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2011.12.27 17:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2011.12.27 17:30:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2011.12.27 12:19:00 | 013,732,320 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Andreas\Desktop\SUPERAntiSpyware.exe [2011.12.27 12:15:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.12.27 12:14:10 | 000,910,112 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Andreas\Desktop\jxpiinstall.exe [2011.12.25 16:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.12.25 12:16:31 | 003,562,624 | ---- | C] (Piriform Ltd) -- C:\Users\Andreas\Desktop\ccsetup314.exe [2011.12.25 12:00:57 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Malwarebytes [2011.12.25 12:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.25 12:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.25 12:00:49 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.12.25 12:00:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.12.25 11:59:37 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Andreas\Desktop\mbam-setup-1.51.2.1300.exe [2011.12.25 03:25:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe [2011.12.25 02:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar [2011.12.25 02:45:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Crawler [2011.12.25 02:45:08 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2011.12.25 02:42:23 | 000,799,832 | ---- | C] (Crawler.com ) -- C:\Users\Andreas\Desktop\Spyware30050TerminatorSetup.exe [2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Adobe [2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Adobe [2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2011.12.22 18:55:19 | 000,750,440 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPM5312.dll [2011.12.22 18:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2011.12.22 18:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2011.12.22 18:55:14 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2011.12.22 18:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP [2011.12.22 18:54:19 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\HP [2011.12.18 18:41:39 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Documents\Nexus Mod Manager [2011.12.18 18:41:39 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Black_Tree_Gaming [2011.12.18 18:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager [2011.12.18 18:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\Nexus Mod Manager [2011.12.16 13:58:24 | 000,000,000 | R--D | C] -- C:\Users\Andreas\Dropbox [2011.12.16 13:57:30 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2011.12.16 13:56:46 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Dropbox [2011.12.15 00:41:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2011.12.15 00:41:18 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.12.15 00:41:18 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011.12.15 00:41:18 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.12.15 00:41:18 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011.12.15 00:41:18 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.12.15 00:41:18 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.12.15 00:41:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.12.15 00:41:18 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.12.15 00:41:18 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.12.15 00:41:18 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.12.15 00:41:18 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.12.15 00:41:18 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011.12.15 00:41:18 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.12.15 00:41:18 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011.12.15 00:41:18 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2011.12.15 00:41:04 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2011.12.15 00:41:04 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2011.12.09 13:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard [2011.12.09 13:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard [2011.12.09 13:37:42 | 000,210,432 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmml118.dll [2011.12.09 13:37:42 | 000,193,592 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hppdcompio.dll [2011.12.09 13:37:42 | 000,182,784 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmpm081.dll [2011.12.09 13:37:42 | 000,167,480 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysWow64\hppccompio.dll [2011.12.09 13:37:42 | 000,157,696 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmja118.dll [2011.12.09 13:37:42 | 000,155,648 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmtp118.dll [2011.12.09 13:37:42 | 000,067,584 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmpw081.dll [2011.12.09 13:37:39 | 000,511,488 | ---- | C] (HP) -- C:\Windows\SysWow64\hpcdmc32.dll [2011.12.09 13:37:39 | 000,311,808 | ---- | C] (Hewlett-Packard Corporation) -- C:\Windows\SysNative\hpcpn118.dll [2011.12.09 13:36:29 | 000,000,000 | ---D | C] -- C:\HP Universal Print Driver [2011.12.05 14:00:41 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallJammer Registry [2011.12.05 14:00:36 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Application Data [2011.12.05 14:00:31 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GmoteServer [2011.12.05 14:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GmoteServer [2011.12.05 14:00:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GmoteServer [2011.12.05 13:39:42 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Desktop\vp71 [2011.12.05 13:33:52 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\vlc [2011.12.05 13:33:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.12.05 13:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2011.12.04 00:41:53 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Skyrim [4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.31 13:11:03 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2744733067-2877928380-3086995166-1000UA.job [2011.12.31 12:50:49 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.31 12:50:49 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.31 12:47:56 | 001,771,670 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.31 12:47:56 | 000,759,010 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.31 12:47:56 | 000,702,730 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.31 12:47:56 | 000,174,268 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.31 12:47:56 | 000,141,122 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.31 12:43:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.31 12:43:37 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys [2011.12.30 19:19:58 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat [2011.12.30 17:11:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2744733067-2877928380-3086995166-1000Core.job [2011.12.27 23:57:47 | 000,041,737 | ---- | M] () -- C:\Users\Andreas\Desktop\4.jpg [2011.12.27 23:57:34 | 000,043,150 | ---- | M] () -- C:\Users\Andreas\Desktop\3.jpg [2011.12.27 23:57:24 | 000,035,556 | ---- | M] () -- C:\Users\Andreas\Desktop\2.jpg [2011.12.27 23:57:11 | 000,035,633 | ---- | M] () -- C:\Users\Andreas\Desktop\1.jpg [2011.12.27 22:34:18 | 000,001,852 | ---- | M] () -- C:\Users\Andreas\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.12.27 22:33:48 | 000,040,359 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-27_223347.jpg [2011.12.27 22:33:36 | 000,039,310 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-27_223335.jpg [2011.12.27 22:33:23 | 000,038,623 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-27_223322.jpg [2011.12.27 22:33:06 | 000,039,328 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-27_223259.jpg [2011.12.27 18:47:35 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Andreas\Desktop\esetsmartinstaller_enu.exe [2011.12.27 12:23:17 | 000,137,950 | ---- | M] () -- C:\Users\Andreas\Desktop\cc_20111227_122304.reg [2011.12.27 12:19:32 | 013,732,320 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Andreas\Desktop\SUPERAntiSpyware.exe [2011.12.27 12:14:12 | 000,910,112 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Andreas\Desktop\jxpiinstall.exe [2011.12.25 16:19:26 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.12.25 12:16:34 | 003,562,624 | ---- | M] (Piriform Ltd) -- C:\Users\Andreas\Desktop\ccsetup314.exe [2011.12.25 12:00:52 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.25 11:59:37 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Andreas\Desktop\mbam-setup-1.51.2.1300.exe [2011.12.25 03:49:23 | 000,034,731 | ---- | M] () -- C:\Users\Andreas\Desktop\OTL.zip [2011.12.25 03:48:15 | 000,013,856 | ---- | M] () -- C:\Users\Andreas\Desktop\Extras.zip [2011.12.25 03:25:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe [2011.12.25 03:21:40 | 000,000,020 | ---- | M] () -- C:\Users\Andreas\defogger_reenable [2011.12.25 03:21:05 | 000,050,477 | ---- | M] () -- C:\Users\Andreas\Desktop\Defogger.exe [2011.12.25 02:45:08 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2011.12.25 02:42:25 | 000,799,832 | ---- | M] (Crawler.com ) -- C:\Users\Andreas\Desktop\Spyware30050TerminatorSetup.exe [2011.12.22 21:49:02 | 000,468,444 | ---- | M] () -- C:\Users\Andreas\Desktop\Unbenannt-1.psd [2011.12.22 18:55:18 | 000,002,224 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk [2011.12.22 18:55:18 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk [2011.12.22 18:55:18 | 000,001,224 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk [2011.12.22 18:55:18 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk [2011.12.18 18:48:44 | 000,001,478 | ---- | M] () -- C:\Users\Andreas\Desktop\Skyrim.lnk [2011.12.16 13:58:24 | 000,001,043 | ---- | M] () -- C:\Users\Andreas\Desktop\Dropbox.lnk [2011.12.16 13:57:34 | 000,001,023 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.12.15 10:53:45 | 000,323,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.12.14 11:22:09 | 000,002,010 | -H-- | M] () -- C:\Users\Andreas\Documents\Default.rdp [2011.12.13 15:32:53 | 001,440,354 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-13_153242.tif [2011.12.13 15:28:14 | 000,175,439 | ---- | M] () -- C:\Users\Andreas\AppData\Local\debuggee.mdmp [2011.12.09 16:38:14 | 000,265,294 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-09_163808.jpg [2011.12.09 13:37:55 | 000,000,000 | ---- | M] () -- C:\Windows\HPMProp.INI [2011.12.09 12:44:42 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.12.05 13:39:22 | 001,101,819 | ---- | M] () -- C:\Users\Andreas\Desktop\vp71.zip [2011.12.05 13:33:31 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.27 23:57:47 | 000,041,737 | ---- | C] () -- C:\Users\Andreas\Desktop\4.jpg [2011.12.27 23:57:34 | 000,043,150 | ---- | C] () -- C:\Users\Andreas\Desktop\3.jpg [2011.12.27 23:57:24 | 000,035,556 | ---- | C] () -- C:\Users\Andreas\Desktop\2.jpg [2011.12.27 23:57:11 | 000,035,633 | ---- | C] () -- C:\Users\Andreas\Desktop\1.jpg [2011.12.27 22:33:48 | 000,040,359 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-27_223347.jpg [2011.12.27 22:33:36 | 000,039,310 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-27_223335.jpg [2011.12.27 22:33:23 | 000,038,623 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-27_223322.jpg [2011.12.27 22:33:06 | 000,039,328 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-27_223259.jpg [2011.12.27 17:30:42 | 000,001,852 | ---- | C] () -- C:\Users\Andreas\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.12.27 12:23:09 | 000,137,950 | ---- | C] () -- C:\Users\Andreas\Desktop\cc_20111227_122304.reg [2011.12.25 16:19:26 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.12.25 12:00:52 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.25 03:49:23 | 000,034,731 | ---- | C] () -- C:\Users\Andreas\Desktop\OTL.zip [2011.12.25 03:48:15 | 000,013,856 | ---- | C] () -- C:\Users\Andreas\Desktop\Extras.zip [2011.12.25 03:21:40 | 000,000,020 | ---- | C] () -- C:\Users\Andreas\defogger_reenable [2011.12.25 03:21:04 | 000,050,477 | ---- | C] () -- C:\Users\Andreas\Desktop\Defogger.exe [2011.12.22 21:49:02 | 000,468,444 | ---- | C] () -- C:\Users\Andreas\Desktop\Unbenannt-1.psd [2011.12.22 18:55:22 | 000,000,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk [2011.12.22 18:55:18 | 000,002,224 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk [2011.12.22 18:55:18 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk [2011.12.22 18:55:18 | 000,001,224 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk [2011.12.22 18:55:18 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk [2011.12.18 18:48:50 | 000,001,478 | ---- | C] () -- C:\Users\Andreas\Desktop\Skyrim.lnk [2011.12.16 13:58:24 | 000,001,043 | ---- | C] () -- C:\Users\Andreas\Desktop\Dropbox.lnk [2011.12.16 13:57:34 | 000,001,023 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.12.13 15:32:53 | 001,440,354 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-13_153242.tif [2011.12.09 16:38:14 | 000,265,294 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-09_163808.jpg [2011.12.09 13:37:55 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI [2011.12.09 13:37:39 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\hpcc3118.dll [2011.12.05 13:39:19 | 001,101,819 | ---- | C] () -- C:\Users\Andreas\Desktop\vp71.zip [2011.12.05 13:33:31 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.11.04 01:03:36 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe [2011.11.01 15:10:20 | 000,175,439 | ---- | C] () -- C:\Users\Andreas\AppData\Local\debuggee.mdmp [2011.10.08 14:28:17 | 001,995,776 | ---- | C] () -- C:\Windows\SysWow64\cxcore200.dll [2011.10.08 14:28:17 | 001,623,040 | ---- | C] () -- C:\Windows\SysWow64\cv200.dll [2011.10.08 14:28:16 | 001,174,467 | ---- | C] () -- C:\Windows\unins000.exe [2011.10.08 14:28:16 | 000,010,123 | ---- | C] () -- C:\Windows\unins000.dat [2011.10.07 14:31:05 | 000,000,316 | ---- | C] () -- C:\Windows\ODBC.INI [2011.07.10 14:41:28 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI [2011.05.24 22:06:22 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011.05.08 16:50:42 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll [2011.05.08 16:50:13 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.12.29 23:37:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat [2010.12.22 19:07:26 | 000,000,551 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\AutoGK.ini [2010.12.15 13:18:38 | 000,010,752 | ---- | C] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.13 16:29:32 | 000,000,600 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\winscp.rnd [2010.12.10 17:07:57 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2010.12.10 14:11:50 | 001,752,372 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.12.08 14:12:55 | 000,002,063 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat [2010.12.08 14:11:47 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI [2010.12.05 23:05:05 | 000,007,605 | ---- | C] () -- C:\Users\Andreas\AppData\Local\resmon.resmoncfg [2010.12.05 21:31:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.12.05 21:30:09 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.12.05 20:56:15 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2010.12.05 20:53:29 | 000,072,304 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe [2010.12.05 20:49:53 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2010.01.27 03:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2009.08.27 08:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.01.25 22:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009.01.09 00:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2002.10.15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2002.09.17 23:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe ========== LOP Check ========== [2011.01.05 17:01:49 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\.minecraft [2011.12.22 18:47:09 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ALFBanCo4 [2011.05.03 12:27:23 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Autodesk [2010.12.09 21:55:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\BITS [2011.09.04 21:30:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Braid [2011.08.11 15:41:21 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Brawsome [2011.01.10 18:03:20 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Broken Rules [2010.12.08 16:51:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Canneverbe Limited [2010.12.13 00:46:56 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Cherry [2011.12.25 17:48:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DAEMON Tools Lite [2011.01.10 22:23:00 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DocClockGame [2011.12.31 12:44:48 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Dropbox [2011.08.13 19:16:42 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DVDVideoSoft [2011.08.13 12:35:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers [2011.08.10 20:00:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FireShot [2010.12.10 13:43:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FlashGet [2010.12.08 14:11:41 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FlashGetBHO [2011.11.12 13:29:30 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\fotw [2010.12.12 04:23:52 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Foxit Software [2011.07.10 14:45:43 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Fujitsu [2011.03.06 18:42:08 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\gtk-2.0 [2010.12.22 15:18:46 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\HandBrake [2011.11.05 12:40:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Heinz Nixdorf Institut [2011.03.07 15:03:55 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\JavaEditor [2011.08.21 22:43:59 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\LucasArts [2011.11.13 22:47:26 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Nicalis [2011.02.27 21:18:55 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Nokia [2011.01.07 14:12:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\OpenOffice.org [2011.07.10 14:47:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PFU [2010.12.13 22:49:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PMS [2011.02.24 16:45:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Processing [2010.12.05 21:41:45 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\QIP [2011.10.07 14:53:59 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Subversion [2011.08.11 00:03:46 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\System [2010.12.17 15:35:28 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Systweak [2010.12.05 23:34:20 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Thunderbird [2011.12.29 13:35:09 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TS3Client [2011.02.13 19:25:39 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Tunngle [2011.11.04 01:03:50 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\VDownloader [2011.11.14 00:08:17 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Wargaming.net [2011.08.11 00:10:53 | 000,000,000 | -HSD | M] -- C:\Users\Andreas\AppData\Roaming\wyUpdate AU [2011.12.03 11:46:51 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > [/Code] |
02.01.2012, 13:09 | #14 | |
/// Helfer-Team | BKA/Ukash-Trojaner/Virus und seine Folgen 1. Zitat:
Code:
ATTFilter :OTL IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60747 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp IE - HKCU\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com) FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.search.useDBForOrder: true FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) [2011.10.03 19:04:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2007.07.26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml [2011.10.03 19:04:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No CLSID value found. O2 - BHO: (&Crawler Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com) O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com) O3 - HKLM\..\Toolbar: (no name) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O8:64bit: - Extra context menu item: Crawler Search - tbr:iemenu File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Crawler Search - tbr:iemenu File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{50945162-941b-11e0-a18b-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{50945162-941b-11e0-a18b-005056c00008}\Shell\AutoRun\command - "" = G:\iStudio.exe O33 - MountPoints2\{7aa50e66-5319-11e0-ad73-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{7aa50e66-5319-11e0-ad73-005056c00008}\Shell\AutoRun\command - "" = F:\setup.exe -a O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell - "" = AutoRun O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell\AutoRun\command - "" = E:\SETUP.EXE O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell\configure\command - "" = E:\SETUP.EXE O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell\install\command - "" = E:\SETUP.EXE [2011.12.25 02:45:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Crawler [2011.12.31 13:11:03 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2744733067-2877928380-3086995166-1000UA.job [2011.12.30 17:11:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2744733067-2877928380-3086995166-1000Core.job :Commands [purity] [emptytemp]
2. erneut einen Scan mit OTL:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
02.01.2012, 13:58 | #15 |
| BKA/Ukash-Trojaner/Virus und seine Folgen OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.01.2012 13:53:05 - Run 5 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Andreas\Desktop 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 59,06% Memory free 7,99 Gb Paging File | 5,99 Gb Available in Paging File | 74,97% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 55,80 Gb Total Space | 3,35 Gb Free Space | 6,01% Space Free | Partition Type: NTFS Drive D: | 372,61 Gb Total Space | 26,29 Gb Free Space | 7,06% Space Free | Partition Type: NTFS Drive H: | 931,51 Gb Total Space | 637,92 Gb Free Space | 68,48% Space Free | Partition Type: NTFS Computer Name: ANDREAS-PC | User Name: Andreas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.25 03:25:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.12.05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.08.19 10:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2011.08.12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe PRC - [2011.08.12 12:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe PRC - [2011.08.12 12:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe PRC - [2011.02.22 20:52:54 | 000,086,016 | ---- | M] () -- C:\Programme\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe PRC - [2011.02.10 10:00:58 | 000,091,432 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe PRC - [2010.11.22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe PRC - [2010.11.11 13:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2010.11.11 13:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2010.11.11 13:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe PRC - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe PRC - [2010.11.01 17:09:12 | 000,802,816 | ---- | M] (Sphinx Software) -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe PRC - [2010.11.01 16:49:58 | 000,401,408 | ---- | M] (Sphinx Software) -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe PRC - [2010.01.19 03:31:26 | 000,072,304 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe PRC - [2009.12.21 08:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe PRC - [2007.09.25 09:10:50 | 002,007,088 | ---- | M] (FlashGet.com) -- C:\Program Files (x86)\FlashGet\flashget.exe ========== Modules (No Company Name) ========== MOD - [2011.08.22 15:47:44 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll MOD - [2011.08.12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe MOD - [2011.08.12 12:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll MOD - [2011.08.12 12:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll MOD - [2011.08.12 12:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll MOD - [2011.08.12 12:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll MOD - [2011.08.12 12:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll MOD - [2011.08.12 12:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe MOD - [2007.06.15 07:35:38 | 000,626,688 | ---- | M] () -- C:\Program Files (x86)\FlashGet\FGBTCORE.dll MOD - [2007.06.14 11:52:06 | 001,327,184 | ---- | M] () -- C:\Program Files (x86)\FlashGet\FGEMCORE.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.08.12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV:64bit: - [2011.05.03 13:12:03 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:64bit: - [2011.02.22 20:52:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe -- (mi-raysat_3dsmax2012_64) SRV:64bit: - [2010.09.29 02:51:08 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2008.07.29 12:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90) SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.12.08 22:21:05 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.19 10:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011.02.10 10:00:58 | 000,091,432 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe -- (FreeAgentGoFlex Service) SRV - [2010.11.22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2010.11.11 13:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2010.11.11 13:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2010.11.11 13:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService) SRV - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService) SRV - [2010.11.01 16:49:58 | 000,401,408 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService) SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.19 03:31:26 | 000,072,304 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.12.09 12:44:42 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.08.19 10:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam C160(UVC) DRV:64bit: - [2011.08.19 10:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2010.12.07 14:33:34 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.11.11 13:49:12 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2010.11.11 13:49:00 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2010.11.11 13:47:12 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd) DRV:64bit: - [2010.11.11 13:47:00 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2010.11.11 12:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2010.11.11 10:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2010.11.11 10:04:52 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb) DRV:64bit: - [2010.11.11 10:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2010.09.29 03:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.09.29 02:14:48 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.03.22 10:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.01.27 09:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2010.01.27 04:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2010.01.27 03:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf) DRV:64bit: - [2009.12.31 11:04:57 | 000,360,712 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2009.11.20 12:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2009.11.20 12:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.10.29 12:04:28 | 000,172,544 | ---- | M] (OMNIKEY) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cxbu0x64.sys -- (cxbu0x64) DRV:64bit: - [2009.09.23 02:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2009.09.23 02:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2009.09.23 02:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2009.09.16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle) DRV:64bit: - [2009.08.21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2007.01.24 16:24:12 | 000,046,616 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcblan.sys -- (RemoteControl-USBLAN) DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV - [2010.12.12 15:43:23 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64) DRV - [2010.12.12 15:43:07 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2010.08.19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.11.14 02:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 CA 13 AA 0F BF CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.param.yahoo-fr: "" FF - prefs.js..browser.search.selectedEngine: "Google.de" FF - prefs.js..browser.search.useDBForOrder: "" FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5 FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.5.3.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: H:\PROGRA~1\Visio\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: H:\PROGRA~1\Visio\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files (x86)\Crawler\Toolbar\firefox\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.29 21:05:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.27 12:16:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.21 17:59:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.12.05 23:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions [2010.12.05 23:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.12.27 12:17:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions [2011.12.15 21:13:10 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2010.12.05 22:56:58 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.06.30 11:11:29 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\de-DE@dictionaries.addons.mozilla.org [2009.07.01 13:19:32 | 000,000,894 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8e7gwvkr.default\searchplugins\conduit.xml [2011.11.27 20:44:15 | 000,002,101 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8e7gwvkr.default\searchplugins\googlede.xml [2011.12.29 21:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions () (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI () (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI () (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{9D1F059C-CADA-4111-9696-41A62D64E3BA}.XPI () (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI () (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.12.29 21:05:24 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.10.03 19:04:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.03 19:04:56 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.10.03 19:04:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.03 19:04:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll CHR - plugin: Webpage Screenshot Chrome Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\plugin/np.dll CHR - plugin: Screen Capture Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\plugin/npcapture.dll CHR - plugin: FireShot Chrome Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\legfpnnmhhnhjgekmmbkilmijnjoehne\0.92_0\plugin/npfireshot.dll CHR - plugin: FireShot Chrome Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\legfpnnmhhnhjgekmmbkilmijnjoehne\0.92_0\plugin/npfshtml.dll CHR - plugin: Harmony Firefox Plugin (Enabled) = C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll CHR - plugin: Google Update (Enabled) = C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\ CHR - Extension: YouTube = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.4.6.3_0\ CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.4.7.4_0\ CHR - Extension: Google-Suche = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Google-Suche = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\ CHR - Extension: Plugin helper for chrome = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\ CHR - Extension: Click to change the icon's color = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\legfpnnmhhnhjgekmmbkilmijnjoehne\0.92_0\ CHR - Extension: Google Mail = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ CHR - Extension: Google Mail = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - H:\Programme\Visio\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Flashget] C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com) O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows7FirewallControl] C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm () O8:64bit: - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm () O8 - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com) O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE1D4120-E5ED-479C-AE53-79338240EB6A}: DhcpNameServer = 7.254.254.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB7DE6DF-2830-42C0-A30E-F3928516262A}: NameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\tbr - No CLSID value found O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll File not found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.10.06 17:32:15 | 000,000,000 | ---D | M] - H:\Autodesk -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.01.02 13:47:58 | 000,000,000 | ---D | C] -- C:\_OTL [2012.01.01 23:44:16 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Logitech® Webcam-Software [2012.01.01 23:41:42 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Leadertech [2012.01.01 23:41:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd [2012.01.01 23:41:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LWS [2012.01.01 23:41:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech [2012.01.01 23:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd [2012.01.01 23:41:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd [2012.01.01 23:38:51 | 007,045,480 | ---- | C] (Logitech, Inc.) -- C:\Users\Andreas\Desktop\lws230.exe [2011.12.31 19:59:17 | 000,000,000 | ---D | C] -- C:\videodvdmaker [2011.12.31 19:59:17 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Video DVD Maker FREE [2011.12.31 19:58:56 | 012,417,842 | ---- | C] ( ) -- C:\Users\Andreas\Desktop\klcodec520f.exe [2011.12.31 19:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video DVD Maker [2011.12.31 19:58:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Video DVD Maker [2011.12.27 18:47:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.12.27 18:47:35 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Andreas\Desktop\esetsmartinstaller_enu.exe [2011.12.27 17:31:00 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\SUPERAntiSpyware.com [2011.12.27 17:30:42 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2011.12.27 17:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2011.12.27 17:30:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2011.12.27 12:19:00 | 013,732,320 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Andreas\Desktop\SUPERAntiSpyware.exe [2011.12.27 12:15:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.12.27 12:14:10 | 000,910,112 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Andreas\Desktop\jxpiinstall.exe [2011.12.25 16:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.12.25 12:16:31 | 003,562,624 | ---- | C] (Piriform Ltd) -- C:\Users\Andreas\Desktop\ccsetup314.exe [2011.12.25 12:00:57 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Malwarebytes [2011.12.25 12:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.25 12:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.25 12:00:49 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.12.25 12:00:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.12.25 11:59:37 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Andreas\Desktop\mbam-setup-1.51.2.1300.exe [2011.12.25 03:25:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe [2011.12.25 02:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar [2011.12.25 02:45:08 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2011.12.25 02:42:23 | 000,799,832 | ---- | C] (Crawler.com ) -- C:\Users\Andreas\Desktop\Spyware30050TerminatorSetup.exe [2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Adobe [2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Adobe [2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2011.12.22 18:55:19 | 000,750,440 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPM5312.dll [2011.12.22 18:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2011.12.22 18:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2011.12.22 18:55:14 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2011.12.22 18:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP [2011.12.22 18:54:19 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\HP [2011.12.18 18:41:39 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Documents\Nexus Mod Manager [2011.12.18 18:41:39 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Black_Tree_Gaming [2011.12.18 18:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager [2011.12.18 18:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\Nexus Mod Manager [2011.12.16 13:58:24 | 000,000,000 | R--D | C] -- C:\Users\Andreas\Dropbox [2011.12.16 13:57:30 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2011.12.16 13:56:46 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Dropbox [2011.12.15 00:41:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2011.12.15 00:41:18 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.12.15 00:41:18 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011.12.15 00:41:18 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.12.15 00:41:18 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011.12.15 00:41:18 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.12.15 00:41:18 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.12.15 00:41:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.12.15 00:41:18 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.12.15 00:41:18 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.12.15 00:41:18 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.12.15 00:41:18 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.12.15 00:41:18 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011.12.15 00:41:18 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.12.15 00:41:18 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011.12.15 00:41:18 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2011.12.15 00:41:04 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2011.12.15 00:41:04 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2011.12.09 13:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard [2011.12.09 13:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard [2011.12.09 13:37:42 | 000,210,432 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmml118.dll [2011.12.09 13:37:42 | 000,193,592 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hppdcompio.dll [2011.12.09 13:37:42 | 000,182,784 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmpm081.dll [2011.12.09 13:37:42 | 000,167,480 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysWow64\hppccompio.dll [2011.12.09 13:37:42 | 000,157,696 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmja118.dll [2011.12.09 13:37:42 | 000,155,648 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmtp118.dll [2011.12.09 13:37:42 | 000,067,584 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmpw081.dll [2011.12.09 13:37:39 | 000,511,488 | ---- | C] (HP) -- C:\Windows\SysWow64\hpcdmc32.dll [2011.12.09 13:37:39 | 000,311,808 | ---- | C] (Hewlett-Packard Corporation) -- C:\Windows\SysNative\hpcpn118.dll [2011.12.09 13:36:29 | 000,000,000 | ---D | C] -- C:\HP Universal Print Driver [2011.12.05 14:00:41 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallJammer Registry [2011.12.05 14:00:36 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Application Data [2011.12.05 14:00:31 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GmoteServer [2011.12.05 14:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GmoteServer [2011.12.05 14:00:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GmoteServer [2011.12.05 13:39:42 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Desktop\vp71 [2011.12.05 13:33:52 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\vlc [2011.12.05 13:33:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.12.05 13:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2011.12.04 00:41:53 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Skyrim ========== Files - Modified Within 30 Days ========== [2012.01.02 13:50:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.02 13:50:41 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs [2012.01.02 13:50:37 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys [2012.01.02 13:49:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat [2012.01.02 11:35:05 | 000,029,410 | ---- | M] () -- C:\Users\Andreas\Desktop\Blatt10.pdf [2012.01.02 11:22:40 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.02 11:22:40 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.02 11:20:13 | 001,771,670 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.01.02 11:20:13 | 000,759,010 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.01.02 11:20:13 | 000,702,730 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.01.02 11:20:13 | 000,174,268 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.01.02 11:20:13 | 000,141,122 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.01.01 23:41:42 | 000,001,112 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk [2012.01.01 23:41:05 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk [2012.01.01 23:38:55 | 007,045,480 | ---- | M] (Logitech, Inc.) -- C:\Users\Andreas\Desktop\lws230.exe [2011.12.31 20:00:22 | 000,012,288 | ---- | M] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.31 19:59:26 | 012,417,842 | ---- | M] ( ) -- C:\Users\Andreas\Desktop\klcodec520f.exe [2011.12.31 19:58:22 | 008,671,837 | ---- | M] () -- C:\Users\Andreas\Desktop\vdm_free.exe [2011.12.27 23:57:47 | 000,041,737 | ---- | M] () -- C:\Users\Andreas\Desktop\4.jpg [2011.12.27 23:57:34 | 000,043,150 | ---- | M] () -- C:\Users\Andreas\Desktop\3.jpg [2011.12.27 23:57:24 | 000,035,556 | ---- | M] () -- C:\Users\Andreas\Desktop\2.jpg [2011.12.27 23:57:11 | 000,035,633 | ---- | M] () -- C:\Users\Andreas\Desktop\1.jpg [2011.12.27 22:34:18 | 000,001,852 | ---- | M] () -- C:\Users\Andreas\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.12.27 22:33:48 | 000,040,359 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-27_223347.jpg [2011.12.27 22:33:36 | 000,039,310 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-27_223335.jpg [2011.12.27 22:33:23 | 000,038,623 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-27_223322.jpg [2011.12.27 22:33:06 | 000,039,328 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-27_223259.jpg [2011.12.27 18:47:35 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Andreas\Desktop\esetsmartinstaller_enu.exe [2011.12.27 12:23:17 | 000,137,950 | ---- | M] () -- C:\Users\Andreas\Desktop\cc_20111227_122304.reg [2011.12.27 12:19:32 | 013,732,320 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Andreas\Desktop\SUPERAntiSpyware.exe [2011.12.27 12:14:12 | 000,910,112 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Andreas\Desktop\jxpiinstall.exe [2011.12.25 16:19:26 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.12.25 12:16:34 | 003,562,624 | ---- | M] (Piriform Ltd) -- C:\Users\Andreas\Desktop\ccsetup314.exe [2011.12.25 11:59:37 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Andreas\Desktop\mbam-setup-1.51.2.1300.exe [2011.12.25 03:49:23 | 000,034,731 | ---- | M] () -- C:\Users\Andreas\Desktop\OTL.zip [2011.12.25 03:48:15 | 000,013,856 | ---- | M] () -- C:\Users\Andreas\Desktop\Extras.zip [2011.12.25 03:25:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe [2011.12.25 03:21:40 | 000,000,020 | ---- | M] () -- C:\Users\Andreas\defogger_reenable [2011.12.25 03:21:05 | 000,050,477 | ---- | M] () -- C:\Users\Andreas\Desktop\Defogger.exe [2011.12.25 02:45:08 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2011.12.25 02:42:25 | 000,799,832 | ---- | M] (Crawler.com ) -- C:\Users\Andreas\Desktop\Spyware30050TerminatorSetup.exe [2011.12.22 21:49:02 | 000,468,444 | ---- | M] () -- C:\Users\Andreas\Desktop\Unbenannt-1.psd [2011.12.22 18:55:18 | 000,002,224 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk [2011.12.22 18:55:18 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk [2011.12.22 18:55:18 | 000,001,224 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk [2011.12.22 18:55:18 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk [2011.12.18 18:48:44 | 000,001,478 | ---- | M] () -- C:\Users\Andreas\Desktop\Skyrim.lnk [2011.12.16 13:58:24 | 000,001,043 | ---- | M] () -- C:\Users\Andreas\Desktop\Dropbox.lnk [2011.12.16 13:57:34 | 000,001,023 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.12.15 10:53:45 | 000,323,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.12.14 11:22:09 | 000,002,010 | -H-- | M] () -- C:\Users\Andreas\Documents\Default.rdp [2011.12.13 15:32:53 | 001,440,354 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-13_153242.tif [2011.12.13 15:28:14 | 000,175,439 | ---- | M] () -- C:\Users\Andreas\AppData\Local\debuggee.mdmp [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.12.09 16:38:14 | 000,265,294 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-09_163808.jpg [2011.12.09 13:37:55 | 000,000,000 | ---- | M] () -- C:\Windows\HPMProp.INI [2011.12.09 12:44:42 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.12.05 13:39:22 | 001,101,819 | ---- | M] () -- C:\Users\Andreas\Desktop\vp71.zip [2011.12.05 13:33:31 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk ========== Files Created - No Company Name ========== [2012.01.02 11:35:04 | 000,029,410 | ---- | C] () -- C:\Users\Andreas\Desktop\Blatt10.pdf [2012.01.01 23:41:42 | 000,001,112 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk [2012.01.01 23:41:29 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\lvuvc.hs [2012.01.01 23:41:05 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk [2011.12.31 19:58:15 | 008,671,837 | ---- | C] () -- C:\Users\Andreas\Desktop\vdm_free.exe [2011.12.27 23:57:47 | 000,041,737 | ---- | C] () -- C:\Users\Andreas\Desktop\4.jpg [2011.12.27 23:57:34 | 000,043,150 | ---- | C] () -- C:\Users\Andreas\Desktop\3.jpg [2011.12.27 23:57:24 | 000,035,556 | ---- | C] () -- C:\Users\Andreas\Desktop\2.jpg [2011.12.27 23:57:11 | 000,035,633 | ---- | C] () -- C:\Users\Andreas\Desktop\1.jpg [2011.12.27 22:33:48 | 000,040,359 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-27_223347.jpg [2011.12.27 22:33:36 | 000,039,310 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-27_223335.jpg [2011.12.27 22:33:23 | 000,038,623 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-27_223322.jpg [2011.12.27 22:33:06 | 000,039,328 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-27_223259.jpg [2011.12.27 17:30:42 | 000,001,852 | ---- | C] () -- C:\Users\Andreas\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.12.27 12:23:09 | 000,137,950 | ---- | C] () -- C:\Users\Andreas\Desktop\cc_20111227_122304.reg [2011.12.25 16:19:26 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.12.25 03:49:23 | 000,034,731 | ---- | C] () -- C:\Users\Andreas\Desktop\OTL.zip [2011.12.25 03:48:15 | 000,013,856 | ---- | C] () -- C:\Users\Andreas\Desktop\Extras.zip [2011.12.25 03:21:40 | 000,000,020 | ---- | C] () -- C:\Users\Andreas\defogger_reenable [2011.12.25 03:21:04 | 000,050,477 | ---- | C] () -- C:\Users\Andreas\Desktop\Defogger.exe [2011.12.22 21:49:02 | 000,468,444 | ---- | C] () -- C:\Users\Andreas\Desktop\Unbenannt-1.psd [2011.12.22 18:55:22 | 000,000,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk [2011.12.22 18:55:18 | 000,002,224 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk [2011.12.22 18:55:18 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk [2011.12.22 18:55:18 | 000,001,224 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk [2011.12.22 18:55:18 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk [2011.12.18 18:48:50 | 000,001,478 | ---- | C] () -- C:\Users\Andreas\Desktop\Skyrim.lnk [2011.12.16 13:58:24 | 000,001,043 | ---- | C] () -- C:\Users\Andreas\Desktop\Dropbox.lnk [2011.12.16 13:57:34 | 000,001,023 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.12.13 15:32:53 | 001,440,354 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-13_153242.tif [2011.12.09 16:38:14 | 000,265,294 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-09_163808.jpg [2011.12.09 13:37:55 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI [2011.12.09 13:37:39 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\hpcc3118.dll [2011.12.05 13:39:19 | 001,101,819 | ---- | C] () -- C:\Users\Andreas\Desktop\vp71.zip [2011.12.05 13:33:31 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.11.04 01:03:36 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe [2011.11.01 15:10:20 | 000,175,439 | ---- | C] () -- C:\Users\Andreas\AppData\Local\debuggee.mdmp [2011.10.08 14:28:17 | 001,995,776 | ---- | C] () -- C:\Windows\SysWow64\cxcore200.dll [2011.10.08 14:28:17 | 001,623,040 | ---- | C] () -- C:\Windows\SysWow64\cv200.dll [2011.10.08 14:28:16 | 001,174,467 | ---- | C] () -- C:\Windows\unins000.exe [2011.10.08 14:28:16 | 000,010,123 | ---- | C] () -- C:\Windows\unins000.dat [2011.10.07 14:31:05 | 000,000,316 | ---- | C] () -- C:\Windows\ODBC.INI [2011.08.19 10:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2011.08.19 10:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2011.08.19 10:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011.07.10 14:41:28 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI [2011.05.24 22:06:22 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011.05.08 16:50:42 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll [2011.05.08 16:50:13 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.12.29 23:37:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat [2010.12.22 19:07:26 | 000,000,551 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\AutoGK.ini [2010.12.15 13:18:38 | 000,012,288 | ---- | C] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.13 16:29:32 | 000,000,600 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\winscp.rnd [2010.12.10 17:07:57 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2010.12.10 14:11:50 | 001,752,372 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.12.08 14:12:55 | 000,002,063 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat [2010.12.08 14:11:47 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI [2010.12.05 23:05:05 | 000,007,605 | ---- | C] () -- C:\Users\Andreas\AppData\Local\resmon.resmoncfg [2010.12.05 21:31:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.12.05 21:30:09 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.12.05 20:56:15 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2010.12.05 20:53:29 | 000,072,304 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe [2010.12.05 20:49:53 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2010.01.27 03:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2009.08.27 08:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.01.25 22:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009.01.09 00:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2002.10.15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2002.09.17 23:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe ========== LOP Check ========== [2011.01.05 17:01:49 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\.minecraft [2011.12.22 18:47:09 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ALFBanCo4 [2011.05.03 12:27:23 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Autodesk [2010.12.09 21:55:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\BITS [2011.09.04 21:30:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Braid [2011.08.11 15:41:21 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Brawsome [2011.01.10 18:03:20 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Broken Rules [2010.12.08 16:51:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Canneverbe Limited [2010.12.13 00:46:56 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Cherry [2011.12.25 17:48:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DAEMON Tools Lite [2011.01.10 22:23:00 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DocClockGame [2012.01.02 13:51:48 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Dropbox [2011.08.13 19:16:42 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DVDVideoSoft [2011.08.13 12:35:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers [2011.08.10 20:00:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FireShot [2010.12.10 13:43:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FlashGet [2010.12.08 14:11:41 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FlashGetBHO [2011.11.12 13:29:30 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\fotw [2010.12.12 04:23:52 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Foxit Software [2011.07.10 14:45:43 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Fujitsu [2011.03.06 18:42:08 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\gtk-2.0 [2010.12.22 15:18:46 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\HandBrake [2011.11.05 12:40:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Heinz Nixdorf Institut [2011.03.07 15:03:55 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\JavaEditor [2012.01.01 23:41:42 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Leadertech [2011.08.21 22:43:59 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\LucasArts [2011.11.13 22:47:26 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Nicalis [2011.02.27 21:18:55 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Nokia [2011.01.07 14:12:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\OpenOffice.org [2011.07.10 14:47:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PFU [2010.12.13 22:49:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PMS [2011.02.24 16:45:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Processing [2010.12.05 21:41:45 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\QIP [2011.10.07 14:53:59 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Subversion [2011.08.11 00:03:46 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\System [2010.12.17 15:35:28 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Systweak [2010.12.05 23:34:20 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Thunderbird [2011.12.29 13:35:09 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TS3Client [2011.02.13 19:25:39 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Tunngle [2011.11.04 01:03:50 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\VDownloader [2011.12.31 19:59:17 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Video DVD Maker FREE [2011.11.14 00:08:17 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Wargaming.net [2011.08.11 00:10:53 | 000,000,000 | -HSD | M] -- C:\Users\Andreas\AppData\Roaming\wyUpdate AU [2011.12.03 11:46:51 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
Themen zu BKA/Ukash-Trojaner/Virus und seine Folgen |
.exe, abgesicherte, abgesicherten, abgesicherten modus, archiv, beseitigen, durchführen, euren, folge, folgen, freunde, hören, jetzt alles wieder normal, kryptische, lästige, löschen, modus, schritte, starte, stunde, stunden, system, weiteren, wirkt |