| |
| |||||||
Log-Analyse und Auswertung: VerschlüsselungstrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.08.2012, 22:36
| #1 |
| |  Verschlüsselungstrojaner hallo, mich hat es leider auch erwischt und ich würde mich sehr freuen wenn ihr mir helfen könntet malwarebytes die Scans wurden im Abgesicherten Modus gemacht die Extras.txt datei findet ihr im anhang da der text sonst zu groß wäre OTL.txt: Code:
ATTFilter OTL logfile created on: 11.08.2012 23:12:39 - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Daniel\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,26 Gb Available Physical Memory | 81,47% Memory free 8,00 Gb Paging File | 7,27 Gb Available in Paging File | 90,96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 900,41 Gb Total Space | 438,07 Gb Free Space | 48,65% Space Free | Partition Type: NTFS Drive D: | 30,00 Gb Total Space | 12,07 Gb Free Space | 40,23% Space Free | Partition Type: NTFS Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.11 23:10:43 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe PRC - [2012.08.07 08:43:41 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ========== Modules (No Company Name) ========== MOD - [2012.08.07 08:43:40 | 000,442,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll MOD - [2012.08.07 08:43:39 | 012,235,800 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll MOD - [2012.08.07 08:43:37 | 003,997,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\pdf.dll MOD - [2012.08.07 08:42:09 | 000,144,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\avutil-51.dll MOD - [2012.08.07 08:42:08 | 000,266,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\avformat-54.dll MOD - [2012.08.07 08:42:07 | 002,480,680 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\avcodec-54.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.04.20 04:04:18 | 000,203,776 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.05.08 19:57:40 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 19:57:40 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.08.12 18:13:26 | 000,087,040 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2011.06.06 21:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.12.06 12:52:40 | 000,062,464 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\watchmi\TvdService.exe -- (watchmi) SRV - [2010.07.08 14:18:30 | 000,333,264 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\3DataManager\WTGService.exe -- (WTGService) SRV - [2010.06.08 10:46:24 | 000,153,808 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion) SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.05.08 19:57:40 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 19:57:40 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.23 21:18:36 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2011.12.23 21:18:36 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev) DRV:64bit: - [2011.10.19 17:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.08.30 00:54:28 | 000,117,520 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV:64bit: - [2011.08.15 10:04:50 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.05.10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.04.20 04:44:48 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.04.20 03:22:32 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.03.30 20:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.16 18:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.09.23 22:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2010.08.19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2010.06.25 17:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2010.04.12 10:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu) DRV:64bit: - [2010.02.06 16:49:24 | 000,690,208 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su) DRV:64bit: - [2009.11.02 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2011.08.09 19:58:17 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2009.09.10 16:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/406 IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {2AF1FBEF-8D52-4607-9141-044C1D4455CC} IE - HKCU\..\SearchScopes\{2AF1FBEF-8D52-4607-9141-044C1D4455CC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNF_deAT444 IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Search Results" FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/406" FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.05 22:42:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.20 22:06:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.05 22:42:19 | 000,000,000 | ---D | M] [2012.06.02 13:50:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions [2012.06.02 13:50:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\jwsaglir.default\extensions [2012.06.02 13:49:59 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\jwsaglir.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2012.05.31 08:39:26 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\jwsaglir.default\extensions\foxyproxy@eric.h.jung [2012.06.02 13:49:55 | 000,002,519 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\jwsaglir.default\searchplugins\Search_Results.xml [2012.06.02 13:50:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.02 13:50:01 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES (X86)\SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION [2012.05.18 15:30:38 | 000,363,041 | ---- | M] () (No name found) -- C:\USERS\DANIEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JWSAGLIR.DEFAULT\EXTENSIONS\CLIENT@ANONYMOX.NET.XPI [2011.11.05 09:10:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.11.05 05:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.11.05 05:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.11.05 05:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.11.05 05:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.02 13:49:55 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2011.11.05 05:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.05 05:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.searchnu.com/406 CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.searchnu.com/406 CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: Angry Birds = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: Embed WMPlayer inline = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bamkbfdmckphehgiafpenehgebjgdlli\1.2.1_0\ CHR - Extension: Firebug Lite for Google Chrome\u2122 = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0\ CHR - Extension: Monster Dash = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknghehebaconkajgiobncfleofebcog\2.2_0\ CHR - Extension: LCD Fixer = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmlagaadacpkjapahjpdhcmmpjbgnfl\1.2_0\ CHR - Extension: uTorrentBar_DE = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\2.3.15.10_0\ CHR - Extension: The Fancy Pants Adventure: World 2 = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\loamdenijebhollnjgehcfbnpeelfhlk\14_0\ CHR - Extension: Plink = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\loeiekheegipnnbcfbfkanbbegkhjjcm\1.0_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: TypingClub = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdbgibnhfcjmmpfijkpcihjieedpfah\4.0_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL (Bandoo Media, inc) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL (Bandoo Media, inc) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE (Bandoo Media, inc) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [EPSON SX210 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFDE.EXE /FU "C:\Windows\TEMP\E_SFBAD.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe () O4 - HKCU..\Run: [TsUsbRedirectionGroupPolicyExtension] C:\Users\Daniel\AppData\Local\Microsoft\Windows\4551\TsUsbRedirectionGroupPolicyExtension.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Daniel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Daniel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{273677BE-5DA1-4363-BAB6-461A7C552C3C}: DhcpNameServer = 194.48.139.254 194.48.124.200 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43C5B605-49E7-4D57-8F0D-416711A51FC5}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0D363D7-5DAE-424A-9F71-26FC7611C95C}: DhcpNameServer = 195.34.133.21 212.186.211.21 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll (Bandoo Media, inc) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll (Bandoo Media, inc) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0574268e-2e57-11e1-ac68-6c626d41252f}\Shell - "" = AutoRun O33 - MountPoints2\{0574268e-2e57-11e1-ac68-6c626d41252f}\Shell\AutoRun\command - "" = H:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{0c3d6396-2d9b-11e1-b3c3-6c626d41252f}\Shell - "" = AutoRun O33 - MountPoints2\{0c3d6396-2d9b-11e1-b3c3-6c626d41252f}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{2d99c70a-c2b0-11e0-9e45-6c626d41252f}\Shell - "" = AutoRun O33 - MountPoints2\{2d99c70a-c2b0-11e0-9e45-6c626d41252f}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{2d99c718-c2b0-11e0-9e45-6c626d41252f}\Shell - "" = AutoRun O33 - MountPoints2\{2d99c718-c2b0-11e0-9e45-6c626d41252f}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{2d99c7f3-c2b0-11e0-9e45-6c626d41252f}\Shell - "" = AutoRun O33 - MountPoints2\{2d99c7f3-c2b0-11e0-9e45-6c626d41252f}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{49f2f2d3-de2d-11e0-8451-6c626d41252f}\Shell - "" = AutoRun O33 - MountPoints2\{49f2f2d3-de2d-11e0-8451-6c626d41252f}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{728f551a-c376-11e0-8384-6c626d41252f}\Shell - "" = AutoRun O33 - MountPoints2\{728f551a-c376-11e0-8384-6c626d41252f}\Shell\AutoRun\command - "" = H:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{b4b9b4b6-2d45-11e1-8801-6c626d41252f}\Shell - "" = AutoRun O33 - MountPoints2\{b4b9b4b6-2d45-11e1-8801-6c626d41252f}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{b4b9b4d2-2d45-11e1-8801-6c626d41252f}\Shell - "" = AutoRun O33 - MountPoints2\{b4b9b4d2-2d45-11e1-8801-6c626d41252f}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{cb82e70f-5d4d-11e1-8e0e-6c626d41252f}\Shell - "" = AutoRun O33 - MountPoints2\{cb82e70f-5d4d-11e1-8e0e-6c626d41252f}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{d922d487-3943-11e1-ab84-6c626d41252f}\Shell - "" = AutoRun O33 - MountPoints2\{d922d487-3943-11e1-ab84-6c626d41252f}\Shell\AutoRun\command - "" = H:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.11 23:10:42 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe [2012.08.11 23:05:47 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{C5C26212-8DBB-42F5-B843-8AFA35D61891} [2012.08.11 23:05:32 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{B6D7A21C-170C-4ACA-B196-EC99EF4E032C} [2012.08.11 22:59:48 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Malwarebytes [2012.08.11 22:59:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.11 22:59:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.11 22:59:43 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.11 22:59:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.11 22:59:28 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Daniel\Desktop\mbam-setup-1.62.0.1300.exe [2012.08.11 22:54:28 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{2E6C2C70-FD3F-4098-BCAB-85CC807D06D7} [2012.08.11 21:49:50 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{C92DCF6E-7772-4D7E-B2CC-1D94E0D62E29} [2012.08.11 21:48:53 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{E95B90B5-04CB-4749-8AD1-F8C1DB13CE80} [2012.08.11 21:47:06 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{59A51E74-511A-4B86-8508-6D56807F25F9} [2012.08.11 21:46:47 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{F9FF2C5B-E164-46D2-8657-CAE7BEBE2EDD} [2012.08.11 21:45:40 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\hellomoto [2012.08.11 21:35:55 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{19C23DF5-DEA5-4F2C-BD17-5F8FCB71A97C} [2012.08.11 21:35:40 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{9310ECCA-3F34-4DAC-8EDF-FDA563BD03D0} [2012.08.10 17:27:30 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{E65E8C47-873D-431F-9871-AB00CFE47085} [2012.08.10 17:02:16 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{3EDD3B59-9D53-4516-9E0C-5AA6395EAF73} [2012.08.10 16:58:45 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{E82FD5FD-0F5F-4C4E-8E89-67BC68FB71F0} [2012.08.10 16:55:15 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{DAA2C77A-BFA5-46F0-A839-56EC1477366A} [2012.08.10 12:07:09 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{DF48999E-7E9C-4CF0-8FC2-E7E39DFE8774} [2012.08.10 12:06:54 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{A982F33A-CFF8-4CBB-84AB-2B128F47686F} [2012.08.09 21:24:18 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{56C36499-85DF-4017-96B5-50E202E6EAC0} [2012.08.09 21:24:03 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{7217C04C-D3AF-4A67-AFED-E4DA3611CF96} [2012.08.09 12:41:28 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\daniel [2012.08.09 12:38:13 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Danki_Dateien [2012.08.09 12:20:06 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\nina [2012.08.09 11:40:13 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{CE7F046D-AB95-4183-B1B1-CADF41A40D8E} [2012.08.09 11:39:57 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{8FBEC492-1A1C-48CA-8238-4AF6EB51137C} [2012.08.08 11:05:10 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{C2993729-0C88-4974-A961-59276A48B62E} [2012.08.08 11:04:55 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{240668ED-9909-4308-9A52-D03F08EB7CF9} [2012.08.07 21:41:25 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{C6F669A8-BA84-4AAE-8AFA-6BB2E008F4FB} [2012.08.07 21:41:05 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{40BDE61E-6216-4688-BEF6-A4C4D818B0FD} [2012.08.07 12:57:50 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{84B26D41-2B62-44B5-8A2E-0598FE7C66B9} [2012.08.07 12:57:36 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{BC25C929-AF5B-4977-B35F-2D7321BB0530} [2012.08.07 10:58:41 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{885D6778-5B58-4FAA-930C-016449CD6FED} [2012.08.07 10:58:16 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{DE2D4110-2E52-42D4-ACE7-EC8BDB07C756} [2012.08.06 21:17:22 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{CB55E6CE-E42E-493C-9688-C012103FFDBA} [2012.08.06 21:14:44 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{1C610409-B185-48B8-A8EC-D0E8367948F5} [2012.08.06 15:38:01 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{AABC08BA-7901-457C-9889-A1F82C89611A} [2012.08.06 15:37:45 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{A834B07C-A0EC-4510-B3DE-E039E6E90CBB} [2012.08.05 20:19:57 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{303D0360-C1D3-4251-8838-E67B83236B7C} [2012.08.05 20:19:42 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{FB8AE08A-1E57-4289-A560-91205A950B7B} [2012.08.05 15:45:17 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{7CE3387D-8DF7-44E0-B20B-4445B6637AC8} [2012.08.05 15:45:03 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{C7A263AA-3E3D-47EC-98A9-D4FE002646CC} [2012.08.05 13:40:14 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{61AF6ABB-2DD1-4A91-8E40-E776F4995FBA} [2012.08.05 13:39:56 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{33C71BB5-840F-4C60-B6E5-C99226712AAD} [2012.08.04 16:52:13 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{FB7D91B1-AA9C-4E7C-97FD-33371BB46DA7} [2012.08.04 16:51:53 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{B53D272F-AE74-43AE-94F2-464A09318C32} [2012.08.04 15:34:29 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{1AEEBDFC-981E-477D-8675-95E6E08E5A42} [2012.08.04 15:34:18 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{599EA575-A55F-489A-9399-149A786CBB7E} [2012.08.04 15:34:07 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{F7C9CAC3-1D64-4515-B35C-67D2DA814ECD} [2012.08.04 15:33:45 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{3877843F-C4C2-4426-9217-18BFCB63D55D} [2012.08.04 13:04:13 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{F1ED66AB-6B72-4BBC-B60A-91CAA7EC2DB5} [2012.08.04 13:00:43 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{50D530D8-DF88-43CD-A91C-90E567B90CA3} [2012.08.04 12:57:13 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{BC942F67-024B-436D-B13E-536958AFBAA6} [2012.08.04 12:53:42 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{1D12C6E3-70BA-4A12-84D5-FB3E2096E6F0} [2012.08.04 11:32:18 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{FD01925D-AB3E-4243-9E2F-BDAB771AD586} [2012.08.04 11:32:03 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{6DF140E0-EFD8-427A-A1B9-CB031F8AD97E} [2012.08.04 11:17:39 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{C66CC31B-22B3-49AD-85E7-D2BC8510EEB9} [2012.08.04 11:17:11 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{663C8C24-0FE2-43A1-BCDC-5EA0F429DD1E} [2012.08.04 08:47:04 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{E227AED9-164C-4076-A5E7-89F9EF13E4FC} [2012.08.04 08:46:48 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{86FF9A93-0D44-4F11-AB62-50C013E6E370} [2012.08.03 12:40:38 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{288F3EFF-9F81-40D7-ADBE-518D5ACBA3E6} [2012.08.03 12:40:27 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{73F07899-5750-4CEF-9AAD-A1226C6FD046} [2012.08.03 12:34:01 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{23CEB187-911B-4E6C-9DE5-CB83DE3BACAC} [2012.08.03 10:39:13 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{DD313B49-CB4B-494D-B52D-C570A5E0D761} [2012.08.03 10:39:01 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{73EBB02F-D859-4678-9E20-115A25816BF2} [2012.08.03 10:38:50 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{2B2002F8-786E-468B-9338-2BD2AC8035BE} [2012.08.03 10:38:35 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{91759D9D-848E-489D-8F9F-AF4D97728C10} [2012.08.02 21:24:44 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{4132DC7D-B6F5-434C-B664-9A44B988AC20} [2012.08.02 21:20:42 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{5C10F65F-576F-416E-833B-3079187D1E5F} [2012.08.02 18:34:52 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{66C4EEA7-3FD4-475B-B763-6EFBE75DB35E} [2012.08.02 17:53:41 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{C057D322-B873-4690-9EBD-C519B74C586C} [2012.08.02 13:00:14 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{F2216F3F-42E9-421E-BB99-F07ECE6F06C3} [2012.08.02 13:00:02 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{C36DB5DE-CB25-4F7C-9C92-B5408D75A6D4} [2012.08.02 12:59:51 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{46B2C337-12BE-426B-8DD1-15EBA414D345} [2012.08.02 12:59:39 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{8CF73D5C-2FEF-41E5-AE3B-ACBD33DFE5D3} [2012.08.02 12:59:29 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{68680B59-3907-4939-A4B5-C5074331D7CC} [2012.08.02 12:59:06 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{D4C24759-241C-4C8B-BA38-1C274A384689} [2012.08.02 11:12:07 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{A431C274-124D-4495-8ECD-8544D9920048} [2012.08.02 11:11:52 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{73350C27-D24E-47CB-834E-53ACD5162836} [2012.08.01 12:33:11 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{6E187D89-E556-498E-8944-E39E1FA52F45} [2012.08.01 12:32:56 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{7AF0CE6C-FAD1-42D5-A5E9-636B6DE59B57} [2012.07.31 20:05:28 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{DC52E81A-CB26-4474-B4F0-900CBC922AAD} [2012.07.31 20:05:13 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{F6C29BA2-DF9A-48E6-88BF-785313106383} [2012.07.31 17:33:49 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{2CCFC28E-3FA8-4E5E-9DC3-D56895106F63} [2012.07.31 17:33:36 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{DE73FA05-AF6C-49FF-A100-32A590F5C1DE} [2012.07.31 16:42:53 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\WB Games [2012.07.31 15:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Batman Arkham City [2012.07.31 15:31:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rocksteady [2012.07.31 11:29:45 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{47A4D457-5864-4751-BBDA-B3B6F0E8A00B} [2012.07.31 11:29:19 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{BD9D9187-D8B7-4217-B60B-A39AAF2634FC} [2012.07.30 14:38:41 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{28F4F750-2A7B-4406-860C-64EED956EBA3} [2012.07.30 14:34:00 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{C57409F2-DC41-4C96-BF24-4ACD8D1434C5} [2012.07.30 11:52:43 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{AF0BDF07-C349-4D40-B363-31652EFB2C0B} [2012.07.30 11:52:30 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{3D519DDA-D53D-426C-96C7-9D100CF7DFD9} [2012.07.29 20:09:20 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Binaries [2012.07.29 19:12:08 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\FIFA 12 [2012.07.29 19:08:58 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Official Winter Transfers Update [2012.07.29 17:36:26 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{BC210357-E9DF-4E51-BB96-70ABFD02906F} [2012.07.29 17:36:08 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{BF93AA37-D5CA-4F94-A062-5EE52C81FC7D} [2012.07.29 11:32:32 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{ECFA074E-EAF7-416D-BBB3-AFFA75A41DA9} [2012.07.29 11:32:19 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{34808983-BECA-4BC4-BFE2-69F43E1DBDCF} [2012.07.29 11:14:57 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{AF568337-D419-4EE3-B24E-DA2709ABD060} [2012.07.29 11:14:41 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{4FD53820-BD2F-4A5E-A5E3-569BBEA38AA4} [2012.07.28 21:30:29 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{22C80B24-9340-45F1-ABBC-C85A64C3DE0C} [2012.07.28 21:29:19 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{062BFA1F-6536-489E-96DB-F16D175A8492} [2012.07.28 17:23:04 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{ABD160A3-D767-43A4-8FD8-B1C732F70D6E} [2012.07.28 12:07:43 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{B57BBE27-EFD0-46D5-A5A7-2B70FEA852CA} [2012.07.28 12:07:29 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{45DFD7F1-9A24-42E0-AF8C-ED42BBA74D73} [2012.07.27 16:43:29 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\YourFileDownloader [2012.07.27 16:43:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YourFileDownloader [2012.07.27 16:28:48 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{A59CC565-A5AE-48C7-8B99-68A11732C222} [2012.07.27 16:28:31 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{ABC68E0A-CF88-45FB-A0FC-B4B138AF7B21} [2012.07.27 11:59:44 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{43689E5E-CB1A-4E5E-A4F6-7F428C4BB2CC} [2012.07.27 11:59:25 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{E74368A6-3B8C-48BE-8CFB-576F118CCF23} [2012.07.26 12:59:51 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{271AE91A-86CF-4344-9349-133A00BE4F35} [2012.07.26 12:59:34 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{10F1132E-8A02-4056-AE9E-E37B942D576F} [2012.07.25 20:20:01 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{BEA61D7F-C1B4-4752-B283-51DA1250F3A1} [2012.07.25 20:19:46 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{1C10A6FC-B93C-44F9-A0BC-A53952B72F7E} [2012.07.25 17:45:58 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{58FB2F3A-7DD3-4791-9AB8-E96E6D1C9085} [2012.07.25 17:45:36 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{18F137BC-7F81-41E6-BBB9-31232D07406F} [2012.07.25 17:39:05 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{48FEBB2A-0DDD-4813-8B86-C34A6FB1A4E7} [2012.07.25 17:38:54 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{FDDBA757-400F-4E42-BFF5-5A36574CAC6D} [2012.07.25 17:38:43 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{AE5B1D33-60C8-4B33-9D5E-A2750086FF0E} [2012.07.25 17:38:32 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{B3D2DBD5-F070-46AF-AE9B-DECF138A1B06} [2012.07.25 17:38:21 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{9A810658-8098-43CB-AA8D-809160C8DF61} [2012.07.25 17:37:59 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{0C5F5157-7361-4543-8C1F-339AC666282F} [2012.07.25 10:53:15 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{5ABD4823-B653-475A-B4F0-09B948105EEB} [2012.07.25 10:52:56 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{3D9607B1-8706-42F9-ABCE-EFB7789FE579} [2012.07.25 09:10:50 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Diagnostics [2012.07.25 09:07:24 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{3436768F-546E-4755-A0A5-5A00D1774FE9} [2012.07.25 09:06:59 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{A8F8C708-4FDA-4C04-BF6C-F075211F4078} [2012.07.24 23:18:47 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{FA4A7A4E-42BE-42FF-BB33-1EF8191BB0FA} [2012.07.24 22:25:36 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{9F7F7880-B833-4DE7-BEB3-2028A6A80E6D} [2012.07.24 22:25:23 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{55BCB6A2-E27C-47DC-9F0A-9302AA818635} [2012.07.24 09:25:57 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{623D818A-7D6B-46CB-8521-67D6C852FE78} [2012.07.24 09:25:10 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{CB877EE7-5336-4956-AD4F-03C2F560BB71} [2012.07.23 22:22:20 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Bei Anruf Termin [2012.07.23 22:22:14 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Motivation zum Erfolg [2012.07.23 20:56:31 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{3A26592A-3DEB-4EF9-AA44-D8D4ADE52958} [2012.07.23 20:56:17 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{D0EB89BB-0E5E-4387-8DB5-73A68360AC03} [2012.07.23 12:38:18 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{417A3A54-EA01-45C2-B3EA-F45B9DEC39B3} [2012.07.23 12:37:59 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{1928C9E9-6314-40C1-802E-FEF8E58E0839} [2012.07.23 09:43:44 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{59063DDF-1CD6-498F-9C30-AABC27EBA5DF} [2012.07.23 09:42:17 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{88D12A0F-BF65-45F4-B28E-8D7AC321D5DC} [2012.07.22 21:05:12 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{F5935445-740D-45D5-B030-AD1ACA3262C0} [2012.07.22 21:04:57 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{AE72554C-99E7-4FDB-8868-B945BAEB483D} [2012.07.22 14:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys [2012.07.22 14:39:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys [2012.07.22 12:58:57 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{DB05FBBD-1FC5-42D2-86BE-7C6FCBC035B8} [2012.07.22 12:58:38 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{A6BF4797-88A1-402C-9A3D-B1C132BDF525} [2012.07.22 02:54:40 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{A5816059-46D9-4E01-8460-19902F627FF9} [2012.07.22 02:54:29 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{1C0B09E2-23C0-436A-A341-9700A6B5C26A} [2012.07.22 02:54:05 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{F45F9BF1-2329-4EA0-8960-9B823AB5A3AF} [2012.07.22 02:53:54 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{30A950D2-0518-4309-A570-FDB5AA5A2D60} [2012.07.22 02:53:43 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{167A3C93-7CE0-4603-88F7-98EDF42C19C7} [2012.07.22 02:53:32 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{B314B3BF-A5AE-404E-BEEE-DC3FE9534678} [2012.07.22 02:53:22 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{9D64AC3A-3D91-44AC-A881-85D99D70E3BF} [2012.07.22 02:53:00 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{61A41630-61C0-41AA-AE5D-C0F78D1C1018} [2012.07.21 17:39:40 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{7307C539-85EC-4146-B550-5B43B1EED367} [2012.07.21 17:39:22 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{FC9FF9AB-0B30-44C9-9046-DE9FF383A564} [2012.07.20 15:24:25 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{31DEA40C-036C-416B-A053-54BC3D4EC865} [2012.07.20 15:24:14 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{D5D485B5-51E9-42DD-9180-36C43B1C1D51} [2012.07.20 15:24:03 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{9622A0BE-88C2-4A37-B13E-3DD3B7018737} [2012.07.20 15:23:40 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{55E00FC3-19A2-481D-897D-E47DF0472949} [2012.07.20 15:21:32 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{251FE514-1AEE-41E1-BABA-404FF226A0DC} [2012.07.20 15:21:20 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{92A9A231-8EDD-4D2A-B3C0-481636CF660B} [2012.07.20 15:20:57 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{A9DE8906-CB4F-408F-9EBB-0C3EC93A902C} [2012.07.20 15:20:46 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{8A9C6652-7911-4762-A048-85D25C4A45BC} [2012.07.20 15:20:35 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{65AA0B0A-6193-4281-BA83-8B01A15A964F} [2012.07.20 15:20:22 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{20805556-99B0-4F63-B268-EB5864591284} [2012.07.20 15:20:10 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{35BF433D-4E0D-4E8D-8542-850F1BA94693} [2012.07.20 15:19:58 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{BA779ED1-9B45-4CEE-8DA7-417E5757B03B} [2012.07.20 15:19:35 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{D1D43877-7B9F-4562-8B5B-8E6B888E2047} [2012.07.20 15:19:24 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{1692D376-1A63-4E38-85DD-871CCFF489CE} [2012.07.20 15:19:13 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{F02EF353-A743-453B-8463-A476133FD45A} [2012.07.20 15:19:02 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{D07D4535-02DC-45C7-A41D-82FB1B6E32BA} [2012.07.20 15:18:51 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{B4A7AA05-626A-44CB-8217-AA0572FD12F8} [2012.07.20 15:18:29 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{E2130FAA-9FA1-4434-BAEB-C1C38B8DAB03} [2012.07.20 12:40:10 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{D40B425F-FE41-4B35-8007-B9CCBD65284F} [2012.07.20 12:39:51 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{4F96A137-ABC0-4C6C-B87B-36F309B1236D} [2012.07.20 00:23:09 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{DB88696C-785C-4475-93EB-D410092D4207} [2012.07.20 00:22:28 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{92AF6469-CDB4-4461-971E-6CE222C00781} [2012.07.19 13:27:08 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{BC64F994-79CE-4D99-93BB-065CFAF7B77A} [2012.07.19 13:26:49 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{A941478E-DD4C-4EDB-B66E-61CF88123CC6} [2012.07.19 00:48:34 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{89FD31C1-30BE-4C8F-878A-ABB690167F5F} [2012.07.19 00:48:18 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{3A55D444-C2DB-4600-BE02-7A2AA305E4E0} [2012.07.18 12:24:34 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{A83F2FA7-4406-4472-B002-983C3A09CA52} [2012.07.18 12:24:19 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{333A14B7-A777-4F1F-8430-C1E437C00FCB} [2012.07.17 20:07:10 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{32B37D9D-F6E9-4901-8851-F520A49FCC8E} [2012.07.17 20:06:52 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{0FCCAAEC-616E-4312-80B0-AE9BB9BAD339} [2012.07.17 14:02:53 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{3A294D9A-1D53-43E5-BF48-7A292243F1D0} [2012.07.17 14:02:29 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{04BD9355-8DBA-40EE-ACD0-79761ACFADD3} [2012.07.16 21:06:01 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{7B92A831-362A-498B-90AC-FE86C5B4402B} [2012.07.16 21:05:47 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{465DBF8A-95ED-49D4-93AA-4ACB961DD442} [2012.07.16 11:18:16 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{5BDB93C7-9AA9-4191-AB6C-67FF9B49EDDF} [2012.07.16 11:17:52 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{45E2CB71-3A76-4984-8580-56B06527E09B} [2012.07.15 14:18:38 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{36C3E34F-AFF4-4547-978A-F90D70366580} [2012.07.15 11:23:24 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{F7925877-6C84-45A4-B4AC-165C0CBCE0E6} [2012.07.14 22:46:15 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\musikneu [2012.07.14 20:22:17 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{B60E2C11-F1D3-41C9-A021-10D54CC436A6} [2012.07.14 12:44:31 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{CB14CEAB-6489-44DA-95F0-7620D26F9F74} [2012.07.14 12:41:03 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{45448D87-2595-4597-9690-A5DCE8142A3C} [2012.07.14 12:40:48 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{F5577FFC-7FAD-4F64-BE01-40B720C0C6AF} [2012.07.13 15:37:56 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{E637DB91-F0BF-4991-9936-91628473CB17} [2012.07.13 15:37:41 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{CC634F0F-F6F3-437F-90A0-16FEF3C844F4} [2012.07.13 12:13:19 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{5199499C-6335-4005-BB77-DC4F9689468B} [2012.07.13 12:12:13 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{01CFB7B2-6758-44D1-8F6D-46DD439B9B50} [11 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.11 23:16:30 | 000,050,477 | ---- | M] () -- C:\Users\Daniel\Desktop\Defogger.exe [2012.08.11 23:10:43 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe [2012.08.11 23:07:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.11 23:07:16 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys [2012.08.11 23:04:44 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.11 22:59:44 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.11 22:59:24 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Daniel\Desktop\mbam-setup-1.62.0.1300.exe [2012.08.11 21:50:08 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.11 21:37:18 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.11 21:37:18 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.10 12:51:41 | 000,002,678 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.08.09 12:42:09 | 001,507,342 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.09 12:42:09 | 000,657,660 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.09 12:42:09 | 000,618,936 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.09 12:42:09 | 000,131,032 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.09 12:42:09 | 000,107,256 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.06 22:50:59 | 000,027,517 | ---- | M] () -- C:\Users\Daniel\Desktop\hj.jpg [2012.08.04 21:58:49 | 002,960,979 | ---- | M] () -- C:\Users\Daniel\Desktop\NazarLostInTranslationNeu_9272.mp3 [2012.07.31 22:18:33 | 000,056,717 | ---- | M] () -- C:\Users\Daniel\Desktop\600090_408081172585393_1956349477_n.jpg [2012.07.31 15:43:48 | 000,001,473 | ---- | M] () -- C:\Users\Public\Desktop\Batman Arkham City.lnk [2012.07.31 12:00:25 | 000,074,658 | ---- | M] () -- C:\Users\Daniel\Desktop\[kat.ph]batman.arkham.city.proper.simon.torrent [2012.07.31 11:58:30 | 000,002,564 | ---- | M] () -- C:\Users\Daniel\Desktop\5d028454666c817b752c3d3cb74c3a47.dlc [2012.07.31 11:38:37 | 000,041,557 | ---- | M] () -- C:\Users\Daniel\Desktop\Batman.Arkham.City.v1.03.DLC-SiMON4xDVD5@www.torrent.to.torrent [2012.07.29 11:44:29 | 001,423,923 | ---- | M] () -- C:\Users\Daniel\Desktop\WB Games.rar [2012.07.22 17:24:55 | 000,253,669 | ---- | M] () -- C:\Users\Daniel\Desktop\Max+Payne+3+Full+Pc+Game+2012.torrent [2012.07.22 14:39:21 | 000,001,106 | ---- | M] () -- C:\Users\Daniel\Desktop\EVEREST Home Edition.lnk [2012.07.20 15:30:34 | 000,140,886 | ---- | M] () -- C:\Users\Daniel\Desktop\IMG_6485.JPG [2012.07.20 00:08:50 | 000,891,134 | ---- | M] () -- C:\Users\Daniel\Desktop\IMG_7129.PNG [2012.07.20 00:07:10 | 000,103,259 | ---- | M] () -- C:\Users\Daniel\Desktop\IMG_7128.JPG [2012.07.15 14:16:30 | 005,017,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [11 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.11 22:59:44 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.06 22:51:08 | 000,027,517 | ---- | C] () -- C:\Users\Daniel\Desktop\hj.jpg [2012.08.04 21:58:48 | 002,960,979 | ---- | C] () -- C:\Users\Daniel\Desktop\NazarLostInTranslationNeu_9272.mp3 [2012.07.31 22:18:37 | 000,056,717 | ---- | C] () -- C:\Users\Daniel\Desktop\600090_408081172585393_1956349477_n.jpg [2012.07.31 15:43:48 | 000,001,473 | ---- | C] () -- C:\Users\Public\Desktop\Batman Arkham City.lnk [2012.07.31 12:00:30 | 000,074,658 | ---- | C] () -- C:\Users\Daniel\Desktop\[kat.ph]batman.arkham.city.proper.simon.torrent [2012.07.31 11:58:33 | 000,002,564 | ---- | C] () -- C:\Users\Daniel\Desktop\5d028454666c817b752c3d3cb74c3a47.dlc [2012.07.31 11:38:44 | 000,041,557 | ---- | C] () -- C:\Users\Daniel\Desktop\Batman.Arkham.City.v1.03.DLC-SiMON4xDVD5@www.torrent.to.torrent [2012.07.29 11:44:28 | 001,423,923 | ---- | C] () -- C:\Users\Daniel\Desktop\WB Games.rar [2012.07.22 17:25:01 | 000,253,669 | ---- | C] () -- C:\Users\Daniel\Desktop\Max+Payne+3+Full+Pc+Game+2012.torrent [2012.07.22 14:39:21 | 000,001,106 | ---- | C] () -- C:\Users\Daniel\Desktop\EVEREST Home Edition.lnk [2012.07.20 15:13:44 | 000,891,134 | ---- | C] () -- C:\Users\Daniel\Desktop\IMG_7129.PNG [2012.07.20 15:13:43 | 000,103,259 | ---- | C] () -- C:\Users\Daniel\Desktop\IMG_7128.JPG [2012.06.18 23:43:32 | 000,003,584 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.14 14:04:29 | 000,007,602 | ---- | C] () -- C:\Users\Daniel\AppData\Local\Resmon.ResmonCfg [2012.02.26 22:41:53 | 000,001,206 | ---- | C] () -- C:\Users\Daniel\AppData\Local\Local - Verknüpfung.lnk [2011.11.06 21:14:53 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2011.09.14 15:22:15 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.06.27 11:33:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.04.20 07:10:32 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== LOP Check ========== [2012.02.26 13:52:58 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\3DataManager [2011.11.04 21:41:04 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Audacity [2012.01.11 21:00:57 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011.08.15 10:05:55 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DAEMON Tools Lite [2011.10.25 15:52:28 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DVDVideoSoft [2011.10.25 15:52:16 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DVDVideoSoftIEHelpers [2012.08.11 21:45:48 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\hellomoto [2012.01.25 23:23:56 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\HTC [2011.08.15 10:15:44 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Leadertech [2011.11.20 13:25:47 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Lionhead Studios [2012.05.31 17:31:43 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\MotioninJoy [2012.03.27 22:18:40 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Notepad++ [2011.11.08 17:42:39 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\OpenCandy [2011.10.17 16:21:15 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\OpenOffice.org [2011.12.23 21:18:37 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Program Files (x86) [2011.10.05 17:37:21 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\redsn0w [2011.11.28 19:30:28 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\SoftGrid Client [2011.09.14 15:23:04 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TP [2012.08.09 20:35:44 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\uTorrent [2012.07.27 16:44:09 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\YourFileDownloader [2012.08.02 17:52:30 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
|
15.08.2012, 17:21
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Verschlüsselungstrojaner Die Logs von Malwarebytes hast du leider nicht gepostet, bitte alle nachreichen
__________________
__________________ |
|
| Themen zu Verschlüsselungstrojaner |
| adobe, antivir, autorun, avira, bandoo, bonjour, converter, defender, explorer, firefox, format, google, helper, home, inline, logfile, mp3, musik, object, plug-in, poweriso, realtek, registry, rundll, security, senden, software, temp, windows |
Linear-Darstellung
