![]() |
Plagegeister aller Art und deren Bekämpfung: SMART HDD entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() |
![]() | #1 |
| ![]() SMART HDD entfernen Hallo zusammen, ich habe mit den Smart HDD Trojaner eingefangen. Ich habe die Standard-Vorgehensweise wie hier(http://www.trojaner-board.de/113467-...entfernen.html) beschrieben schon ausprobiert (rkill, Malware Bytes, OTL, TDSSKiller). Hat leider nichts gebracht. Es wäre super, wenn mir hier Jemand weiter helfen könnte. Meine OTL-Logfiles: OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.04.2012 17:20:54 - Run 1 OTL by OldTimer - Version Folder = C:\Users\MyName\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,49 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 61,19% Memory free 6,98 Gb Paging File | 5,46 Gb Available in Paging File | 78,26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 238,29 Gb Total Space | 47,49 Gb Free Space | 19,93% Space Free | Partition Type: NTFS Drive F: | 7,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: MyName-PC | User Name: MyName | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.04.29 17:20:07 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\MyName\Desktop\OTL.exe PRC - [2012.04.29 13:09:21 | 000,221,184 | -H-- | M] () -- C:\ProgramData\W5zLjqYQGas6Q0.exe PRC - [2012.04.29 13:01:31 | 000,300,544 | -H-- | M] () -- C:\ProgramData\YYtkTUcKcuuqNLK.exe PRC - [2012.04.25 21:05:22 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | -H-- | M] (Malwarebytes Corporation) -- C:\mb\mbamgui.exe PRC - [2012.01.31 08:56:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.01.31 08:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.01.31 08:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.01.31 08:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.11.23 09:59:08 | 000,892,928 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe PRC - [2011.11.11 19:18:24 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.05.25 09:25:02 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2011.05.25 09:24:56 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2011.05.25 09:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.03.17 07:11:30 | 000,019,872 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2011.03.17 07:10:18 | 003,373,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 23:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.06.28 13:01:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe PRC - [2010.06.28 12:59:52 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe PRC - [2010.04.15 23:42:22 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.04.15 23:42:18 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.07.14 03:14:12 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe PRC - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe ========== Modules (No Company Name) ========== MOD - [2012.04.29 13:09:21 | 000,221,184 | -H-- | M] () -- C:\ProgramData\W5zLjqYQGas6Q0.exe MOD - [2012.04.29 13:01:31 | 000,300,544 | -H-- | M] () -- C:\ProgramData\YYtkTUcKcuuqNLK.exe MOD - [2012.04.25 21:05:21 | 001,952,696 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.04.11 14:30:29 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7786f3e95a399a8b6691170ae2fe0e1c\PresentationFramework.ni.dll MOD - [2012.04.11 14:30:19 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\239eba799555dbe10760ee80c8c8df7c\PresentationCore.ni.dll MOD - [2012.04.11 14:30:11 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\02ea3ff3b5908b51da47e1aeb9e75b04\WindowsBase.ni.dll MOD - [2012.03.09 23:00:13 | 000,968,704 | -H-- | M] () -- C:\Users\MyName\AppData\Roaming\Mozilla\Firefox\Profiles\21hud8n1.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll MOD - [2012.02.29 22:46:21 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\dfd9cbfccfadcf84406398a9d83ab4f4\System.Management.ni.dll MOD - [2012.02.29 22:45:18 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\533deafc53346179cd118acc874752a3\System.Runtime.Remoting.ni.dll MOD - [2012.02.29 22:45:12 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\ae31d46211440b11a9e66c3ba1a4e7ff\System.Xaml.ni.dll MOD - [2012.02.28 20:26:39 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8b8a5c194aacfb2102d4e26b75a84e03\PresentationFramework.Aero.ni.dll MOD - [2012.02.28 20:26:34 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7292b3e639a6202cf7eaf1f7ed271249\System.Core.ni.dll MOD - [2012.02.28 20:26:26 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll MOD - [2012.02.28 20:26:22 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll MOD - [2011.11.23 10:00:00 | 000,884,736 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\fsk.dll MOD - [2011.11.23 09:59:08 | 000,143,360 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\readerAppHelper.dll MOD - [2011.11.23 09:58:18 | 000,172,032 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\USBDetector.dll MOD - [2011.11.23 09:57:28 | 000,018,432 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskNetInterface.dll MOD - [2011.11.23 09:57:26 | 000,009,728 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskPower.dll MOD - [2011.11.23 09:57:24 | 000,020,480 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskinLocalize.dll MOD - [2011.11.23 09:57:24 | 000,008,704 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll MOD - [2011.11.23 09:57:22 | 000,028,160 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ticket.dll MOD - [2011.11.23 09:57:20 | 000,012,288 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll MOD - [2011.11.23 09:56:02 | 000,118,784 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll MOD - [2011.11.23 09:55:58 | 000,010,752 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll MOD - [2011.11.23 09:55:56 | 000,233,472 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\Fskin.dll MOD - [2011.11.23 09:55:26 | 000,033,792 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll MOD - [2011.11.17 23:06:54 | 000,798,720 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskSecurity.dll MOD - [2011.11.17 21:47:08 | 000,086,016 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ebookUsb.dll MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.10.01 15:33:55 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2011.08.11 19:45:22 | 000,055,816 | -H-- | M] () -- C:\Users\MyName\AppData\Local\Temp\e3c74ee6-7482-4280-b9c3-f233b390296e\CliSecureRT.dll MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2011.03.17 07:11:30 | 000,019,872 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2010.01.30 03:41:12 | 004,254,560 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ========== Win32 Services (SafeList) ========== SRV - [2012.04.25 21:05:22 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.31 08:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.01.31 08:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.11.17 23:12:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service) SRV - [2011.05.25 09:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010.06.28 13:01:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2010.04.15 23:42:22 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010.04.15 23:42:18 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010.03.25 11:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2003.04.18 20:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService) ========== Driver Services (SafeList) ========== DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.02.09 22:43:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.01.31 08:56:33 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.01.31 08:56:33 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.01.03 10:38:36 | 000,136,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011.01.03 10:38:36 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV - [2011.01.03 10:38:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV - [2010.11.20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc) DRV - [2010.11.20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010.11.20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.10.15 01:27:20 | 000,269,824 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV - [2010.05.15 16:30:50 | 000,461,400 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant) DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.09.18 03:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R) DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2009.07.14 00:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2007.05.03 16:11:14 | 000,256,000 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MRVW13B.sys -- (MRV6X32P) DRV - [2007.03.14 01:04:40 | 000,095,712 | ---- | M] (Terratec Electronic GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ews88wdm.sys -- (ews88mt) DRV - [2005.08.18 01:00:00 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Lavalys\EVEREST Home Edition\kerneld.wnt -- (EverestDriver) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 77 9D 0B A0 F1 71 CC 01 [binary data] IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaultthis.engineName: "BittorrentBar_DE Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "BittorrentBar_DE Customized Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.stadtrevue.de" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}: FF - prefs.js..extensions.enabledItems: toolbar@alexa.com:1.54 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4 FF - prefs.js..extensions.enabledItems: FirePHPExtension-Build@firephp.org:0.4.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.70.0 FF - prefs.js..extensions.enabledItems: beta@linkdiagnosis.com:2.2.42 FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.34 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.6.8 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9 FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties" FF - prefs.js..network.proxy.http: "" FF - prefs.js..network.proxy.http_port: 80 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.28 00:34:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.04.04 22:10:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.06.02 00:11:26 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\MyName\AppData\Roaming\mozilla\Extensions [2011.06.02 00:11:26 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\MyName\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.04.29 16:52:17 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\MyName\AppData\Roaming\mozilla\Firefox\Profiles\21hud8n1.default\extensions [2012.04.29 16:43:07 | 000,000,000 | -H-D | M] (SeoQuake) -- C:\Users\MyName\AppData\Roaming\mozilla\Firefox\Profiles\21hud8n1.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2012.04.29 16:43:06 | 000,000,000 | -H-D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\MyName\AppData\Roaming\mozilla\Firefox\Profiles\21hud8n1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.04.29 16:43:06 | 000,000,000 | -H-D | M] (Page Speed) -- C:\Users\MyName\AppData\Roaming\mozilla\Firefox\Profiles\21hud8n1.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2012.04.29 16:43:07 | 000,000,000 | -H-D | M] (LastPass) -- C:\Users\MyName\AppData\Roaming\mozilla\Firefox\Profiles\21hud8n1.default\extensions\support@lastpass.com [2012.03.04 10:34:47 | 000,003,915 | -H-- | M] () -- C:\Users\MyName\AppData\Roaming\Mozilla\Firefox\Profiles\21hud8n1.default\searchplugins\sweetim.xml [2012.03.04 13:09:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions () (No name found) -- C:\USERS\MyName\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\21HUD8N1.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI () (No name found) -- C:\USERS\MyName\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\21HUD8N1.DEFAULT\EXTENSIONS\{D57C9FF1-6389-48FC-B770-F78BD89B6E8A}.XPI () (No name found) -- C:\USERS\MyName\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\21HUD8N1.DEFAULT\EXTENSIONS\BETA@LINKDIAGNOSIS.COM.XPI () (No name found) -- C:\USERS\MyName\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\21HUD8N1.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI () (No name found) -- C:\USERS\MyName\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\21HUD8N1.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI () (No name found) -- C:\USERS\MyName\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\21HUD8N1.DEFAULT\EXTENSIONS\TOBIAS@WEBFISH.SE2.XPI [2012.04.25 21:05:22 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.03 10:12:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.03 10:12:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.03 10:12:17 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.03 10:12:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.03 10:12:17 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.03 10:12:17 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Programme\PriceGong\2.5.4\PriceGongIE.dll (PriceGong) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Programme\LastPass\LPBar.dll (LastPass) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Programme\LastPass\LPBar.dll (LastPass) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\mb\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [Reader Application Helper] C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [YYtkTUcKcuuqNLK.exe] C:\ProgramData\YYtkTUcKcuuqNLK.exe () O4 - Startup: C:\Users\MyName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\MyName\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\MyName\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: LastPass - file://C:\Program Files\LastPass\context.html?cmd=lastpass File not found O8 - Extra context menu item: LastPass Ausfüllformulare - file://C:\Program Files\LastPass\context.html?cmd=fillforms File not found O8 - Extra context menu item: Se&nd to OneNote - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Programme\LastPass\LPBar.dll (LastPass) O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Programme\LastPass\LPBar.dll (LastPass) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B42161D3-AE48-4AC6-811F-0CE8A4015E2D}: DhcpNameServer = O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (MrvGINA.dll) - File not found O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{b16c341b-945b-11e0-80b5-1c6f65a75208}\Shell - "" = AutoRun O33 - MountPoints2\{b16c341b-945b-11e0-80b5-1c6f65a75208}\Shell\AutoRun\command - "" = F:\SETUP.EXE O33 - MountPoints2\{b16c341b-945b-11e0-80b5-1c6f65a75208}\Shell\configure\command - "" = F:\SETUP.EXE O33 - MountPoints2\{b16c341b-945b-11e0-80b5-1c6f65a75208}\Shell\install\command - "" = F:\SETUP.EXE O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.04.29 17:20:05 | 000,595,456 | -H-- | C] (OldTimer Tools) -- C:\Users\MyName\Desktop\OTL.exe [2012.04.29 17:06:55 | 000,258,560 | -H-- | C] (OldTimer Tools) -- C:\Users\MyName\Desktop\OTH.scr [2012.04.29 14:08:32 | 000,000,000 | -H-D | C] -- C:\mb [2012.04.29 14:07:55 | 010,063,000 | -H-- | C] (Malwarebytes Corporation ) -- C:\Users\MyName\Desktop\malwarebytes_antimalware_1.61(1).exe [2012.04.29 13:45:58 | 000,000,000 | -H-D | C] -- C:\Users\MyName\AppData\Roaming\Malwarebytes [2012.04.29 13:45:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes [2012.04.29 13:45:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.04.29 13:45:52 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.04.29 13:45:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.04.29 13:42:32 | 000,000,000 | -H-D | C] -- C:\TDSSKiller_Quarantine [2012.04.29 13:39:49 | 000,000,000 | -H-D | C] -- C:\Users\MyName\Desktop\tdsskiller_2.5.5.0 [2012.04.29 13:09:24 | 000,000,000 | -H-D | C] -- C:\Users\MyName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery [2012.04.29 11:35:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\AutoKMS [2012.04.28 13:58:04 | 000,000,000 | -H-D | C] -- C:\Users\MyName\Documents\VideoPad Projects [2012.04.28 12:53:50 | 000,000,000 | -H-D | C] -- C:\Users\MyName\AppData\Roaming\NVIDIA [2012.04.28 12:46:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\NCH Software [2012.04.28 12:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite [2012.04.28 12:46:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs [2012.04.28 12:46:21 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software [2012.04.28 12:46:16 | 000,000,000 | -H-D | C] -- C:\Users\MyName\AppData\Roaming\NCH Software [2012.04.28 12:46:08 | 003,941,464 | -H-- | C] (NCH Software) -- C:\Users\MyName\Desktop\vpsetup-243.exe [2012.04.28 12:45:18 | 000,000,000 | -H-D | C] -- C:\Users\MyName\AppData\Roaming\DVDVideoSoftIEHelpers [2012.04.28 12:45:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2012.04.28 12:45:14 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\System32\QtCore4.dll [2012.04.28 12:45:12 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll [2012.04.28 12:45:08 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2012.04.28 12:45:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2012.04.28 11:19:51 | 000,000,000 | -H-D | C] -- C:\Users\MyName\AppData\Roaming\Avira [2012.04.28 11:01:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.04.28 11:01:13 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.04.28 11:01:12 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.04.28 11:01:12 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.04.28 11:01:12 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012.04.28 11:01:11 | 000,000,000 | -H-D | C] -- C:\ProgramData\Avira [2012.04.28 01:09:23 | 000,000,000 | -H-D | C] -- C:\OEMSettings [2012.04.28 01:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR [2012.04.28 01:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WG311v3 Smart Wizard [2012.04.28 00:57:51 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations [2012.04.25 21:05:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\Mozilla [2012.04.25 21:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.04.21 15:43:47 | 000,000,000 | -H-D | C] -- C:\Users\MyName\Desktop\kindle [2012.04.14 12:46:14 | 000,000,000 | -H-D | C] -- C:\Users\MyName\Desktop\rechnungen xxlfood [2012.04.11 14:30:34 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.04.11 14:30:33 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.04.11 14:30:33 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.04.11 14:30:32 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.04.11 14:30:32 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.04.11 14:30:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.04.11 14:28:50 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.04.11 14:28:50 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.04.11 11:30:51 | 000,000,000 | -H-D | C] -- C:\Users\MyName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Article Wizard [2012.04.11 11:30:51 | 000,000,000 | ---D | C] -- C:\Program Files\Article Wizard [2012.04.09 21:53:10 | 000,000,000 | -H-D | C] -- C:\Users\MyName\Desktop\xml [2012.04.09 11:50:28 | 000,000,000 | -H-D | C] -- C:\Users\MyName\Desktop\piwik [2012.04.09 11:48:13 | 000,000,000 | -H-D | C] -- C:\Users\MyName\Desktop\04 [2012.04.08 19:49:01 | 000,000,000 | -H-D | C] -- C:\Users\MyName\.easyxmleditor [2012.04.08 19:48:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy XML Editor [2012.04.08 19:48:53 | 000,000,000 | ---D | C] -- C:\Program Files\Easy XML Editor [2012.04.08 19:46:26 | 000,000,000 | -H-D | C] -- C:\Users\MyName\AppData\Roaming\Extensible XML Editor [2012.04.08 19:46:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\{DB074885-BBA6-46B1-AD15-3339F4915375} [2012.04.08 19:46:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Essential XML Editor 1.6 [2012.04.08 19:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\Essential XML Editor 1.6 [2012.04.08 19:45:44 | 000,000,000 | -H-D | C] -- C:\Users\MyName\Desktop\Downloads [2012.02.20 19:19:38 | 010,905,632 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe [3 C:\Users\MyName\Desktop\*.tmp files -> C:\Users\MyName\Desktop\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2077.05.27 10:01:30 | 001,316,154 | -H-- | M] () -- C:\Users\MyName\Desktop\MZ000011.MP3 [2012.04.29 17:24:26 | 000,021,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.04.29 17:24:26 | 000,021,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.04.29 17:20:07 | 000,595,456 | -H-- | M] (OldTimer Tools) -- C:\Users\MyName\Desktop\OTL.exe [2012.04.29 17:15:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.04.29 17:15:31 | 2811,875,328 | -HS- | M] () -- C:\hiberfil.sys [2012.04.29 17:06:59 | 000,258,560 | -H-- | M] (OldTimer Tools) -- C:\Users\MyName\Desktop\OTH.scr [2012.04.29 15:27:29 | 001,008,141 | -H-- | M] () -- C:\Users\MyName\Desktop\rkill.exe [2012.04.29 14:08:33 | 000,000,554 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.29 14:08:00 | 010,063,000 | -H-- | M] (Malwarebytes Corporation ) -- C:\Users\MyName\Desktop\malwarebytes_antimalware_1.61(1).exe [2012.04.29 14:04:03 | 001,008,141 | -H-- | M] () -- C:\Users\MyName\Desktop\rkill(1).com [2012.04.29 13:39:31 | 001,309,375 | -H-- | M] () -- C:\Users\MyName\Desktop\tdsskiller_2.5.5.0.zip [2012.04.29 13:37:15 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.04.29 13:37:15 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.04.29 13:37:15 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.04.29 13:37:15 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.04.29 13:22:05 | 000,000,256 | -H-- | M] () -- C:\ProgramData\W5zLjqYQGas6Q0 [2012.04.29 13:15:04 | 000,000,184 | -H-- | M] () -- C:\ProgramData\-W5zLjqYQGas6Q0r [2012.04.29 13:15:04 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-W5zLjqYQGas6Q0 [2012.04.29 13:09:24 | 000,000,675 | -H-- | M] () -- C:\Users\MyName\Desktop\Data_Recovery.lnk [2012.04.29 13:09:21 | 000,221,184 | -H-- | M] () -- C:\ProgramData\W5zLjqYQGas6Q0.exe [2012.04.29 13:05:17 | 000,000,600 | -H-- | M] () -- C:\Users\MyName\AppData\Roaming\winscp.rnd [2012.04.29 13:01:31 | 000,300,544 | -H-- | M] () -- C:\ProgramData\YYtkTUcKcuuqNLK.exe [2012.04.28 15:48:52 | 016,699,948 | -H-- | M] () -- C:\Users\MyName\Desktop\enik5.wav [2012.04.28 15:21:43 | 016,699,948 | -H-- | M] () -- C:\Users\MyName\Desktop\enik4.wav [2012.04.28 15:14:48 | 016,377,968 | -H-- | M] () -- C:\Users\MyName\Desktop\enik3.wav [2012.04.28 14:59:51 | 000,002,272 | -H-- | M] () -- C:\Users\MyName\Desktop\Free Video to MP3 Converter.lnk [2012.04.28 14:59:51 | 000,001,221 | -H-- | M] () -- C:\Users\MyName\Desktop\DVDVideoSoft Free Studio.lnk [2012.04.28 14:47:12 | 011,967,916 | -H-- | M] () -- C:\Users\MyName\Desktop\eink2.wav [2012.04.28 14:26:35 | 000,226,728 | -H-- | M] () -- C:\Users\MyName\Desktop\MZ000011.HM2 [2012.04.28 14:26:35 | 000,020,064 | -H-- | M] () -- C:\Users\MyName\Desktop\MZ000011.HMP [2012.04.28 13:27:28 | 012,428,264 | -H-- | M] () -- C:\Users\MyName\Desktop\eink.wav [2012.04.28 12:46:13 | 003,941,464 | -H-- | M] (NCH Software) -- C:\Users\MyName\Desktop\vpsetup-243.exe [2012.04.28 12:45:15 | 000,001,284 | -H-- | M] () -- C:\Users\MyName\Desktop\Free YouTube Download.lnk [2012.04.27 23:09:24 | 000,000,032 | -H-- | M] () -- C:\Users\MyName\AppData\Roaming\msregsvv.dll [2012.04.27 23:09:24 | 000,000,032 | -H-- | M] () -- C:\ProgramData\autobk.inc [2012.04.23 21:27:48 | 255,433,843 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.04.23 19:52:03 | 000,072,150 | -H-- | M] () -- C:\Users\MyName\Desktop\denic_xxlfood.de.JPG [2012.04.22 15:36:10 | 000,045,383 | -H-- | M] () -- C:\Users\MyName\Desktop\swsws.wma [2012.04.18 13:49:50 | 000,405,176 | ---- | M] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll [2012.04.15 16:57:41 | 013,698,809 | -H-- | M] () -- C:\Users\MyName\Desktop\wdr5_toene_texte_bilder_20120414.mp3 [2012.04.14 13:53:09 | 000,090,177 | -H-- | M] () -- C:\Users\MyName\Desktop\lebensmittel.jpg [2012.04.13 15:56:00 | 000,000,804 | -H-- | M] () -- C:\Users\MyName\Desktop\config.php [2012.04.11 11:30:53 | 000,003,035 | -H-- | M] () -- C:\Users\MyName\Desktop\Article Wizard.lnk [2012.04.09 21:35:06 | 000,002,634 | -H-- | M] () -- C:\Users\MyName\Desktop\node.xml [2012.04.09 21:09:49 | 000,001,307 | -H-- | M] () -- C:\Users\MyName\Desktop\xmlfehler.xml [2012.04.09 11:46:17 | 000,000,044 | -H-- | M] () -- C:\Users\MyName\Desktop\Wir finden für Dich das beste XXL Restaurant - XXLfood.de.URL [2012.04.08 19:48:54 | 000,001,063 | -H-- | M] () -- C:\Users\MyName\Desktop\Easy XML Editor.lnk [2012.04.08 19:48:54 | 000,001,031 | -H-- | M] () -- C:\Users\MyName\Desktop\XML Dog.lnk [2012.04.08 19:47:16 | 000,009,423 | -H-- | M] () -- C:\Users\MyName\Desktop\Item.xml [2012.04.07 16:26:21 | 000,019,730 | -H-- | M] () -- C:\Users\MyName\Desktop\logos-breit-bw.png [2012.04.07 16:26:21 | 000,000,132 | -H-- | M] () -- C:\Users\MyName\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012.04.07 15:27:05 | 000,112,250 | -H-- | M] () -- C:\Users\MyName\Desktop\1live.jpg [2012.04.07 15:14:01 | 000,118,424 | -H-- | M] () -- C:\Users\MyName\Desktop\buero.jpg [2012.04.07 14:41:35 | 000,112,828 | -H-- | M] () -- C:\Users\MyName\Desktop\landschaft.jpg [2012.04.06 17:41:52 | 000,004,332 | -H-- | M] () -- C:\Users\MyName\Desktop\contact_btn_red.png [2012.04.06 17:12:42 | 000,039,317 | -H-- | M] () -- C:\Users\MyName\Desktop\logos-breit.png [2012.04.06 15:59:34 | 000,020,813 | -H-- | M] () -- C:\Users\MyName\Desktop\telefon.JPG [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.04.01 14:44:08 | 000,690,589 | -H-- | M] () -- C:\Users\MyName\Desktop\logo_page1.png [3 C:\Users\MyName\Desktop\*.tmp files -> C:\Users\MyName\Desktop\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.04.29 15:27:25 | 001,008,141 | -H-- | C] () -- C:\Users\MyName\Desktop\rkill.exe [2012.04.29 14:08:33 | 000,000,554 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.29 14:04:02 | 001,008,141 | -H-- | C] () -- C:\Users\MyName\Desktop\rkill(1).com [2012.04.29 13:39:30 | 001,309,375 | -H-- | C] () -- C:\Users\MyName\Desktop\tdsskiller_2.5.5.0.zip [2012.04.29 13:09:29 | 000,000,184 | -H-- | C] () -- C:\ProgramData\-W5zLjqYQGas6Q0r [2012.04.29 13:09:29 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-W5zLjqYQGas6Q0 [2012.04.29 13:09:24 | 000,000,675 | -H-- | C] () -- C:\Users\MyName\Desktop\Data_Recovery.lnk [2012.04.29 13:09:21 | 000,221,184 | -H-- | C] () -- C:\ProgramData\W5zLjqYQGas6Q0.exe [2012.04.29 13:09:21 | 000,000,256 | -H-- | C] () -- C:\ProgramData\W5zLjqYQGas6Q0 [2012.04.29 13:03:42 | 000,300,544 | -H-- | C] () -- C:\ProgramData\YYtkTUcKcuuqNLK.exe [2012.04.28 15:48:51 | 016,699,948 | -H-- | C] () -- C:\Users\MyName\Desktop\enik5.wav [2012.04.28 15:21:42 | 016,699,948 | -H-- | C] () -- C:\Users\MyName\Desktop\enik4.wav [2012.04.28 15:14:47 | 016,377,968 | -H-- | C] () -- C:\Users\MyName\Desktop\enik3.wav [2012.04.28 14:59:51 | 000,002,272 | -H-- | C] () -- C:\Users\MyName\Desktop\Free Video to MP3 Converter.lnk [2012.04.28 14:59:51 | 000,001,221 | -H-- | C] () -- C:\Users\MyName\Desktop\DVDVideoSoft Free Studio.lnk [2012.04.28 14:47:11 | 011,967,916 | -H-- | C] () -- C:\Users\MyName\Desktop\eink2.wav [2012.04.28 14:24:22 | 000,226,728 | -H-- | C] () -- C:\Users\MyName\Desktop\MZ000011.HM2 [2012.04.28 14:24:22 | 000,020,064 | -H-- | C] () -- C:\Users\MyName\Desktop\MZ000011.HMP [2012.04.28 14:23:34 | 001,316,154 | -H-- | C] () -- C:\Users\MyName\Desktop\MZ000011.MP3 [2012.04.28 13:27:24 | 012,428,264 | -H-- | C] () -- C:\Users\MyName\Desktop\eink.wav [2012.04.28 12:45:15 | 000,001,284 | -H-- | C] () -- C:\Users\MyName\Desktop\Free YouTube Download.lnk [2012.04.23 19:52:02 | 000,072,150 | -H-- | C] () -- C:\Users\MyName\Desktop\denic_xxlfood.de.JPG [2012.04.22 15:36:10 | 000,045,383 | -H-- | C] () -- C:\Users\MyName\Desktop\swsws.wma [2012.04.15 16:57:33 | 013,698,809 | -H-- | C] () -- C:\Users\MyName\Desktop\wdr5_toene_texte_bilder_20120414.mp3 [2012.04.14 13:53:07 | 000,090,177 | -H-- | C] () -- C:\Users\MyName\Desktop\lebensmittel.jpg [2012.04.13 15:56:00 | 000,000,804 | -H-- | C] () -- C:\Users\MyName\Desktop\config.php [2012.04.11 11:30:53 | 000,003,035 | -H-- | C] () -- C:\Users\MyName\Desktop\Article Wizard.lnk [2012.04.09 21:26:49 | 000,002,634 | -H-- | C] () -- C:\Users\MyName\Desktop\node.xml [2012.04.09 21:09:49 | 000,001,307 | -H-- | C] () -- C:\Users\MyName\Desktop\xmlfehler.xml [2012.04.09 11:46:17 | 000,000,044 | -H-- | C] () -- C:\Users\MyName\Desktop\Wir finden für Dich das beste XXL Restaurant - XXLfood.de.URL [2012.04.08 19:48:54 | 000,001,063 | -H-- | C] () -- C:\Users\MyName\Desktop\Easy XML Editor.lnk [2012.04.08 19:48:54 | 000,001,031 | -H-- | C] () -- C:\Users\MyName\Desktop\XML Dog.lnk [2012.04.08 19:47:16 | 000,009,423 | -H-- | C] () -- C:\Users\MyName\Desktop\Item.xml [2012.04.07 15:27:03 | 000,112,250 | -H-- | C] () -- C:\Users\MyName\Desktop\1live.jpg [2012.04.07 15:12:04 | 000,118,424 | -H-- | C] () -- C:\Users\MyName\Desktop\buero.jpg [2012.04.07 14:36:51 | 000,112,828 | -H-- | C] () -- C:\Users\MyName\Desktop\landschaft.jpg [2012.04.06 17:05:31 | 000,019,730 | -H-- | C] () -- C:\Users\MyName\Desktop\logos-breit-bw.png [2012.04.06 17:04:52 | 000,039,317 | -H-- | C] () -- C:\Users\MyName\Desktop\logos-breit.png [2012.04.06 15:59:34 | 000,020,813 | -H-- | C] () -- C:\Users\MyName\Desktop\telefon.JPG [2012.04.01 21:04:41 | 000,690,589 | -H-- | C] () -- C:\Users\MyName\Desktop\logo_page1.png [2012.01.15 14:09:03 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2012.01.14 19:46:13 | 000,000,218 | -H-- | C] () -- C:\Users\MyName\AppData\Local\recently-used.xbel [2012.01.14 19:40:26 | 000,003,515 | -H-- | C] () -- C:\Users\MyName\AppData\Local\gnucash.gnucash [2012.01.14 18:34:34 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll [2012.01.10 15:27:10 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe [2011.10.02 10:37:52 | 000,002,079 | -H-- | C] () -- C:\Users\MyName\AppData\Roaming\SAS7_000.DAT [2011.09.12 20:49:56 | 000,002,892 | -H-- | C] () -- C:\Windows\System32\audcon.sys [2011.09.12 20:49:19 | 000,000,045 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe.cfg [2011.09.12 20:49:18 | 000,086,016 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe [2011.09.11 16:21:42 | 000,684,313 | ---- | C] () -- C:\Windows\unins000.exe [2011.09.11 16:21:42 | 000,011,775 | ---- | C] () -- C:\Windows\unins000.dat [2011.07.30 13:04:41 | 000,000,132 | -H-- | C] () -- C:\Users\MyName\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.07.28 22:56:48 | 000,000,032 | -H-- | C] () -- C:\Users\MyName\AppData\Roaming\msregsvv.dll [2011.07.28 22:56:48 | 000,000,032 | -H-- | C] () -- C:\ProgramData\autobk.inc [2011.07.09 21:53:29 | 000,000,132 | -H-- | C] () -- C:\Users\MyName\AppData\Roaming\Adobe GIF Format CS5 Prefs [2011.06.02 00:52:46 | 000,000,600 | -H-- | C] () -- C:\Users\MyName\AppData\Roaming\winscp.rnd [2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2011.05.12 14:28:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011.05.03 00:30:50 | 001,144,147 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll [2011.05.03 00:27:54 | 003,935,545 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll [2011.05.02 22:23:46 | 000,324,096 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll [2011.05.02 22:19:34 | 000,100,352 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll [2011.05.02 22:19:20 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.03.18 23:32:44 | 000,163,840 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll [2011.03.18 23:29:56 | 000,181,248 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll [2011.03.18 23:28:30 | 001,557,504 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll [2011.03.18 23:27:08 | 000,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll [2011.03.18 23:26:44 | 000,484,864 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll [2011.03.18 23:25:38 | 000,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll [2011.03.18 23:25:24 | 000,141,312 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll [2011.03.06 21:11:08 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2011.03.06 21:07:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll [2011.03.03 13:40:08 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll [2011.03.03 13:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll [2011.03.03 13:39:46 | 000,141,824 | ---- | C] () -- C:\Windows\System32\mp4.dll [2011.03.03 13:39:34 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll [2011.03.03 13:39:02 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe [2011.03.03 13:38:54 | 000,154,112 | ---- | C] () -- C:\Windows\System32\ts.dll [2011.03.03 13:38:40 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll [2011.03.03 13:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll [2011.03.03 13:38:04 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe [2011.03.03 13:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll [2011.03.03 13:37:40 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe [2011.03.03 13:35:32 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll [2011.03.03 13:35:26 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll [2011.03.02 23:57:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.03.02 23:57:40 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.03.02 23:57:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.03.02 23:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.03.02 23:57:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.02.22 21:39:04 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.02.22 21:37:30 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.02.11 19:10:52 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin [2011.02.11 19:10:52 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin [2011.02.11 19:10:50 | 000,874,048 | ---- | C] () -- C:\Windows\System32\igkrng575.bin [2011.02.11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2010.11.21 02:46:14 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2010.11.21 02:46:14 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2010.11.21 02:46:14 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2010.11.21 02:46:14 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2010.11.20 23:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2010.08.18 21:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\System32\Registration.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:F35A93AD < End of report > EXTRAS:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.04.2012 17:20:54 - Run 1 OTL by OldTimer - Version Folder = C:\Users\MyName\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,49 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 61,19% Memory free 6,98 Gb Paging File | 5,46 Gb Available in Paging File | 78,26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 238,29 Gb Total Space | 47,49 Gb Free Space | 19,93% Space Free | Partition Type: NTFS Drive F: | 7,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: MyName-PC | User Name: MyName | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{39C6420F-801D-40DB-BAC1-AAF9E95DD4A4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{56E48015-87EA-4541-9ECE-9A2BDFEB3EE1}" = rport=138 | protocol=17 | dir=out | app=system | "{5E62888F-D4D8-43DF-A699-A9481FB3E8BC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{60BB8577-C730-49FA-AB2C-93DC868F5554}" = rport=139 | protocol=6 | dir=out | app=system | "{62C1F64F-4FE3-41BE-A768-23807F7287BD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{63085E07-224B-4DE2-8DD3-96CDFD084F9F}" = lport=138 | protocol=17 | dir=in | app=system | "{6A46704C-3441-469D-8528-63471B17A40A}" = lport=137 | protocol=17 | dir=in | app=system | "{6D54AC2A-741D-42B1-A110-FEFCC1DE1911}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{7514E25E-57CF-43BE-9EF8-1ECFBD3CD6E2}" = lport=3389 | protocol=6 | dir=in | app=system | "{80CCCF70-3A7C-4A0B-A307-6C25B6630866}" = lport=445 | protocol=6 | dir=in | app=system | "{9280C433-D59E-4DB6-A1C5-9CC4B640F538}" = rport=445 | protocol=6 | dir=out | app=system | "{B02DCFE8-309A-40C6-8169-A9036545DE81}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B8F17D96-58E7-41FB-A9BC-93E4211B3D91}" = lport=139 | protocol=6 | dir=in | app=system | "{D6115386-DAA2-43BF-B0CB-388B23CCBAB5}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe | "{E33A9331-3CF8-4D26-AB0E-1C76BBDF23FA}" = rport=137 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0C6F1241-91D7-4A74-9FE8-7E2CA58B6B64}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{1A949648-9D55-4008-B762-BAB0925E7C1F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{2A5AAFEA-32C7-4CB0-B1A5-605E66D6639D}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | "{2C9EAD0B-C012-4CF5-BA62-D4E0FEE560C7}" = protocol=17 | dir=in | app=c:\program files\gnucash\bin\gconfd-2.exe | "{2CB0843C-5D23-4703-B4E5-BE00AF84FC6A}" = protocol=6 | dir=in | app=c:\program files\gnucash\bin\gnucash.exe | "{3399AD86-AABE-4EFA-9340-3CDC98764142}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{39CFA262-5729-4F96-AD4E-B7AFCDA09791}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{3B41D0C4-9CA0-4C79-BD0B-A7D1511C1610}" = dir=in | app=c:\program files\itunes\itunes.exe | "{47079AD3-F3CD-4FBE-A0E5-59D491446B26}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\autopatcher.exe | "{4E74FAC1-9828-4286-B82F-668CE5F0BFEB}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | "{54C83B4D-A709-4512-80CD-6CE3DB4AE035}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{58C0A869-6AB5-4612-BEF2-B784E1AC6E46}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{591E46CB-F57B-4A21-9B51-E9E9DEFB7E78}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\anno5.exe | "{59853D53-57C4-4F20-9B4B-9D78DEA6FC7E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{5BA22A12-86BE-4643-917C-CC8706CF265D}" = protocol=6 | dir=in | app=c:\users\MyName\appdata\roaming\dropbox\bin\dropbox.exe | "{6035BFD1-91DC-4AA0-8337-CD87B1B39B9B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{611A57C4-EA05-443C-9DD1-10AE7DE7330F}" = protocol=6 | dir=in | app=c:\program files\gnucash\bin\gconfd-2.exe | "{63E4450A-368F-40F2-A5DC-BA1EC1F403C0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{64BFD506-10EC-45A4-84ED-0C4C7F2E7058}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{6EF5605B-956A-4D41-A408-60CA057552CD}" = protocol=17 | dir=in | app=c:\program files\gnucash\bin\gnucash.exe | "{6F31E55A-DF65-480B-B25D-11A929E73FB2}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\autopatcher.exe | "{75CFCDA7-BD2B-4916-892B-B418FB753861}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{78853E33-B2C2-4CE3-A1FB-C58502BFB35F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{8B65C02D-04BE-40AF-9913-8FF8DD22DC5B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{A19A9979-D11D-4D3D-86B0-1E0B0D29DDD3}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\anno5.exe | "{A1BD4D3D-0B34-4CEE-983A-0FDAAE992EC7}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\initengine.exe | "{B255DD69-5DB0-48E9-88AE-04634E47F389}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | "{B4097B91-8686-468B-BF3C-DD5282CDF144}" = protocol=17 | dir=in | app=c:\users\MyName\appdata\roaming\dropbox\bin\dropbox.exe | "{B7CAEB73-EACC-4CDD-9EA7-3012D9B1FA84}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | "{D7C280BA-BB33-4801-9333-F244B6CDFE47}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | "{EE32C59D-0876-4264-85E8-E6F0A17EBB1A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\initengine.exe | "{F73C7A12-7845-41F5-9D8E-14F71949F81D}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | "TCP Query User{6DF5F95A-76D7-4460-929F-0EAC5F3A409B}C:\program files\netbeans 7.0.1\bin\netbeans.exe" = protocol=6 | dir=in | app=c:\program files\netbeans 7.0.1\bin\netbeans.exe | "TCP Query User{BB341829-A956-424C-9080-DCE6E88365D7}C:\users\MyName\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\MyName\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{99EE11F9-DA7B-4E4D-8EE7-377A94F0B8B5}C:\program files\netbeans 7.0.1\bin\netbeans.exe" = protocol=17 | dir=in | app=c:\program files\netbeans 7.0.1\bin\netbeans.exe | "UDP Query User{C40D71C1-AEA8-422D-8B8D-D27FDA8625DE}C:\users\MyName\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\MyName\appdata\roaming\dropbox\bin\dropbox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{24C152B6-544C-4B64-A4CA-575843C0CFE6}" = Article Wizard "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26 "{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java(TM) 7 "{32A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7 "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{35EF5571-957E-4C0A-A34D-0E4BF14B563C}_is1" = iPad File Explorer 1.25 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking "{4D3DA153-548D-4D7F-B62B-653D845169D3}" = Reader for PC "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{70014586-7BBA-4A92-A610-CDC896C48F8F}" = NETGEAR WG311v3 PCI Adapter "{71A53652-B627-41A4-A8A6-55AA3A92EF47}" = Samplitude 11.5 Producer Download Version "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{771D8BC7-74D6-4FE5-85C9-13EC7401EB92}" = Excellent Analytics "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{97D23E68-AF01-4B69-B31E-7DFC209D01F3}" = Essential XML Editor "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070 "{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 17.0.1000.0 "{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Premium "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D432C227-3FA3-44AB-BEE8-E665133BDD23}" = UBot "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DA5202AC-12BF-4330-B8EA-BC77F991FA1C}_is1" = AmpliTube 3 version 3.5.1 "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud "{FEF82C7B-A738-4EE2-9600-39895B21506F}" = PHASE 88 ControlPanel "Addictive Drums ADpak Retro_is1" = Addictive Drums ADpak Retro "Addictive Drums Inno Setup_is1" = Addictive Drums 1.1 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "Avira AntiVir Desktop" = Avira Free Antivirus "CCleaner" = CCleaner "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "Deus Ex Human Revolution_is1" = Deus Ex Human Revolution "Easy XML Editor_is1" = Easy XML Editor 1.6.6 "eLicenser Control" = eLicenser Control "Essential XML Editor" = Essential XML Editor "foobar2000" = foobar2000 v1.1.6 "Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version "Free YouTube Download_is1" = Free YouTube Download version "Git_is1" = Git version 1.7.6-preview20110708 "GnuCash_is1" = GnuCash 2.4.9 "Heroku_is1" = Heroku version 2.11.0 "IETester" = IETester v0.4.11 (remove only) "InstallShield_{70014586-7BBA-4A92-A610-CDC896C48F8F}" = NETGEAR WG311v3 PCI Adapter "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "LastPass" = LastPass (nur deinstallieren) "Live 8.0.4" = Live 8.0.4 "MAGIX_MSI_Samplitude_115_Producer" = Samplitude 11.5 Producer Download Version "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "MozBackup" = MozBackup 1.5.1 "Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de) "Mozilla Thunderbird 11.0.1 (x86 de)" = Mozilla Thunderbird 11.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "nbi-nb-base-" = NetBeans IDE 7.0.1 "Notepad++" = Notepad++ "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Open Codecs" = Xiph.Org Open Codecs 0.85.17777 "PriceGong" = PriceGong 2.5.4 "Revo Uninstaller" = Revo Uninstaller 1.93 "Screaming Frog SEO Spider" = Screaming Frog SEO Spider "UseNeXT_is1" = UseNeXT "VideoPad" = VideoPad Video Editor "VLC media player" = VLC media player 1.1.9 "Waldorf Largo" = Waldorf Largo "Waves Mercury Bundle" = Waves Mercury Bundle "Windows 7 - Codec Pack" = Windows 7 Codec Pack 3.1.0 "WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-1 "WinRAR archiver" = WinRAR 4.01 (32-Bit) "winscp3_is1" = WinSCP 4.3.3 "xampp" = XAMPP 1.7.4 "XviD" = XviD MPEG-4 Codec "YTdetect" = Yahoo! Detect "ZoneAlarm" = ZoneAlarm ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{BD5F3A9C-22D5-4C1D-AEA0-ED1BE83A1E67}_is1" = Ruby 1.9.2-p290 "Dropbox" = Dropbox "Leela lite 0.3.16" = Leela lite - the Go Program "Tropico 4" = Tropico 4 1.00 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 13.04.2012 09:02:26 | Computer Name = MyName-PC | Source = WinMgmt | ID = 10 Description = Error - 13.04.2012 11:41:35 | Computer Name = MyName-PC | Source = WinMgmt | ID = 10 Description = Error - 13.04.2012 18:29:04 | Computer Name = MyName-PC | Source = WinMgmt | ID = 10 Description = Error - 14.04.2012 06:36:38 | Computer Name = MyName-PC | Source = WinMgmt | ID = 10 Description = Error - 14.04.2012 10:15:53 | Computer Name = MyName-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: httpd.exe, Version:, Zeitstempel: 0x4cbbe9e8 Name des fehlerhaften Moduls: php5ts.dll, Version:, Zeitstempel: 0x4d26013e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000c5c6 ID des fehlerhaften Prozesses: 0x1240 Startzeit der fehlerhaften Anwendung: 0x01cd1a413bb8d224 Pfad der fehlerhaften Anwendung: C:\xampp\apache\bin\httpd.exe Pfad des fehlerhaften Moduls: C:\xampp\php\php5ts.dll Berichtskennung: 578606e9-863c-11e1-b0b2-1c6f65a75208 Error - 14.04.2012 15:35:45 | Computer Name = MyName-PC | Source = WinMgmt | ID = 10 Description = Error - 14.04.2012 18:03:54 | Computer Name = MyName-PC | Source = WinMgmt | ID = 10 Description = Error - 14.04.2012 18:39:53 | Computer Name = MyName-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 15.04.2012 06:38:26 | Computer Name = MyName-PC | Source = WinMgmt | ID = 10 Description = Error - 15.04.2012 09:01:05 | Computer Name = MyName-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 29.04.2012 11:15:42 | Computer Name = MyName-PC | Source = Microsoft-Windows-Eventlog | ID = 22 Description = Der Ereignisprotokollierungsdienst hat einen Fehler beim Initialisieren der Veröffentlichung von Ressourcen für Kanal "DebugChannel" erkannt. Falls ein direkter Kanal festgelegt ist, kann dies ein Hinweis darauf sein, dass auch das Protokollieren der Ressourcen nicht initialisiert werden konnte. Error - 29.04.2012 11:16:05 | Computer Name = MyName-PC | Source = PNRPSvc | ID = 102 Description = Error - 29.04.2012 11:16:05 | Computer Name = MyName-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error - 29.04.2012 11:16:05 | Computer Name = MyName-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error - 29.04.2012 11:16:16 | Computer Name = MyName-PC | Source = PNRPSvc | ID = 102 Description = Error - 29.04.2012 11:16:16 | Computer Name = MyName-PC | Source = PNRPSvc | ID = 102 Description = Error - 29.04.2012 11:16:16 | Computer Name = MyName-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error - 29.04.2012 11:16:16 | Computer Name = MyName-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error - 29.04.2012 11:16:16 | Computer Name = MyName-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error - 29.04.2012 11:16:16 | Computer Name = MyName-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 < End of report > |
![]() | #2 |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() SMART HDD entfernen hi
__________________öffne malwarebytes, berichte, poste alle logs. öffne c: dort tdss-killer-datum-version.txt öffnen, inhalt posten
__________________ |
![]() | #3 |
| ![]() SMART HDD entfernen danke für die schnelle Rückmeldung.
__________________Das Problem scheint sich ereldigt zu haben, nachdem ich einige merkwürdige versteckte Dateien im Programm-Verzeichnis entfernt habe. |
![]() | #4 |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() SMART HDD entfernen ja, aber scheint ist ja wohl kaum genug. bitte wie im ersten post beschrieben weiter.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
![]() |
Themen zu SMART HDD entfernen |
alternate, antivir, autorun, avira, bho, bonjour, device driver, entfernen, error, excel, firefox, flash player, format, home, langs, malware, malware bytes, microsoft office word, mozilla, msiexec.exe, nvidia update, object, plug-in, realtek, registry, revo uninstaller, richtlinie, rundll, scan, searchscopes, senden, software, super, svchost.exe, trojaner, udp, usenext, version=1.0, windows |