| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner inkl. "Wasserbild"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
02.07.2012, 16:28
| #1 | |
| |  GVU Trojaner inkl. "Wasserbild" Hallo Gemeinde, ich habe mir heute den allseits beliebten GVU Trojaner eingefangen. Natürlich, wie sollte es anders sein mitten in der Prüfungszeit -.- Bin ihn so weit wieder losgeworden, da alte Anleitungen noch funktionieren: PC per Hauptschalter ausgeschalten, dann hat wie so oft eine Applikation das Herunterfahren verhindert. Daher konnte ich dieses mit "Abbrechen" unterbrechen und meine Registry durchsuchen. Da fiel mir dann auch eine Datei in die Hände, die im "Run" Ordner nichts verloren hat, aber im abgesicherten Modus nicht zu sehen war. Also diese gelöscht inkl. Schlüssel in der Registry. Nach einem Scan mit Spybot S&D dann neu gestartet und siehe da, bis auf eine Fehlermeldung von einer fehlenden 0_0u_l.exe (Das angegebene Modul wurde nicht gefunden) Datei keine Spur mehr und mein Desktop ist wieder zu sehen. Allerdings bin ich mir nicht ganz sicher ob nicht doch noch Spuren zu finden sind, daher anbei mal die zwei Logfiles: Gibt es noch was zu tun? Vielen Dank im Voraus! OTL.txt [Spoiler]OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.07.2012 16:29:51 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Andy\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 45,96% Memory free 8,00 Gb Paging File | 5,70 Gb Available in Paging File | 71,22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 48,83 Gb Total Space | 3,42 Gb Free Space | 7,00% Space Free | Partition Type: NTFS Drive D: | 273,34 Gb Total Space | 252,62 Gb Free Space | 92,42% Space Free | Partition Type: NTFS Drive E: | 322,72 Gb Total Space | 58,90 Gb Free Space | 18,25% Space Free | Partition Type: NTFS Drive F: | 184,06 Gb Total Space | 126,53 Gb Free Space | 68,75% Space Free | Partition Type: NTFS Drive H: | 931,51 Gb Total Space | 488,95 Gb Free Space | 52,49% Space Free | Partition Type: NTFS Drive N: | 1397,26 Gb Total Space | 108,83 Gb Free Space | 7,79% Space Free | Partition Type: NTFS Computer Name: THRACIEL | User Name: Andy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Andy\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Andy\AppData\Local\Facebook\Messenger\2.1.4554.0\FacebookMessenger.exe (Facebook) PRC - F:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) PRC - F:\Program Files (x86)\Evernote\Evernote\Evernote.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) PRC - F:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) PRC - C:\Users\Andy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc) PRC - C:\Users\Andy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () PRC - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\taxaktuell.exe () PRC - F:\Program Files (x86)\3S CoDeSys\GatewayPLC\ServiceControl.exe (3S-Smart Software Solutions GmbH) PRC - F:\Program Files (x86)\3S CoDeSys\GatewayPLC\GatewaySysTray.exe (3S-Smart Software Solutions GmbH) PRC - F:\Program Files (x86)\3S CoDeSys\GatewayPLC\GatewayService.exe (3S-Smart Software Solutions GmbH) PRC - F:\Program Files (x86)\3S CoDeSys\GatewayPLC\CoDeSysControlSysTray.exe (3S-Smart Software Solutions GmbH) PRC - F:\Program Files (x86)\3S CoDeSys\GatewayPLC\CoDeSysControlService.exe (3S-Smart Software Solutions GmbH) PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Plc) PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Java\jre6\bin\javaw.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe (Fieldston Software) PRC - F:\Program Files (x86)\Mindjet\MindManager 10\MmDesignPartner.exe () PRC - F:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe (DT Soft Ltd) PRC - F:\Program Files (x86)\KeePass Password Safe\KeePass.exe (Dominik Reichl) PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG) PRC - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG) PRC - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google) PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc) PRC - C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Sophos Plc) PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - F:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - F:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - F:\Program Files (x86)\GmoteServer\GmoteServer.exe () ========== Modules (No Company Name) ========== MOD - C:\Users\Andy\AppData\Local\Facebook\Messenger\2.1.4554.0\CefSharp.dll () MOD - C:\Users\Andy\AppData\Local\Facebook\Messenger\2.1.4554.0\CefSharp.WinForms.dll () MOD - C:\Users\Andy\AppData\Local\Facebook\Messenger\2.1.4554.0\libcef.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - F:\Program Files (x86)\Evernote\Evernote\libcef.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Users\Andy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\wfvie12.dll () MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\rsguiwinapi47.dll () MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\wsteu12.dll () MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\rscorewinapi47.dll () MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\wgui12.dll () MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\wcore12.dll () MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\wauff12.dll () MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\wreli12.dll () MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\taxaktuell.exe () MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\rsodbc47.dll () MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\rsdcom47.dll () MOD - F:\Program Files (x86)\Evernote\Evernote\libtidy.dll () MOD - F:\Program Files (x86)\Evernote\Evernote\libxml2.dll () MOD - F:\Program Files (x86)\Evernote\Evernote\avformat-52.dll () MOD - F:\Program Files (x86)\Evernote\Evernote\avcodec-52.dll () MOD - F:\Program Files (x86)\Evernote\Evernote\avutil-50.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\qtsqlrs47.dll () MOD - C:\Program Files (x86)\Fieldston Software\gSyncit\gSyncit.core.dll () MOD - F:\Program Files (x86)\Mindjet\MindManager 10\MmDesignPartner.exe () MOD - F:\Program Files (x86)\Mindjet\MindManager 10\Mindjet.UsageLog.Sender.dll () MOD - F:\Program Files (x86)\Mindjet\MindManager 10\Mindjet.UsageLog.Common.dll () MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\qtcluceners47.dll () MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\phononrs47.dll () MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\qtwebkitrs47.dll () MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\qttestrs47.dll () MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\qtscriptrs47.dll () MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\qtsvgrs47.dll () MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\qtguirs47.dll () MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\qt3supportrs47.dll () MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\qtnetworkrs47.dll () MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\qtxmlrs47.dll () MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\qtcorers47.dll () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - F:\Program Files (x86)\GmoteServer\GmoteServer.exe () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libx264_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\avcodec-51.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\libxml2-2.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\libiconv-2.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\libfreetype-6.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\libgcrypt-11.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\libfontconfig-1.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\libz-1-2.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\libgpg-error-0.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libvorbis_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libtaglib_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libtheora_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libtwolame_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libts_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libvod_rtsp_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libvout_directx_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libvisual_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libty_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libvobsub_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libwaveout_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libvcd_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libwingdi_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libtransform_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libyuy2_i420_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libtelnet_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libwall_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libxtag_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libyuy2_i422_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libwav_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libvoc_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libtta_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libvmem_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libvc1_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libwave_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libxa_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libtrivial_channel_mixer_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libugly_resampler_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libtrivial_resampler_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libtrivial_mixer_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libqt4_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libskins2_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmkv_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libschroedinger_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libsdl_image_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libswscale_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmod_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libpng_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmp4_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libpostproc_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmpgatofixed32_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmux_ts_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libspeex_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libplaylist_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libstream_out_rtp_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libspatializer_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmux_ps_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libportaudio_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmux_mp4_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libogg_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libpanoramix_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libsap_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libpacketizer_mpeg4audio_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\librc_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmux_asf_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libpacketizer_h264_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libstream_out_transcode_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libstream_out_standard_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libremoteosd_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\librealaudio_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libps_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmosaic_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libreal_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libsubtitle_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmux_ogg_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\librtp_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libsubsdec_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmux_avi_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\librss_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libpacketizer_vc1_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libsubsusf_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libpacketizer_mpeg4video_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libopengl_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libstream_out_mosaic_bridge_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmotiondetect_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libpuzzle_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libnuv_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libosd_parser_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libpva_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libpacketizer_mpegvideo_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libspudec_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libsmf_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\librotate_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libosdmenu_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmono_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmpeg_audio_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libscreen_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libsvcdsub_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\librawvid_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libpsychedelic_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libstream_out_duplicate_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libstream_out_bridge_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libstats_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libscaletempo_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libparam_eq_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libntservice_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libnsv_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libstream_out_es_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libquicktime_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmpga_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libsimple_channel_mixer_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libshout_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\librealvideo_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\librawdv_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libripple_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libpodcast_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libnsc_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libnormvol_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmsn_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libstream_out_gather_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libstream_out_display_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libsharpen_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libscale_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\librawvideo_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmux_wav_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libpacketizer_copy_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libnoise_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmux_mpjpeg_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmotionblur_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libstream_out_autodel_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libshowintf_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmux_dummy_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmpgv_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libstream_out_description_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libt140_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\librv32_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libstream_out_dummy_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libspdif_mixer_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\liblive555_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\libvlccore.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libavformat_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libcaca_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libgnutls_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_output_shout_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libfaad_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\liblua_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libflac_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdvdnav_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libgoom_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdshow_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdtstofloat32_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libbda_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\liblibmpeg2_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdvdread_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdvbsub_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libatmo_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libfreetype_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libi420_rgb_sse2_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\libvlc.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libhttp_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libkate_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\liblibass_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libasf_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libavcodec_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_mms_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libavi_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libid3tag_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_http_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libi420_rgb_mmx_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libflacsys_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libcmml_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_rtmp_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\liba52tofloat32_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_realrtsp_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdeinterlace_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libcdda_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libblend_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaudioscrobbler_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaudio_format_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_ftp_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdirect3d_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libi420_rgb_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libequalizer_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_filter_timeshift_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_smb_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_filter_record_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libi420_yuy2_sse2_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libbandlimited_resampler_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libhotkeys_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libadjust_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libi422_yuy2_sse2_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdmo_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libglwin32_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaraw_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libconverter_float_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libgradient_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\liblogo_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaout_directx_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libcrop_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libcc_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libadpcm_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libextract_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libi420_yuy2_mmx_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdolby_surround_decoder_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmagnify_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdummy_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_directory_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmarq_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libi422_yuy2_mmx_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libcinepak_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_output_udp_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libi422_yuy2_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libi420_yuy2_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdts_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\liblogger_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libheadphone_channel_mixer_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libexport_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libcroppadd_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libgaussianblur_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libfake_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\liberase_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libcvdsub_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libclone_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libbluescreen_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmjpeg_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libgestures_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\liba52_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libimage_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_output_http_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\liblinear_resampler_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libcolorthres_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libcdg_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libblendbench_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaout_file_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaiff_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdtssys_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_filter_dump_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmemcpymmxext_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmemcpymmx_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmemcpy3dn_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libi422_i420_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libcanvas_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_file_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_fake_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\liba52sys_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libm4a_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\liblpcm_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libgrey_yuv_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libgrain_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libfloat32_mixer_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdtstospdif_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libau_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libalphamask_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_udp_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_filter_bandwidth_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libm4v_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libi420_ymga_mmx_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libh264_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdemuxdump_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libconverter_fixed_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_output_file_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libchain_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_tcp_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libinvert_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libfolder_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdemux_cdg_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\liba52tospdif_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libi420_ymga_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmemcpy_plugin.dll () MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_output_dummy_plugin.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (NgVpnMgr) -- C:\Windows\SysNative\ngvpnmgr.exe (Aventail Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Sophos AutoUpdate Service) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc) SRV - (CoDeSys ServiceControl) -- F:\Program Files (x86)\3S CoDeSys\GatewayPLC\ServiceControl.exe (3S-Smart Software Solutions GmbH) SRV - (CoDeSys Gateway V3) -- F:\Program Files (x86)\3S CoDeSys\GatewayPLC\GatewayService.exe (3S-Smart Software Solutions GmbH) SRV - (CoDeSys Control Win V3) -- F:\Program Files (x86)\3S CoDeSys\GatewayPLC\CoDeSysControlService.exe (3S-Smart Software Solutions GmbH) SRV - (swi_service) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Plc) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (CodeMeter.exe) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG) SRV - (Microsoft SharePoint Workspace Audit Service) -- F:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (SAVAdminService) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc) SRV - (SAVService) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (OpcEnum) -- C:\Windows\SysWOW64\OpcEnum.exe (OPC Foundation) ========== Driver Services (SafeList) ========== DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (NgVpn) -- C:\Windows\SysNative\drivers\ngvpn.sys (Aventail Corporation) DRV:64bit: - (NgLog) -- C:\Windows\SysNative\drivers\nglog.sys (Aventail Corporation) DRV:64bit: - (NgWfp) -- C:\Windows\SysNative\drivers\ngwfp.sys (Aventail Corporation) DRV:64bit: - (NgFilter) -- C:\Windows\SysNative\drivers\ngfilter.sys (Aventail Corporation) DRV:64bit: - (dvdfab) -- C:\Windows\SysNative\drivers\dvdfab.sys (Fengtao Software Inc.) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys () DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys () DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (SAVOnAccess) -- C:\Windows\SysNative\drivers\savonaccess.sys (Sophos Plc) DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (sdcfilter) -- C:\Windows\SysNative\drivers\sdcfilter.sys (Sophos Plc) DRV:64bit: - (SophosBootDriver) -- C:\Windows\SysNative\drivers\SophosBootDriver.sys (Sophos Plc) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\SysNative\drivers\snpstd3.sys (Sonix Co. Ltd.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation) DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation) DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (Ph3xIB64) -- C:\Windows\SysNative\drivers\Ph3xIB64.sys (NXP Semiconductors) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (AmdLLD64) -- C:\Windows\SysNative\drivers\AmdLLD64.sys (Advanced Micro Devices) DRV:64bit: - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (ATI Technologies Inc.) DRV:64bit: - (irsir) -- C:\Windows\SysNative\drivers\irsir.sys (Microsoft Corporation) DRV:64bit: - (amdide64) -- C:\Windows\SysNative\drivers\amdide64.sys (Advanced Micro Devices) DRV - (AODDriver4.01) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys () DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\SysWOW64\drivers\snpstd3.sys (Sonix Co. Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 44 58 13 30 2E 58 CD 01 [binary data] IE - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001\..\SearchScopes,DefaultScope = {5DA96EE5-A1B4-4302-8F20-4C5DEB41E74F} IE - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001\..\SearchScopes\{5DA96EE5-A1B4-4302-8F20-4C5DEB41E74F}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: F:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ptc.com/ProductViewLite: C:\Program Files (x86)\Common Files\PTC\np6_pvapplite9.dll (PTC) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Andy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Andy\AppData\Local\Facebook\Messenger\2.1.4554.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.19 20:54:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.19 20:54:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.08 20:05:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\mozilla\Extensions [2012.07.02 08:38:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\ykr2l8mc.default\extensions [2012.05.17 21:26:36 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\ykr2l8mc.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.06.15 18:55:28 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\ykr2l8mc.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2012.05.18 17:31:51 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\ykr2l8mc.default\extensions\ich@maltegoetz.de [2012.01.03 11:20:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.02 08:38:32 | 000,525,327 | ---- | M] () (No name found) -- C:\USERS\ANDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YKR2L8MC.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI [2011.12.08 20:07:57 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\ANDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YKR2L8MC.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI [2012.04.02 15:27:06 | 000,027,841 | ---- | M] () (No name found) -- C:\USERS\ANDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YKR2L8MC.DEFAULT\EXTENSIONS\MOZREPL@HYPERSTRUCT.NET.XPI [2012.02.06 20:57:40 | 000,088,244 | ---- | M] () (No name found) -- C:\USERS\ANDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YKR2L8MC.DEFAULT\EXTENSIONS\SENDTOPHONE@MARTINEZDELIZARRONDO.COM.XPI [2012.02.06 20:57:40 | 000,008,470 | ---- | M] () (No name found) -- C:\USERS\ANDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YKR2L8MC.DEFAULT\EXTENSIONS\TAGEXT@MICHAELLIEBWEIN.DE.XPI [2012.06.19 20:54:05 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.19 20:54:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.19 20:54:04 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.19 20:54:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.19 20:54:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.19 20:54:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.19 20:54:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}, CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Andy\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Andy\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Andy\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: ProductView (Enabled) = C:\Program Files (x86)\Common Files\PTC\np6_pvapplite9.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Andy\AppData\Local\Facebook\Messenger\2.0.4478.0\npFbDesktopPlugin.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Andy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Google Update (Enabled) = C:\Users\Andy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Microsoft Office 2010 (Enabled) = F:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = F:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - Extension: Google Drive = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\5.4_0\ CHR - Extension: Google Drive = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6_0\ CHR - Extension: James White = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0\ CHR - Extension: YouTube = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google+ Benachrichtigungen = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\boemmnepglcoinjcdlfcpcbmhiecichi\1.0.1.424_0\ CHR - Extension: Google+ Benachrichtigungen = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\boemmnepglcoinjcdlfcpcbmhiecichi\1.0.1.619_0\ CHR - Extension: Google-Suche = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Kalender = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\ CHR - Extension: SENDtoREADER for Google Chrome\u2122 = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhdkebeidngpdomidhocbjgjbfbpdbdh\1.0.1_0\ CHR - Extension: Google +1-Schaltfl\u00E4che = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp\1.1.2.424_0\ CHR - Extension: Google Maps = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.4_0\ CHR - Extension: Google Mail-Checker = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\ CHR - Extension: Google Chrome to Phone Extension = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\ CHR - Extension: Google Mail = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHOX64.dll (Sophos Plc) O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - F:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AMD_Display] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BCSSync] F:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [CoDeSysControlSysTray] F:\Program Files (x86)\3S CoDeSys\GatewayPLC\CoDeSysControlSysTray.exe (3S-Smart Software Solutions GmbH) O4 - HKLM..\Run: [GatewaySysTray] F:\Program Files (x86)\3S CoDeSys\GatewayPLC\GatewaySysTray.exe (3S-Smart Software Solutions GmbH) O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Plc) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001..\Run: [DAEMON Tools Lite] F:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001..\Run: [Facebook Update] C:\Users\Andy\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001..\Run: [gSyncit] C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe (Fieldston Software) O4 - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001..\Run: [KeePass Password Safe] F:\Program Files (x86)\KeePass Password Safe\KeePass.exe (Dominik Reichl) O4 - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001..\Run: [MmDesignPartner.exe] F:\Program Files (x86)\Mindjet\MindManager 10\MmDesignPartner.exe () O4 - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001..\Run: [Spotify Web Helper] C:\Users\Andy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001..\Run: [SpybotSD TeaTimer] F:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001..\Run: [Steam] F:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\calibre - E-book management.lnk = F:\Program Files (x86)\Calibre2\calibre.exe () O4 - Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Andy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = F:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O4 - Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk = F:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O4 - Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Andy\AppData\Local\Facebook\Messenger\2.1.4554.0\FacebookMessenger.exe (Facebook) O4 - Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GmoteServer.lnk = F:\Program Files (x86)\GmoteServer\GmoteServer.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Evernote 4.0 - F:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8:64bit: - Extra context menu item: An OneNote s&enden - F:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Bild an MindManager senden - F:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet) O8:64bit: - Extra context menu item: Link an MindManager senden - F:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - F:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Seite an MindManager senden - F:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet) O8:64bit: - Extra context menu item: Text an MindManager senden - F:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet) O8 - Extra context menu item: Add to Evernote 4.0 - F:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: An OneNote s&enden - F:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Bild an MindManager senden - F:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet) O8 - Extra context menu item: Link an MindManager senden - F:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - F:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an MindManager senden - F:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet) O8 - Extra context menu item: Text an MindManager senden - F:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - F:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @F:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @F:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82DCF2C7-9CDF-4980-9E9C-18A97D72FCF4}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\video/mp4 - No CLSID value found O18:64bit: - Protocol\Filter\video/x-flv - No CLSID value found O18 - Protocol\Filter\video/mp4 - No CLSID value found O18 - Protocol\Filter\video/x-flv - No CLSID value found O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Plc) O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Plc) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.02 16:22:16 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe [2012.06.27 12:58:05 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Zero G Registry [2012.06.26 20:46:58 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\MusicBrainz [2012.06.26 20:44:02 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\TagScanner [2012.06.26 20:43:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TagScanner [2012.06.26 20:06:29 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\pdfforge [2012.06.26 20:06:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.06.26 20:06:27 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX [2012.06.26 20:06:27 | 000,095,232 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2012.06.26 20:06:26 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCDE.DLL [2012.06.26 20:06:26 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6DE.DLL [2012.06.26 20:06:26 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL [2012.06.26 20:06:26 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL [2012.06.26 19:24:41 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XMind [2012.06.26 19:24:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMind [2012.06.25 15:00:21 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2012.06.25 15:00:21 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2012.06.24 14:59:13 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook [2012.06.19 14:52:24 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.19 14:52:24 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.19 14:52:23 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.19 14:51:55 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.19 14:51:55 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012.06.17 19:35:34 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\Macromedia [2012.06.17 17:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.06.17 17:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.06.17 17:10:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari [2012.06.17 16:28:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.06.17 16:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.06.17 16:28:26 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.06.15 20:16:10 | 000,000,000 | ---D | C] -- C:\Users\Andy\Desktop\Programme [2012.06.15 20:15:37 | 000,000,000 | ---D | C] -- C:\Users\Andy\Desktop\Spiele [2012.06.15 17:38:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote [2012.06.14 17:42:24 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.06.14 17:42:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.06.14 17:42:23 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.06.14 17:42:22 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.06.14 17:42:20 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.06.14 17:42:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.06.14 17:42:19 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.06.14 17:42:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.06.14 17:42:16 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.06.14 17:42:16 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.06.14 17:42:15 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.06.14 17:42:14 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.06.14 17:42:13 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.06.14 17:40:45 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.06.14 17:40:45 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.06.14 17:40:45 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.06.14 17:39:36 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.06.14 17:39:30 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.06.14 17:39:29 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.06.14 17:39:18 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.06.14 17:39:17 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.06.14 17:38:49 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012.06.11 21:04:16 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\GetFoldersize [2012.06.11 21:03:20 | 002,369,456 | ---- | C] (Codejock Software) -- C:\Windows\SysWow64\Codejock.CommandBars.v13.4.2.ocx [2012.06.11 21:03:20 | 001,005,088 | ---- | C] (Bennet-Tec Information Systems, Inc) -- C:\Windows\SysWow64\TList8.ocx [2012.06.11 21:03:20 | 000,171,752 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\SysWow64\mtRTF2.ocx [2012.06.11 21:03:20 | 000,086,016 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\SysWow64\mtSplitter.ocx [2012.06.11 21:03:20 | 000,044,736 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\SysWow64\mtSubclass.dll [2012.06.11 21:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GetFoldersize [2012.06.11 00:49:48 | 000,000,000 | ---D | C] -- C:\Users\Andy\Documents\Meine empfangenen Dateien [2012.06.11 00:34:39 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\{273A0F53-25A5-4D73-9EEF-BC70A2D26EBB} [2012.06.11 00:34:28 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\{F47A77FA-E564-43F9-9F4C-D5B1FAFF5FF7} [2012.06.11 00:21:49 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\Windows Live [2012.06.11 00:21:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live [2012.06.08 17:57:06 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\Evernote [2012.06.07 19:13:06 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\ABBYY [2012.06.07 19:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY PDF Transformer 3.0 [2012.06.07 19:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY [2012.06.07 19:05:30 | 000,050,456 | ---- | C] (Tracker Software Products Ltd.) -- C:\Windows\SysNative\pxc40pma.dll [2012.06.05 17:34:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard [2012.06.05 17:27:55 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard [2012.06.04 17:35:16 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll [2012.06.04 17:35:16 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll [2012.06.04 17:35:16 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2012.06.04 17:35:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2012.06.04 17:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.06.04 17:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2012.06.04 17:34:32 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\Apple [2012.06.04 17:34:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012.06.04 17:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012.06.04 17:33:17 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012.06.04 17:33:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2012.06.04 17:33:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012.06.04 17:33:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2012.06.03 12:28:18 | 000,000,000 | ---D | C] -- C:\Users\Andy\Documents\OpenTTD [2012.06.03 12:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenTTD [2012.06.03 11:11:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Railroad Tycoon 3 [1 C:\Users\Andy\Desktop\*.tmp files -> C:\Users\Andy\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.02 16:28:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4228586425-1612734724-1101849170-1001UA.job [2012.07.02 16:26:32 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.02 16:26:32 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.02 16:22:46 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe [2012.07.02 16:16:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.02 16:16:06 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys [2012.07.02 15:38:49 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad [2012.07.02 15:12:16 | 000,001,879 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.07.02 13:57:02 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4228586425-1612734724-1101849170-1001UA.job [2012.07.02 07:45:16 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4228586425-1612734724-1101849170-1001Core.job [2012.07.02 07:32:12 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4228586425-1612734724-1101849170-1001Core.job [2012.06.27 14:26:12 | 000,072,022 | ---- | M] () -- C:\Users\Andy\Desktop\DoubleFacePalm.jpg [2012.06.26 20:44:00 | 000,000,726 | ---- | M] () -- C:\Users\Andy\Desktop\TagScanner.lnk [2012.06.26 20:06:34 | 000,000,876 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk [2012.06.26 20:06:34 | 000,000,737 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.06.26 19:24:41 | 000,000,675 | ---- | M] () -- C:\Users\Andy\Desktop\XMind.lnk [2012.06.24 14:59:16 | 000,001,335 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2012.06.17 17:57:26 | 000,001,285 | ---- | M] () -- C:\Users\Andy\Desktop\6. Semester - Verknüpfung.lnk [2012.06.17 17:11:46 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.06.17 17:11:01 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2012.06.17 16:28:55 | 000,001,577 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.06.17 16:24:01 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.06.17 16:24:01 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.06.17 14:57:06 | 000,554,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.15 21:27:16 | 000,001,394 | ---- | M] () -- C:\Users\Andy\Desktop\Andy Scans.lnk [2012.06.15 19:40:06 | 000,000,764 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk [2012.06.15 06:51:42 | 000,095,232 | ---- | M] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2012.06.14 18:11:29 | 001,634,396 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.14 18:11:29 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.14 18:11:29 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.14 18:11:29 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.14 18:11:29 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.08 17:58:34 | 000,000,773 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2012.06.08 17:56:57 | 000,000,659 | ---- | M] () -- C:\Users\Andy\Desktop\Evernote.lnk [2012.06.07 23:14:05 | 000,020,434 | ---- | M] () -- C:\Users\Andy\Documents\Rollo-Andy-Thraciel.opt [2012.06.07 23:14:05 | 000,000,718 | ---- | M] () -- C:\Users\Andy\Documents\Rollo-AllUsers.opt [2012.06.04 17:21:42 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.06.03 18:16:19 | 000,001,048 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.06.03 00:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.03 00:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.03 00:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [1 C:\Users\Andy\Desktop\*.tmp files -> C:\Users\Andy\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.02 15:12:16 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad [2012.07.02 15:12:16 | 000,001,879 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.06.27 14:26:10 | 000,072,022 | ---- | C] () -- C:\Users\Andy\Desktop\DoubleFacePalm.jpg [2012.06.26 20:46:34 | 000,000,857 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBrainz Picard.lnk [2012.06.26 20:44:00 | 000,000,726 | ---- | C] () -- C:\Users\Andy\Desktop\TagScanner.lnk [2012.06.26 20:06:34 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk [2012.06.26 20:06:34 | 000,000,737 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.06.26 19:24:41 | 000,000,675 | ---- | C] () -- C:\Users\Andy\Desktop\XMind.lnk [2012.06.17 17:57:26 | 000,001,285 | ---- | C] () -- C:\Users\Andy\Desktop\6. Semester - Verknüpfung.lnk [2012.06.17 17:11:46 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.06.17 17:11:01 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk [2012.06.17 17:11:01 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk [2012.06.17 16:28:55 | 000,001,577 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.06.15 21:27:16 | 000,001,394 | ---- | C] () -- C:\Users\Andy\Desktop\Andy Scans.lnk [2012.06.15 19:40:06 | 000,000,764 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk [2012.06.08 17:58:34 | 000,000,773 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2012.06.08 17:56:57 | 000,000,659 | ---- | C] () -- C:\Users\Andy\Desktop\Evernote.lnk [2012.06.05 17:54:13 | 000,000,962 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk [2012.06.04 17:34:31 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.06.04 17:21:42 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.06.03 18:16:19 | 000,001,048 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.05.06 19:16:54 | 000,000,780 | ---- | C] () -- C:\Windows\wiso.ini [2012.05.06 14:07:31 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2012.05.03 16:32:43 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.05.02 13:30:59 | 000,000,218 | ---- | C] () -- C:\Users\Andy\AppData\Local\recently-used.xbel [2012.04.24 14:53:08 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe [2012.04.24 14:53:08 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll [2012.04.24 14:53:07 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe [2012.04.24 14:53:07 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys [2012.04.24 14:53:07 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys [2012.04.20 08:56:50 | 000,005,305 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\flexadmin.xml [2012.03.27 14:19:00 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.03.27 14:19:00 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.03.13 22:20:31 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.02.28 00:05:35 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe [2012.02.28 00:05:29 | 000,356,352 | ---- | C] () -- C:\Windows\tsnpstd3.exe [2012.02.28 00:05:29 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnpstd3.dll [2012.02.28 00:05:29 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll [2012.02.28 00:05:29 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll [2012.02.28 00:05:29 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini [2012.02.14 22:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2012.01.31 06:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.01.24 21:07:36 | 000,000,032 | ---- | C] () -- C:\Users\Andy\.simfy [2011.12.27 15:42:36 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2011.12.08 19:46:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.09.22 05:36:10 | 000,215,112 | ---- | C] () -- C:\Windows\ngmsi.dll [2011.09.22 05:34:00 | 000,021,064 | ---- | C] () -- C:\Windows\ngutil.exe [2011.04.09 19:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== LOP Check ========== [2012.05.17 16:37:46 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\.minecraft [2011.12.13 18:26:35 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Aventail [2012.05.07 07:33:47 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Buhl Data Service [2012.03.26 20:19:22 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\calibre [2012.03.21 17:32:17 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Canneverbe Limited [2012.05.05 13:29:48 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\CoDeSys [2011.12.27 17:24:59 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Cornelsen [2011.12.14 20:48:58 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\DAEMON Tools Lite [2012.07.02 16:27:16 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Dropbox [2012.03.27 22:18:38 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\FreePDF [2012.06.11 21:05:09 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\GetFoldersize [2012.06.26 20:11:21 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\gSyncit [2012.01.24 18:55:00 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\HTC [2012.04.02 15:36:15 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\KeePass [2012.04.11 18:40:20 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\MAGIX [2012.06.26 20:46:58 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\MusicBrainz [2012.05.06 13:33:38 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\MyPhoneExplorer [2012.05.03 18:33:37 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\OnlineHelp [2012.05.28 15:56:05 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Opera [2012.06.26 20:09:31 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\pdfforge [2012.06.21 07:22:09 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\PTC [2012.01.24 21:07:35 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Simfy [2011.12.09 00:05:10 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Sinvise Systems [2012.07.02 14:51:35 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Spotify [2012.06.26 20:44:02 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\TagScanner [2012.03.24 11:11:43 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Titanium [2012.07.02 07:32:12 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4228586425-1612734724-1101849170-1001Core.job [2012.07.02 13:57:02 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4228586425-1612734724-1101849170-1001UA.job [2012.05.28 15:35:09 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > [/QUOTE] Extras.txt Zitat:
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.02.02 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Andy :: THRACIEL [Administrator] Schutz: Deaktiviert 02.07.2012 17:49:42 mbam-log-2012-07-02 (17-49-42).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 207485 Laufzeit: 3 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Geändert von Thraciel (02.07.2012 um 17:04 Uhr) |
|
04.07.2012, 08:04
| #2 |
| | GVU Trojaner inkl. "Wasserbild" push..............
__________________ |
|
11.07.2012, 23:53
| #3 |
| /// Helfer-Team  | GVU Trojaner inkl. "Wasserbild" Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001\..\SearchScopes,DefaultScope = {5DA96EE5-A1B4-4302-8F20-4C5DEB41E74F}
IE - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001\..\SearchScopes\{5DA96EE5-A1B4-4302-8F20-4C5DEB41E74F}: "URL" = http://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
CHR - plugin: Google Update (Enabled) = C:\Users\Andy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AMD_Display] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
[2012.07.02 16:28:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4228586425-1612734724-1101849170-1001UA.job
[2012.07.02 15:38:49 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad
[2012.07.02 15:12:16 | 000,001,879 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.02 15:12:16 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad
[2012.07.02 15:12:16 | 000,001,879 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.02 07:45:16 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4228586425-1612734724-1101849170-1001Core.job
:Files
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4228586425-1612734724-1101849170-1001UA.job
C:\ProgramData\l_u0_0.pad
C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4228586425-1612734724-1101849170-1001Core.job
:Commands
ipconfig /flushdns /c
[emptytemp]
[emptyflash]
[resethosts]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
|
21.07.2012, 23:57
| #4 |
| /// Helfer-Team | GVU Trojaner inkl. "Wasserbild" Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
Linear-Darstellung
