Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
PUP-BundleInstaler.Bl in Datei "OuterSpace_downloader by Wallpaperstock.net.exe"

PUP-BundleInstaler.Bl in Datei "OuterSpace_downloader by Wallpaperstock.net.exe"


Plagegeister aller Art und deren Bekämpfung: PUP-BundleInstaler.Bl in Datei "OuterSpace_downloader by Wallpaperstock.net.exe"

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 09.10.2012, 20:17   #1
0130
 
PUP-BundleInstaler.Bl in Datei "OuterSpace_downloader by Wallpaperstock.net.exe" - Standard

PUP-BundleInstaler.Bl in Datei "OuterSpace_downloader by Wallpaperstock.net.exe"


Hy Board,
Diese Meldung hat mir eben mein G-Data Virenwächter gegeben, und zwar in den Pfaden C:\Users..... und D:\Users....
Dazu muss ich sagen, dass C eine SSD ist und ich daher Dinge wie die Auslagerungsdatei etc. auf D ausgelagert habe. Trotzdem hat es mich doch schon länger gewundert, dass auf C und D praktisch dieselben Ordnerstrukturen "wachsen" ?! Ich habe bis vor kurzem Norton Internet Security benutzt und benutze zur Zeit G-Data Internet Security 2012 mit eingeschalteter Verhaltensanalyse (auch wenn ich bei Threatfire da irgendwie ein besseres Gefühl hatte), aber AUSGESCHALTETER Firewall,. da ich die Win7-Wand an habe.
Ich muss gestehen, dass es zwischen Norton und G-Data einen Zeitraum von ca. 14 Tagen gab, in denen ich lediglich mit Threatfire und Windowsfirewall (und natürlich Hardwarefirewall) online war. In meinem Router sind keine außergewöhnlichen Ports für IRC oder ähnliches geöffnet, daher dachte ich da nicht weiter drüber nach.
Lange Rede, kurzer Sinn - hab ich ihn mir an die Wand gefahren?
Hier ist OTL.txt, Extras.txt ist gezippt im Anhang. Danke Euch!!!
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 09.10.2012 20:07:39 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\HTho\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,71 Gb Total Physical Memory | 11,45 Gb Available Physical Memory | 72,86% Memory free
16,71 Gb Paging File | 12,25 Gb Available in Paging File | 73,30% Paging File free
Paging file location(s): R:\pagefile.sys 1023 1023 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 76,18 Gb Free Space | 63,94% Space Free | Partition Type: NTFS
Drive D: | 29,30 Gb Total Space | 12,14 Gb Free Space | 41,43% Space Free | Partition Type: NTFS
Drive E: | 1833,72 Gb Total Space | 1255,60 Gb Free Space | 68,47% Space Free | Partition Type: NTFS
Drive G: | 48,84 Gb Total Space | 0,68 Gb Free Space | 1,40% Space Free | Partition Type: NTFS
Drive H: | 358,14 Gb Total Space | 0,67 Gb Free Space | 0,19% Space Free | Partition Type: NTFS
Drive I: | 486,25 Gb Total Space | 68,26 Gb Free Space | 14,04% Space Free | Partition Type: NTFS
Drive J: | 38,28 Gb Total Space | 1,69 Gb Free Space | 4,42% Space Free | Partition Type: NTFS
Drive R: | 1,99 Gb Total Space | 0,99 Gb Free Space | 49,85% Space Free | Partition Type: FAT32
 
Computer Name: HTHO-PC | User Name: HTho | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.09 20:07:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HTho\Desktop\OTL.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.16 14:58:58 | 000,871,536 | ---- | M] (BitLeader) -- C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
PRC - [2012.07.07 00:34:18 | 005,019,360 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUSB\XFastUsb.exe
PRC - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.05.08 15:50:00 | 001,011,720 | ---- | M] (G Data Software AG) -- D:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe
PRC - [2012.02.07 17:53:34 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.02.07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.02.07 17:52:04 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.02.07 17:27:24 | 000,121,344 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012.01.26 19:40:44 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012.01.13 15:47:12 | 001,448,744 | ---- | M] () -- C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe
PRC - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.11.29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.11.22 21:14:26 | 001,648,600 | ---- | M] (Copernic Inc.) -- C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe
PRC - [2011.09.28 02:37:56 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2011.08.17 15:00:08 | 000,448,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2011.08.17 15:00:04 | 001,620,488 | ---- | M] (G Data Software AG) -- D:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
PRC - [2011.08.17 15:00:04 | 001,505,800 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2011.08.17 15:00:02 | 000,464,392 | ---- | M] (G Data Software AG) -- D:\Programme\G Data\InternetSecurity\AVK\AVKService.exe
PRC - [2011.05.19 11:10:22 | 000,909,824 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
PRC - [2011.03.30 08:01:08 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2011.02.22 13:57:34 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFTray.exe
PRC - [2011.02.22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFService.exe
PRC - [2010.08.16 06:11:08 | 001,564,672 | ---- | M] (CMedia) -- C:\Program Files\ASUS Xonar DG Audio\Customapp\AsusAudioCenter.exe
PRC - [2009.12.15 13:47:00 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008.07.11 09:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.25 11:42:58 | 000,460,312 | ---- | M] () -- C:\Users\HTho\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
MOD - [2012.09.25 11:42:55 | 004,005,912 | ---- | M] () -- C:\Users\HTho\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
MOD - [2012.09.25 11:41:39 | 000,578,072 | ---- | M] () -- C:\Users\HTho\AppData\Local\Google\Chrome\Application\22.0.1229.79\libglesv2.dll
MOD - [2012.09.25 11:41:38 | 000,123,416 | ---- | M] () -- C:\Users\HTho\AppData\Local\Google\Chrome\Application\22.0.1229.79\libegl.dll
MOD - [2012.09.25 11:41:27 | 000,156,712 | ---- | M] () -- C:\Users\HTho\AppData\Local\Google\Chrome\Application\22.0.1229.79\avutil-51.dll
MOD - [2012.09.25 11:41:26 | 000,275,496 | ---- | M] () -- C:\Users\HTho\AppData\Local\Google\Chrome\Application\22.0.1229.79\avformat-54.dll
MOD - [2012.09.25 11:41:24 | 002,168,360 | ---- | M] () -- C:\Users\HTho\AppData\Local\Google\Chrome\Application\22.0.1229.79\avcodec-54.dll
MOD - [2012.07.10 21:21:27 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll
MOD - [2012.07.10 20:31:32 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\33e53ffe7ba7362a2d483ef4ea79bfe3\IAStorUtil.ni.dll
MOD - [2012.07.10 20:31:32 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\acc563eb665e430df4375afb9697a5d9\IAStorCommon.ni.dll
MOD - [2012.07.10 17:21:06 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.07.10 17:21:01 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012.07.10 17:20:55 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.07.10 17:20:52 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.07.10 17:20:50 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.07.10 17:20:48 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012.07.10 17:20:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.07.10 17:20:43 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.07.10 17:20:42 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.07.10 17:20:40 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.01.13 15:47:12 | 001,448,744 | ---- | M] () -- C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe
MOD - [2011.05.04 16:32:20 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\de-DE\THXAudNB.resources.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.12.15 13:49:20 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.12.15 13:46:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009.07.14 19:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009.05.11 12:01:13 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS Xonar DG Audio\Customapp\VmixP8.dll
MOD - [2008.07.11 09:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.02.09 16:26:48 | 000,133,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)
SRV:64bit: - [2012.02.02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2011.10.19 16:19:30 | 000,395,136 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\ASRock\XFast LAN\spd.exe -- (cFosSpeedS)
SRV:64bit: - [2011.03.14 09:09:14 | 004,034,376 | ---- | M] () [Auto | Running] -- C:\Program Files\OO Software\DiskImage\oodiag.exe -- (OO DiskImage)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.10.09 18:59:34 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.04.26 15:03:36 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2012.03.19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.02.07 17:53:34 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.02.07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.02.07 17:52:04 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.02.07 17:27:24 | 000,121,344 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.08.17 15:00:08 | 000,448,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2011.08.17 15:00:04 | 001,505,800 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2011.08.17 15:00:02 | 000,464,392 | ---- | M] (G Data Software AG) [Auto | Running] -- D:\Programme\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2011.07.28 03:12:58 | 002,048,632 | ---- | M] (G Data Software AG) [Auto | Running] -- D:\Programme\G Data\InternetSecurity\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2011.04.20 09:57:02 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2011.02.22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.12.17 04:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007.01.11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.09 20:05:10 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001)
DRV:64bit: - [2012.09.28 17:08:08 | 000,065,912 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2012.09.28 17:08:08 | 000,031,608 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GdNetMon64.sys -- (GdNetMon)
DRV:64bit: - [2012.09.28 17:08:07 | 000,052,088 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2012.09.10 20:06:00 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)
DRV:64bit: - [2012.09.10 20:01:36 | 000,059,256 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2012.09.10 20:01:15 | 000,110,968 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2012.09.10 20:01:14 | 000,050,552 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2012.08.30 18:21:01 | 000,032,320 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV:64bit: - [2012.07.15 19:06:16 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.07.10 17:49:12 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012.07.07 00:34:18 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2012.04.18 19:08:04 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.09 16:24:16 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
DRV:64bit: - [2012.02.09 16:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent)
DRV:64bit: - [2012.02.09 16:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent)
DRV:64bit: - [2012.01.26 19:39:34 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.01.26 19:39:34 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.01.26 19:39:34 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012.01.18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012.01.13 12:52:38 | 000,031,016 | ---- | M] (ASRock Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AsrRamDisk.sys -- (AsrRamDisk)
DRV:64bit: - [2011.11.29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.11.10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.08.23 15:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.07.04 15:19:34 | 001,632,128 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed)
DRV:64bit: - [2011.05.10 16:28:48 | 000,017,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2011.03.14 09:10:38 | 000,043,600 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\oodivdh.sys -- (oodivdh)
DRV:64bit: - [2011.03.14 09:10:36 | 000,215,120 | ---- | M] (O&O Software GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\oodivd.sys -- (oodivd)
DRV:64bit: - [2011.03.14 09:10:34 | 000,040,016 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\oodisrh.sys -- (oodisrh)
DRV:64bit: - [2011.03.14 09:10:32 | 000,117,328 | ---- | M] (O&O Software GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\oodisr.sys -- (oodisr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.22 13:57:58 | 000,074,824 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TfSysMon)
DRV:64bit: - [2011.02.22 13:57:56 | 000,041,888 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - [2011.02.22 13:57:54 | 000,065,072 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2011.01.15 18:21:06 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.07.23 11:55:39 | 001,261,056 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp)
DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2009.07.14 07:18:32 | 000,344,592 | ---- | M] (TechniSat Provide) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MtsBda.sys -- (MTSBDA)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4B 13 86 AB EF 5C CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
IE - HKCU\..\SearchScopes\{36909D66-7F67-4b8e-8496-925BC87134B6}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
IE - HKCU\..\SearchScopes\{B219009E-2482-47C5-9A1F-62E0C9D0397F}: "URL" = hxxp://search.daum.net/cgi-bin/nsp/search.cgi?w=tot&nil_ch=MSKR&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\HTho\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\HTho\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.09.11 18:03:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HTho\AppData\Roaming\mozilla\Extensions
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.conduit.com/?ctid=CT3242337&SearchSource=48
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://search.conduit.com/?ctid=CT3242337&SearchSource=48
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\HTho\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\HTho\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\HTho\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\HTho\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Google Update (Enabled) = C:\Users\HTho\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: WiseConvert 1.3 = C:\Users\HTho\AppData\Local\Google\Chrome\User Data\Default\Extensions\anpiogajjmckmlehhpjnojhebaidkeod\10.11.21.5_0\
CHR - Extension: YouTube = C:\Users\HTho\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\HTho\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Stealthy = C:\Users\HTho\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieaebnkibonmpbhdaanjkmedikadnoje\2.2.2_0\
CHR - Extension: Google Mail = C:\Users\HTho\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.07.07 00:11:21 | 000,000,864 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - D:\Programme\G Data\InternetSecurity\WebFilter\AvkWebIEx64.dll (G Data Software AG)
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - D:\Programme\G Data\InternetSecurity\WebFilter\AvkWebIE.dll (G Data Software AG)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll File not found
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - D:\Programme\G Data\InternetSecurity\WebFilter\AvkWebIEx64.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - D:\Programme\G Data\InternetSecurity\WebFilter\AvkWebIE.dll (G Data Software AG)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()
O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [OODITRAY.EXE] C:\Program Files\OO Software\DiskImage\ooditray.exe (O&O Software GmbH)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] D:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] D:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\lgfw.exe (Bitleader)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
O4 - HKLM..\Run: [THX TruStudio NB Settings] C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [XFastUSB] C:\Program Files (x86)\XFastUSB\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKCU..\Run: [ASRockXTU]  File not found
O4 - HKCU..\Run: [Copernic Desktop Search - Home] C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe (Copernic Inc.)
O4 - HKCU..\Run: [EPSON BX300F Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJE.EXE /FU "R:\TempFiles\System\E_SB357.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [zASRockInstantBoot]  File not found
O4 - Startup: C:\Users\HTho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk = C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9AEB1AC-418A-4910-9AA6-FC0BDD5CE50A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9AEB1AC-418A-4910-9AA6-FC0BDD5CE50A}: NameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2d7948b1-c7b6-11e1-924f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2d7948b1-c7b6-11e1-924f-806e6f6e6963}\Shell\AutoRun\command - "" = D:\ASRSetup.exe
O33 - MountPoints2\{58c55f4d-c7ba-11e1-a5bb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{58c55f4d-c7ba-11e1-a5bb-806e6f6e6963}\Shell\AutoRun\command - "" = O:\AutoRun\AutoRun.exe
O33 - MountPoints2\{7deb5aad-ceaf-11e1-8634-bc5ff444a1ed}\Shell - "" = AutoRun
O33 - MountPoints2\{7deb5aad-ceaf-11e1-8634-bc5ff444a1ed}\Shell\AutoRun\command - "" = M:\StartUp.exe
O33 - MountPoints2\{9af73d15-ce5d-11e1-b29a-bc5ff444a1ed}\Shell - "" = AutoRun
O33 - MountPoints2\{9af73d15-ce5d-11e1-b29a-bc5ff444a1ed}\Shell\AutoRun\command - "" = L:\Setup.exe
O33 - MountPoints2\{eb705062-cb64-11e1-93bb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{eb705062-cb64-11e1-93bb-806e6f6e6963}\Shell\AutoRun\command - "" = K:\StartUp.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.09 20:07:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\HTho\Desktop\OTL.exe
[2012.10.09 17:32:22 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Roaming\LibreOffice
[2012.10.09 17:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 3.6
[2012.10.05 13:10:06 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Roaming\SMIGames
[2012.10.05 13:06:56 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Roaming\Lazy Turtle Games
[2012.10.05 12:52:21 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Roaming\FlowerOfImmortality
[2012.10.05 12:27:20 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Roaming\sekrbfgde
[2012.10.05 12:11:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Kristanix Games
[2012.10.01 22:19:22 | 000,000,000 | ---D | C] -- C:\Users\HTho\Documents\Shirley
[2012.09.30 16:30:04 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Roaming\Anarchy
[2012.09.28 17:08:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity 2012 PC-Welt Edition
[2012.09.28 17:08:07 | 000,052,088 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2012.09.28 17:08:07 | 000,031,608 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\GdNetMon64.sys
[2012.09.28 17:08:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\G Data
[2012.09.18 14:46:10 | 000,000,000 | ---D | C] -- C:\Users\HTho\Documents\Das Fussball Studio
[2012.09.18 14:46:10 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Roaming\Das Fussball Studio
[2012.09.18 14:45:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Das Fussball Studio
[2012.09.18 14:45:43 | 003,760,128 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\SysWow64\PEGRP32E.DLL
[2012.09.18 14:45:43 | 000,756,224 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\SysWow64\Pesgo32e.ocx
[2012.09.18 14:45:43 | 000,736,768 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\SysWow64\Pego32e.ocx
[2012.09.18 14:45:43 | 000,630,784 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\SysWow64\Pe3do32e.ocx
[2012.09.18 14:45:43 | 000,534,016 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\SysWow64\Pepco32e.ocx
[2012.09.18 14:45:43 | 000,405,504 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\SysWow64\vmlCmdBar6.ocx
[2012.09.18 14:45:43 | 000,352,256 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\SysWow64\vmlSGrid6.ocx
[2012.09.18 14:45:43 | 000,295,424 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevEin20.ocx
[2012.09.18 14:45:43 | 000,266,240 | ---- | C] (Dieter Otter, Tools & Components) -- C:\Windows\SysWow64\sevZip40.dll
[2012.09.18 14:45:43 | 000,231,936 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevXPCtl.ocx
[2012.09.18 14:45:43 | 000,176,128 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\SysWow64\vmlButton.ocx
[2012.09.18 14:45:43 | 000,163,840 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\SysWow64\vmlLSFrame3.ocx
[2012.09.18 14:45:43 | 000,155,648 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\SysWow64\vmlIml3.ocx
[2012.09.18 14:45:43 | 000,155,136 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevTab.ocx
[2012.09.18 14:45:43 | 000,141,824 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevCmd3.ocx
[2012.09.18 14:45:43 | 000,065,536 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\SysWow64\vmlLCDDisplay.ocx
[2012.09.18 14:45:43 | 000,057,344 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\SysWow64\vmlMMSpTr1.ocx
[2012.09.18 14:45:43 | 000,040,960 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\SysWow64\vmlSubTmr2.dll
[2012.09.18 14:45:43 | 000,024,576 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\SysWow64\vmlTimer.dll
[2012.09.18 14:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Das Fussball Studio
[2012.09.18 14:45:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Das Fussball Studio
[2012.09.17 15:37:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bet Angel Limited
[2012.09.12 18:10:58 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Local\Opera
[2012.09.12 12:25:35 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Local\CRE
[2012.09.12 12:25:07 | 002,454,032 | ---- | C] (Conduit) -- C:\ProgramData\WiseConvert_1_3.exe
[2012.09.12 11:57:00 | 018,364,904 | ---- | C] (Mozilla) -- C:\ProgramData\Thunderbird Setup 15.0.1 (1).exe
[2012.09.12 07:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\searchplugins
[2012.09.12 07:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\isp
[2012.09.12 07:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\extensions
[2012.09.12 07:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\distribution
[2012.09.12 07:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\defaults
[2012.09.12 07:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\components
[2012.09.12 07:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\chrome
[2012.09.11 19:32:35 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Roaming\Opera
[2012.09.11 19:32:34 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Local\ui
[2012.09.11 19:32:34 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Local\styles
[2012.09.11 19:32:34 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Local\skin
[2012.09.11 19:32:34 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Local\region
[2012.09.11 19:32:34 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Local\gstreamer
[2012.09.11 19:32:33 | 015,158,160 | ---- | C] (Opera Software) -- C:\Users\HTho\AppData\Local\opera.dll
[2012.09.11 19:32:33 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Users\HTho\AppData\Local\D3DCompiler_43.dll
[2012.09.11 19:32:33 | 000,874,896 | ---- | C] (Opera Software) -- C:\Users\HTho\AppData\Local\opera.exe
[2012.09.11 19:32:33 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Local\program
[2012.09.11 19:32:33 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Local\mapi
[2012.09.11 19:32:33 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Local\locale
[2012.09.11 19:32:33 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Local\extra
[2012.09.11 19:32:33 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Local\defaults
[2012.09.11 18:51:16 | 000,000,000 | ---D | C] -- C:\Users\HTho\Documents\Outlook-Dateien
[2012.09.11 18:03:01 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Roaming\Thunderbird
[2012.09.11 18:03:01 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Local\Thunderbird
[2012.09.11 18:03:01 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Roaming\Mozilla
[2012.09.11 18:02:22 | 016,916,448 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xul.dll
[2012.09.11 18:02:22 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr100.dll
[2012.09.11 18:02:22 | 000,638,432 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nss3.dll
[2012.09.11 18:02:22 | 000,576,992 | ---- | C] (sqlite.org) -- C:\Program Files\mozsqlite3.dll
[2012.09.11 18:02:22 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp100.dll
[2012.09.11 18:02:22 | 000,370,656 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssckbi.dll
[2012.09.11 18:02:22 | 000,260,576 | ---- | C] (Mozilla Foundation) -- C:\Program Files\updater.exe
[2012.09.11 18:02:22 | 000,166,368 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nspr4.dll
[2012.09.11 18:02:22 | 000,155,104 | ---- | C] (Mozilla Foundation) -- C:\Program Files\softokn3.dll
[2012.09.11 18:02:22 | 000,145,376 | ---- | C] (Mozilla Foundation) -- C:\Program Files\ssl3.dll
[2012.09.11 18:02:22 | 000,118,752 | ---- | C] (Mozilla Foundation) -- C:\Program Files\crashreporter.exe
[2012.09.11 18:02:22 | 000,096,224 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssdbm3.dll
[2012.09.11 18:02:22 | 000,092,640 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssutil3.dll
[2012.09.11 18:02:22 | 000,091,104 | ---- | C] (Mozilla Foundation) -- C:\Program Files\smime3.dll
[2012.09.11 18:02:22 | 000,049,120 | ---- | C] (Mozilla.org) -- C:\Program Files\mozMapi32_InUse.dll
[2012.09.11 18:02:22 | 000,049,120 | ---- | C] (Mozilla.org) -- C:\Program Files\mozMapi32.dll
[2012.09.11 18:02:22 | 000,021,984 | ---- | C] (Mozilla Foundation) -- C:\Program Files\plc4.dll
[2012.09.11 18:02:22 | 000,021,472 | ---- | C] (Mozilla Foundation) -- C:\Program Files\WSEnable.exe
[2012.09.11 18:02:22 | 000,019,936 | ---- | C] (Mozilla Foundation) -- C:\Program Files\plds4.dll
[2012.09.11 18:02:22 | 000,019,424 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xpcom.dll
[2012.09.11 18:02:22 | 000,017,888 | ---- | C] (Mozilla.org) -- C:\Program Files\MapiProxy_InUse.dll
[2012.09.11 18:02:22 | 000,016,864 | ---- | C] (Mozilla Corporation) -- C:\Program Files\plugin-container.exe
[2012.09.11 18:02:21 | 002,154,464 | ---- | C] (Mozilla Foundation) -- C:\Program Files\gkmedias.dll
[2012.09.11 18:02:21 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Program Files\D3DCompiler_43.dll
[2012.09.11 18:02:21 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Program Files\d3dx9_43.dll
[2012.09.11 18:02:21 | 000,430,560 | ---- | C] (Mozilla Foundation) -- C:\Program Files\libGLESv2.dll
[2012.09.11 18:02:21 | 000,258,528 | ---- | C] (Mozilla Foundation) -- C:\Program Files\freebl3.dll
[2012.09.11 18:02:21 | 000,089,056 | ---- | C] (Mozilla Foundation) -- C:\Program Files\libEGL.dll
[2012.09.11 18:02:21 | 000,048,608 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozglue.dll
[2012.09.11 18:02:21 | 000,018,912 | ---- | C] (Mozilla Foundation) -- C:\Program Files\AccessibleMarshal.dll
[2012.09.11 18:02:21 | 000,017,888 | ---- | C] (Mozilla.org) -- C:\Program Files\MapiProxy.dll
[2012.09.11 18:02:21 | 000,015,840 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozalloc.dll
[2012.09.11 18:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\uninstall
[2012.09.10 20:06:00 | 000,106,648 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2012.09.10 20:01:36 | 000,059,256 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2012.09.10 20:01:15 | 000,110,968 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2012.09.10 20:01:14 | 000,065,912 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2012.09.10 20:01:14 | 000,050,552 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2012.09.10 20:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA
[2012.09.10 20:00:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\G Data
[2012.09.10 19:57:47 | 000,000,000 | ---D | C] -- C:\Users\HTho\AppData\Local\Downloaded Installations
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.09 20:10:08 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.09 20:10:08 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.09 20:10:08 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.09 20:10:08 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.09 20:10:08 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.09 20:08:21 | 000,000,343 | ---- | M] () -- C:\Windows\lgfwup.ini
[2012.10.09 20:07:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HTho\Desktop\OTL.exe
[2012.10.09 20:05:12 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.09 20:05:12 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2012.10.09 20:05:10 | 000,462,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.09 20:05:10 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys
[2012.10.09 20:05:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.09 20:05:05 | 4061,421,566 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.09 20:04:15 | 000,000,198 | ---- | M] () -- C:\Users\HTho\defogger_reenable
[2012.10.09 20:03:38 | 000,050,477 | ---- | M] () -- C:\Users\HTho\Desktop\Defogger.exe
[2012.10.09 19:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.09 19:53:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.09 19:32:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1399780097-724731501-3213506436-1000UA.job
[2012.10.09 19:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2012.10.09 17:31:20 | 000,000,915 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 3.6.lnk
[2012.10.09 17:09:30 | 000,001,315 | ---- | M] () -- C:\Users\HTho\Desktop\ARBEITSAMT.rtf
[2012.10.09 16:40:14 | 000,819,677 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2012.10.09 16:40:14 | 000,044,756 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2012.10.08 22:32:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1399780097-724731501-3213506436-1000Core.job
[2012.10.05 14:37:38 | 000,322,688 | ---- | M] () -- C:\Users\HTho\installer_openoffice_Deutsch.exe
[2012.09.30 18:52:44 | 000,014,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.30 18:52:44 | 000,014,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.28 17:08:08 | 000,065,912 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2012.09.28 17:08:08 | 000,031,608 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GdNetMon64.sys
[2012.09.28 17:08:07 | 000,052,088 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2012.09.28 17:08:05 | 000,001,902 | ---- | M] () -- C:\Users\Public\Desktop\G Data InternetSecurity.lnk
[2012.09.18 14:45:46 | 000,001,145 | ---- | M] () -- C:\Users\HTho\Desktop\Das Fussball Studio.lnk
[2012.09.17 17:34:10 | 000,218,431 | ---- | M] () -- C:\Users\HTho\Desktop\bookmarks_17.09.12.html
[2012.09.17 15:37:34 | 000,003,155 | ---- | M] () -- C:\Users\HTho\Desktop\Bet Angel - Professional.lnk
[2012.09.16 20:06:23 | 000,000,471 | ---- | M] () -- C:\Users\HTho\Desktop\Daten (E).lnk
[2012.09.12 21:24:44 | 000,001,037 | ---- | M] () -- C:\Users\HTho\Desktop\PotPlayer x64.lnk
[2012.09.12 21:24:44 | 000,000,992 | --S- | M] () -- C:\Users\HTho\Desktop\Core Temp.lnk
[2012.09.12 12:25:00 | 002,454,032 | ---- | M] (Conduit) -- C:\ProgramData\WiseConvert_1_3.exe
[2012.09.11 19:32:34 | 000,034,441 | ---- | M] () -- C:\Users\HTho\AppData\Local\opera_install_log.xml
[2012.09.11 19:32:34 | 000,000,263 | ---- | M] () -- C:\Users\HTho\AppData\Local\operaprefs_default.ini
[2012.09.11 19:32:33 | 015,158,160 | ---- | M] (Opera Software) -- C:\Users\HTho\AppData\Local\opera.dll
[2012.09.11 19:32:33 | 000,874,896 | ---- | M] (Opera Software) -- C:\Users\HTho\AppData\Local\opera.exe
[2012.09.11 19:32:33 | 000,527,083 | ---- | M] () -- C:\Users\HTho\AppData\Local\encoding.bin
[2012.09.11 19:32:33 | 000,148,990 | ---- | M] () -- C:\Users\HTho\AppData\Local\pubsuffix.xml
[2012.09.11 19:32:33 | 000,143,872 | ---- | M] () -- C:\Users\HTho\AppData\Local\html5_entity_init.dat
[2012.09.11 19:32:33 | 000,059,028 | ---- | M] () -- C:\Users\HTho\AppData\Local\mathml.dtd
[2012.09.11 19:32:33 | 000,024,420 | ---- | M] () -- C:\Users\HTho\AppData\Local\files_old.sig
[2012.09.11 19:32:33 | 000,016,092 | ---- | M] () -- C:\Users\HTho\AppData\Local\files.sig
[2012.09.11 19:32:33 | 000,007,904 | ---- | M] () -- C:\Users\HTho\AppData\Local\html40_entities.dtd
[2012.09.11 19:32:33 | 000,000,301 | ---- | M] () -- C:\Users\HTho\AppData\Local\c3nform.vxml
[2012.09.10 20:06:00 | 000,106,648 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2012.09.10 20:01:36 | 000,059,256 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2012.09.10 20:01:15 | 000,110,968 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2012.09.10 20:01:14 | 000,050,552 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.09 20:04:15 | 000,000,198 | ---- | C] () -- C:\Users\HTho\defogger_reenable
[2012.10.09 20:03:37 | 000,050,477 | ---- | C] () -- C:\Users\HTho\Desktop\Defogger.exe
[2012.10.09 17:31:20 | 000,000,915 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 3.6.lnk
[2012.10.05 14:37:24 | 000,322,688 | ---- | C] () -- C:\Users\HTho\installer_openoffice_Deutsch.exe
[2012.10.01 20:32:15 | 000,001,315 | ---- | C] () -- C:\Users\HTho\Desktop\ARBEITSAMT.rtf
[2012.09.29 01:12:30 | 000,819,677 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2012.09.29 01:12:30 | 000,044,756 | ---- | C] () -- C:\Windows\SysWow64\nmp.map
[2012.09.28 17:08:05 | 000,001,902 | ---- | C] () -- C:\Users\Public\Desktop\G Data InternetSecurity.lnk
[2012.09.20 00:32:12 | 206,576,325 | ---- | C] () -- C:\Users\HTho\Desktop\M.Amen_Mixset_10.11.2007.mp3
[2012.09.18 14:45:46 | 000,001,145 | ---- | C] () -- C:\Users\HTho\Desktop\Das Fussball Studio.lnk
[2012.09.17 17:34:10 | 000,218,431 | ---- | C] () -- C:\Users\HTho\Desktop\bookmarks_17.09.12.html
[2012.09.17 15:37:34 | 000,003,155 | ---- | C] () -- C:\Users\HTho\Desktop\Bet Angel - Professional.lnk
[2012.09.16 20:06:23 | 000,000,471 | ---- | C] () -- C:\Users\HTho\Desktop\Daten (E).lnk
[2012.09.11 19:32:34 | 000,034,441 | ---- | C] () -- C:\Users\HTho\AppData\Local\opera_install_log.xml
[2012.09.11 19:32:34 | 000,000,263 | ---- | C] () -- C:\Users\HTho\AppData\Local\operaprefs_default.ini
[2012.09.11 19:32:33 | 000,527,083 | ---- | C] () -- C:\Users\HTho\AppData\Local\encoding.bin
[2012.09.11 19:32:33 | 000,148,990 | ---- | C] () -- C:\Users\HTho\AppData\Local\pubsuffix.xml
[2012.09.11 19:32:33 | 000,143,872 | ---- | C] () -- C:\Users\HTho\AppData\Local\html5_entity_init.dat
[2012.09.11 19:32:33 | 000,059,028 | ---- | C] () -- C:\Users\HTho\AppData\Local\mathml.dtd
[2012.09.11 19:32:33 | 000,024,420 | ---- | C] () -- C:\Users\HTho\AppData\Local\files_old.sig
[2012.09.11 19:32:33 | 000,016,092 | ---- | C] () -- C:\Users\HTho\AppData\Local\files.sig
[2012.09.11 19:32:33 | 000,007,904 | ---- | C] () -- C:\Users\HTho\AppData\Local\html40_entities.dtd
[2012.09.11 19:32:33 | 000,000,301 | ---- | C] () -- C:\Users\HTho\AppData\Local\c3nform.vxml
[2012.09.11 18:02:32 | 000,002,023 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012.09.11 18:02:22 | 008,682,865 | ---- | C] () -- C:\Program Files\omni.ja
[2012.09.11 18:02:22 | 002,061,280 | ---- | C] () -- C:\Program Files\mozjs.dll
[2012.09.11 18:02:22 | 000,157,664 | ---- | C] () -- C:\Program Files\nsldap32v60.dll
[2012.09.11 18:02:22 | 000,021,984 | ---- | C] () -- C:\Program Files\nsldappr32v60.dll
[2012.09.11 18:02:22 | 000,017,376 | ---- | C] () -- C:\Program Files\nsldif32v60.dll
[2012.09.11 18:02:22 | 000,016,831 | ---- | C] () -- C:\Program Files\blocklist.xml
[2012.09.11 18:02:22 | 000,004,284 | ---- | C] () -- C:\Program Files\crashreporter.ini
[2012.09.11 18:02:22 | 000,000,909 | ---- | C] () -- C:\Program Files\updater.ini
[2012.09.11 18:02:22 | 000,000,569 | ---- | C] () -- C:\Program Files\application.ini
[2012.09.11 18:02:22 | 000,000,206 | ---- | C] () -- C:\Program Files\dependentlibs.list
[2012.09.11 18:02:22 | 000,000,142 | ---- | C] () -- C:\Program Files\platform.ini
[2012.09.11 18:02:22 | 000,000,109 | ---- | C] () -- C:\Program Files\update-settings.ini
[2012.09.11 18:02:21 | 000,019,062 | ---- | C] () -- C:\Program Files\removed-files
[2012.09.11 18:02:21 | 000,002,000 | ---- | C] () -- C:\Program Files\precomplete
[2012.09.11 18:02:21 | 000,000,478 | ---- | C] () -- C:\Program Files\softokn3.chk
[2012.09.11 18:02:21 | 000,000,478 | ---- | C] () -- C:\Program Files\nssdbm3.chk
[2012.09.11 18:02:21 | 000,000,478 | ---- | C] () -- C:\Program Files\freebl3.chk
[2012.07.20 21:20:47 | 000,007,598 | ---- | C] () -- C:\Users\HTho\AppData\Local\Resmon.ResmonCfg
[2012.07.11 23:13:12 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.07.10 17:12:07 | 000,000,343 | ---- | C] () -- C:\Windows\lgfwup.ini
[2012.07.08 12:37:29 | 000,002,432 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.07.07 00:39:32 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2012.07.07 00:39:28 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2012.07.07 00:39:20 | 000,042,252 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2012.07.07 00:39:14 | 000,000,861 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2012.07.07 00:39:11 | 000,004,211 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2012.07.07 00:35:18 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2012.07.07 00:35:18 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2012.07.07 00:35:18 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2012.07.07 00:35:17 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.07.07 00:35:17 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012.07.07 00:34:22 | 000,000,003 | --S- | C] () -- C:\Users\HTho\AppData\Local\user_data.ini
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.03.19 23:37:12 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.03.19 23:37:12 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.03.19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.03.19 22:23:38 | 013,024,256 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.09.19 15:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.07.20 21:21:40 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\4 Friends Games
[2012.07.10 22:58:52 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\7 Taskbar Tweaker
[2012.07.13 18:43:55 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Amaranth Games
[2012.09.30 16:30:04 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Anarchy
[2012.07.21 16:37:03 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Artifex Mundi
[2012.07.23 19:36:25 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Artogon
[2012.07.10 22:58:53 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\ASUS
[2012.07.10 22:58:53 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Bet Angel
[2012.07.15 18:17:19 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Big Fish Games
[2012.07.26 19:21:55 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Blue Tea Games
[2012.08.11 15:26:50 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Canneverbe Limited
[2012.07.20 21:42:51 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Chayowo Games
[2012.07.10 22:58:53 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Copernic
[2012.07.10 11:35:14 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\CPUTempWatch
[2012.07.21 09:11:11 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Daedalic Entertainment
[2012.08.20 06:12:35 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\DAEMON Tools Pro
[2012.08.17 16:17:14 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\DailyMagic
[2012.09.18 14:50:01 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Das Fussball Studio
[2012.09.28 13:17:00 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Deep Shadows
[2012.07.10 01:18:54 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\DeviceVm
[2012.07.22 07:43:25 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Elephant Games
[2012.09.03 17:29:24 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\elsterformular
[2012.08.20 20:15:42 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\ERS Game Studios
[2012.08.03 01:54:58 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Firstload
[2012.10.05 13:04:44 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\FlowerOfImmortality
[2012.07.14 17:07:49 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\GameMill Entertainment
[2012.07.16 00:50:54 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Games
[2012.08.02 04:32:49 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Gogii
[2012.07.10 22:58:54 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\IObit
[2012.07.10 22:58:55 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\JAM Software
[2012.10.05 13:06:56 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Lazy Turtle Games
[2012.10.09 17:32:22 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\LibreOffice
[2012.07.10 22:58:56 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\MAXON
[2012.08.02 03:35:05 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Meridian93
[2012.07.21 09:31:07 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\My Games
[2012.09.11 19:32:35 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Opera
[2012.07.15 18:27:10 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Orneon
[2012.07.15 18:08:49 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\PlayPond
[2012.07.14 21:04:16 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\PotPlayerMini64
[2012.08.02 04:29:35 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Princess Isabella
[2012.07.15 21:24:50 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\ProtectDISC
[2012.10.05 12:27:20 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\sekrbfgde
[2012.10.05 13:10:06 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\SMIGames
[2012.07.10 22:59:03 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Stardock
[2012.07.25 21:11:14 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\tabagames
[2012.09.11 18:03:01 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Thunderbird
[2012.07.11 13:56:42 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\TrueCrypt
[2012.09.28 19:16:39 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Unkyuw
[2012.08.17 17:10:11 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\World-LooM
[2012.09.10 14:47:20 | 000,000,000 | ---D | M] -- C:\Users\HTho\AppData\Roaming\Ymes
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:F860DBFD
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:45912F61
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:3D36932D

< End of report >
--- --- ---
Geändert von 0130 (09.10.2012 um 20:36 Uhr)

 

Themen zu PUP-BundleInstaler.Bl in Datei "OuterSpace_downloader by Wallpaperstock.net.exe"
adobe, antivirus, askbar, bho, browser, cpu, defender, document, downloader, explorer, firefox, flash player, format, g-data, google, helper, home, homepage, internet, logfile, nvidia update, object, plug-in, realtek, registry, scan, security, software, usb, usb 3.0, wallpapers


« Trojan.Win32.AMN auf PC | tbhcn - was ist das und wie werde ich es los? »


Ähnliche Themen: PUP-BundleInstaler.Bl in Datei "OuterSpace_downloader by Wallpaperstock.net.exe"


  1. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  2. Avira meldet TR/Crypt.XPACK.Gen" in Datei "mjcrosoft-windows-hal-events.exe"
    Plagegeister aller Art und deren Bekämpfung - 09.04.2014 (13)
  3. Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen
    Log-Analyse und Auswertung - 20.02.2014 (19)
  4. Windows 7: Auf Festplattenpartition für Daten befindet sich ein Ordner "SoftwareUpdater" mit einer Datei "SoftwareUpdater.Bootstrapper"
    Plagegeister aller Art und deren Bekämpfung - 10.02.2014 (13)
  5. Windows7 X64: Antivir Fund: "TR/Spy.ZBot.aaop" Meldung: Zugriff auf Datei wurde blockiert. Datei war in E-Mail- Anhang.
    Log-Analyse und Auswertung - 28.11.2013 (9)
  6. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  7. "Deutsche Post(eMail-Anhang)" Alle "EXE(Programme)" werden blockiert "WIN 7 Defender"
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (3)
  8. "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (38)
  9. BKA Trojaner - habe mit OTLpe txt Datei erstellt - benötige nun eine "FIX-Datei"?
    Log-Analyse und Auswertung - 11.10.2011 (1)
  10. Öffentliches Netzwerk: Opera sendet/empfängt Daten an/von "Dani-PC", "Anne-PC", "PAULA-HP"...
    Netzwerk und Hardware - 02.05.2011 (14)
  11. "Trojan.Vundo-Variant/F" in Datei "C:\Windows\Syswow64\avsredirect.dll" + vorher weitere Schädlinge
    Plagegeister aller Art und deren Bekämpfung - 19.12.2010 (15)
  12. Virus "Daurso.A" in Datei "svchost.exe"
    Plagegeister aller Art und deren Bekämpfung - 01.06.2010 (15)
  13. TR/Agent.ruo im Ordner "windows/system32" in der Datei "d3stez.dll"
    Plagegeister aller Art und deren Bekämpfung - 27.03.2010 (1)
  14. "google-redirect.com"-Wurm in der Datei "autochk.dll/autochk.exe" - Hilfe
    Plagegeister aller Art und deren Bekämpfung - 11.05.2009 (31)
  15. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  16. Versteckte Datei "kdzqj.exe" in System32 und Reg-Eintrag "System" unter Winlogon
    Plagegeister aller Art und deren Bekämpfung - 25.03.2008 (22)
  17. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema PUP-BundleInstaler.Bl in Datei "OuterSpace_downloader by Wallpaperstock.net.exe" - Hy Board, Diese Meldung hat mir eben mein G-Data Virenwächter gegeben, und zwar in den Pfaden C:\Users..... und D:\Users.... Dazu muss ich sagen, dass C eine SSD ist und ich - PUP-BundleInstaler.Bl in Datei "OuterSpace_downloader by Wallpaperstock.net.exe"...
Archiv
Du betrachtest: PUP-BundleInstaler.Bl in Datei "OuterSpace_downloader by Wallpaperstock.net.exe" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19