| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Verdacht auf GVU-Trojaner. Ist mein System betroffen?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
09.01.2013, 15:05
| #1 |
| |  Verdacht auf GVU-Trojaner. Ist mein System betroffen? Hallo Leute, heute war ich auf div. Tube-Seiten und schlagartig sperrte sich der gesamte Bildschirm. im oberen Bildschirmrand war ich zu sehen (Laptop-"Live"Cam - kein Foto) Eine Aufforderung 100€ für die Freischaltung zu bezahlen befand sich am unteren Bildschirmrand sowie eine Auswahlmöglichkeit von Zahlen (queury code oder so ähnlich) Task Manager wurde nicht mehr angezeigt. Neustarten war durch Strg+Alt+Entf aber möglich. Nach dem Neustart war scheinbar alles in Ordnung. Ich startete mit Avira Antivir einen Scan...Ergebnis: Absturz des Laptops bei ca. 40% Beim Starten des Systems werde ich auch gefragt, mit welchem Programm ich gedenke eine bestimmte .ddl Datei zu öffnen. Hier ist also irgendetwas noch aktiv. Ein Scan mit Malwarebytes läuft, eine LOG datei von OTL kann ich bereits posten. ich stelle anschließend den Bericht von Malwarebytes noch rein. Bitte helft mir!! Tausend Dank. Code:
ATTFilter OTL logfile created on: 09.01.2013 14:15:51 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tobi\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,96 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 63,36% Memory free 6,16 Gb Paging File | 4,89 Gb Available in Paging File | 79,45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 142,55 Gb Total Space | 70,34 Gb Free Space | 49,34% Space Free | Partition Type: NTFS Drive D: | 310,21 Gb Total Space | 310,12 Gb Free Space | 99,97% Space Free | Partition Type: NTFS Drive E: | 6,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: RENA-PC | User Name: Rena | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Tobi\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe (Adobe Systems, Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.exe () PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_135.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll () MOD - c:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.dll () MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3358.38381__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3358.38385__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3358.38459__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3358.38368__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3358.38387__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3358.38441__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3358.38376__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3358.38423__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3358.38410__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3358.38376__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3358.38428__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3358.38460__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3358.38428__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3358.38427__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3358.38458__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3358.38458__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3358.38412__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3358.38377__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3358.38387__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3358.38435__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3358.38387__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3358.38421__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3358.38412__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3358.38391__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3358.38420__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3358.38407__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3358.38411__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3358.38422__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3358.38391__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3358.38411__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3358.38411__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3358.38422__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3358.38485__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3358.38454__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3358.38452__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3358.38467__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll () MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3358.38363__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3358.38449__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3358.38381__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3358.38365__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3358.38367__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3358.38372__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3358.38366__90ba9c70f846762e\ATIDEMOS.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3358.38365__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3358.38453__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3358.38364__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Windows\System32\atitmmxx.dll () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll () MOD - C:\Program Files\SAMSUNG\EasySpeedUpManager\HookDllPS2.dll () MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (PC Performer Manager) -- C:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.exe () SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (yksvc) -- C:\Windows\System32\ykx32mpcoinst.dll (Marvell) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.) DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.36010003&st=12&barid={E8AE54ED-999E-42B2-A3D3-242CA2A5CC5F} IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.36010003&st=12&q={searchTerms}&barid={E8AE54ED-999E-42B2-A3D3-242CA2A5CC5F} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.36010003&st=12&barid={E8AE54ED-999E-42B2-A3D3-242CA2A5CC5F} IE - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848 IE - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.36010003&st=12&q={searchTerms}&barid={E8AE54ED-999E-42B2-A3D3-242CA2A5CC5F} IE - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2544520553-2904505785-4126553863-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKU\S-1-5-21-2544520553-2904505785-4126553863-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKU\S-1-5-21-2544520553-2904505785-4126553863-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Claro Search" FF - prefs.js..browser.search.selectedEngine: "Claro Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "^hxxp://www\\.claro-search\\.com/\\?affID=114506.*" FF - prefs.js..CT2625848.browser.search.defaultthis.engineName: true FF - prefs.js..keyword.URL: "^hxxp://www\\.claro-search\\.com/\\?affID=114506.*&q=" FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.14 13:43:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.09 14:56:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{dfefbe51-ca52-484b-adf0-6b158b05262d}: C:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension [2012.11.14 15:08:52 | 000,000,000 | ---D | M] [2012.11.06 20:01:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rena\AppData\Roaming\mozilla\Extensions [2012.11.17 17:58:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rena\AppData\Roaming\mozilla\Firefox\Profiles\bxnin56p.default\extensions [2012.11.11 16:22:31 | 000,000,000 | ---D | M] (DVDVideoSoftTB DE) -- C:\Users\Rena\AppData\Roaming\mozilla\Firefox\Profiles\bxnin56p.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} [2012.11.14 13:43:22 | 000,000,000 | ---D | M] ("Winamp Toolbar") -- C:\Users\Rena\AppData\Roaming\mozilla\Firefox\Profiles\bxnin56p.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2012.11.07 14:16:26 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Rena\AppData\Roaming\mozilla\Firefox\Profiles\bxnin56p.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.11.17 17:58:34 | 000,000,000 | ---D | M] (SweetPacks Toolbar for Firefox) -- C:\Users\Rena\AppData\Roaming\mozilla\Firefox\Profiles\bxnin56p.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2012.11.17 01:01:59 | 000,189,128 | ---- | M] () (No name found) -- C:\Users\Rena\AppData\Roaming\mozilla\firefox\profiles\bxnin56p.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012.11.14 13:43:27 | 000,002,533 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\mozilla\firefox\profiles\bxnin56p.default\searchplugins\aol-search.xml [2013.01.08 20:03:29 | 000,001,034 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\mozilla\firefox\profiles\bxnin56p.default\searchplugins\dvdvideosofttb-de-customized-web-search.xml [2012.11.17 01:02:19 | 000,004,003 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\mozilla\firefox\profiles\bxnin56p.default\searchplugins\sweetim.xml [2012.11.24 11:18:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.11.24 11:18:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.11.14 15:08:52 | 000,000,000 | ---D | M] (PC Performer Manager) -- C:\PROGRAMDATA\PC PERFORMER MANAGER\2.4.897.175\{61D8B74E-8D89-46FF-AFA6-33382C54AC73}\FIREFOXEXTENSION [2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.20 17:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://home.sweetim.com/?crg=3.36010003&st=12&barid={E8AE54ED-999E-42B2-A3D3-242CA2A5CC5F} CHR - default_search_provider: YouTube-Videosuche (Enabled) CHR - default_search_provider: search_url = hxxp://www.youtube.com/results?search_query={searchTerms}&page={startPage?}&utm_source=opensearch CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://home.sweetim.com/?crg=3.36010003&st=12&barid={E8AE54ED-999E-42B2-A3D3-242CA2A5CC5F} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Application Manager (Enabled) = C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll CHR - Extension: DealPly = C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\ CHR - Extension: SweetIM for Facebook = C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1\ CHR - Extension: Skype Click to Call = C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\ CHR - Extension: SweetPacks Chrome Extension = C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.1.0.1_0\ CHR - Extension: Settings Protector = C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\ CHR - Extension: DealPly = C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\ CHR - Extension: SweetIM for Facebook = C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1\ CHR - Extension: Skype Click to Call = C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\ CHR - Extension: SweetPacks Chrome Extension = C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.1.0.1_0\ CHR - Extension: Settings Protector = C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\ O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.) O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly Technologies Ltd) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O4 - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2544520553-2904505785-4126553863-1004..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O4 - HKU\S-1-5-21-2544520553-2904505785-4126553863-1004..\Run: [IExplorer Util] C:\Users\Tobi\AppData\Roaming\ie_util.exe () O4 - HKU\S-1-5-21-2544520553-2904505785-4126553863-1004..\Run: [svñhîst] %USERPROFILE%\AppData\Local\Temp\wpbt0.dll File not found O4 - HKU\S-1-5-21-2544520553-2904505785-4126553863-1004..\Run: [Uslaxeil] C:\Users\Tobi\AppData\Roaming\Lilaar\huwem.exe () O4 - HKU\S-1-5-21-2544520553-2904505785-4126553863-1004..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\Rena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Rena\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01163A6C-B23A-4E91-A608-EFFB3F5D3D06}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9DAAE82-C843-4ACB-85C6-0BBF10F5B5C5}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\pcperf~1\24897~1.175\{61d8b~1\pcpmngr.dll) - c:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Rena\Desktop\Rena\Fotos\Wallpaper\Mario-mario-wallpaper-hd-games-1920x1080.jpg O24 - Desktop BackupWallPaper: C:\Users\Rena\Desktop\Rena\Fotos\Wallpaper\Mario-mario-wallpaper-hd-games-1920x1080.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.09 13:23:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.01.09 13:23:26 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2013.01.09 13:23:24 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.01.09 13:23:24 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.01.09 13:23:24 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.01.09 13:23:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.01.09 13:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2013.01.01 18:17:03 | 000,000,000 | ---D | C] -- C:\Users\Rena\Desktop\Silvester 2012 [2012.12.14 14:41:24 | 016,363,960 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe ========== Files - Modified Within 30 Days ========== [2013.01.09 14:19:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.09 14:17:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.09 13:41:06 | 000,685,712 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.01.09 13:41:06 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.01.09 13:41:06 | 000,149,980 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.01.09 13:41:06 | 000,121,592 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.01.09 13:41:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.09 13:37:07 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib [2013.01.09 13:35:59 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.09 13:35:56 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.09 13:35:55 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.09 13:35:38 | 3184,119,808 | -HS- | M] () -- C:\hiberfil.sys [2013.01.09 13:34:34 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.01.09 13:23:36 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.01.08 13:45:01 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3D7CE8A8-B48A-4E6B-9B47-366EDDA9E856}.job [2013.01.01 18:30:43 | 000,008,192 | -H-- | M] () -- C:\Users\Rena\Desktop\photothumb.db [2012.12.14 14:41:29 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.12.14 14:41:28 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.12.14 14:41:25 | 016,363,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe [2012.12.14 14:20:38 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk ========== Files Created - No Company Name ========== [2013.01.09 13:23:36 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.01.01 18:30:42 | 000,008,192 | -H-- | C] () -- C:\Users\Rena\Desktop\photothumb.db [2013.01.01 14:17:21 | 001,490,554 | ---- | C] () -- C:\Users\Rena\Desktop\IMG_0893.JPG [2012.11.18 19:17:51 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 03:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Files - Unicode (All) ========== [2013.01.09 13:12:24 | 000,000,000 | ---D | M](C:\ProgramData\?Î?Î0) -- C:\ProgramData\䇀Î㹰Î0 [2013.01.09 13:12:24 | 000,000,000 | ---D | M](C:\ProgramData\?Î?Î0) -- C:\ProgramData\䇀Î㹰Î0 [2013.01.09 13:12:24 | 000,000,000 | ---D | C](C:\ProgramData\?Î?Î0) -- C:\ProgramData\䇀Î㹰Î0 [2013.01.08 20:05:44 | 000,000,000 | ---D | M](C:\ProgramData\?a?a0) -- C:\ProgramData\䇀ă㹰ă0 [2013.01.08 20:05:44 | 000,000,000 | ---D | M](C:\ProgramData\?a?a0) -- C:\ProgramData\䇀ă㹰ă0 [2013.01.08 20:05:44 | 000,000,000 | ---D | C](C:\ProgramData\?a?a0) -- C:\ProgramData\䇀ă㹰ă0 [2013.01.08 19:58:33 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀†㹰†0 [2013.01.08 19:58:33 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀†㹰†0 [2013.01.08 19:58:33 | 000,000,000 | ---D | C](C:\ProgramData\????0) -- C:\ProgramData\䇀†㹰†0 [2013.01.08 19:50:54 | 000,000,000 | ---D | M](C:\ProgramData\?3?30) -- C:\ProgramData\䇀3㹰30 [2013.01.08 19:50:54 | 000,000,000 | ---D | M](C:\ProgramData\?3?30) -- C:\ProgramData\䇀3㹰30 [2013.01.08 19:50:54 | 000,000,000 | ---D | C](C:\ProgramData\?3?30) -- C:\ProgramData\䇀3㹰30 [2013.01.08 13:43:50 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀ȅ㹰ȅ0 [2013.01.08 13:43:50 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀ȅ㹰ȅ0 [2013.01.08 13:43:50 | 000,000,000 | ---D | C](C:\ProgramData\????0) -- C:\ProgramData\䇀ȅ㹰ȅ0 [2013.01.06 13:54:13 | 000,000,000 | ---D | M](C:\ProgramData\?5?50) -- C:\ProgramData\䇀5㹰50 [2013.01.06 13:54:13 | 000,000,000 | ---D | M](C:\ProgramData\?5?50) -- C:\ProgramData\䇀5㹰50 [2013.01.06 13:54:13 | 000,000,000 | ---D | C](C:\ProgramData\?5?50) -- C:\ProgramData\䇀5㹰50 [2013.01.04 18:45:38 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀Dž㹰Dž0 [2013.01.04 18:45:38 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀Dž㹰Dž0 [2013.01.04 18:45:38 | 000,000,000 | ---D | C](C:\ProgramData\????0) -- C:\ProgramData\䇀Dž㹰Dž0 [2012.12.28 20:45:25 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀dž㹰dž0 [2012.12.28 20:45:25 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀dž㹰dž0 [2012.12.28 20:45:25 | 000,000,000 | ---D | C](C:\ProgramData\????0) -- C:\ProgramData\䇀dž㹰dž0 [2012.12.27 22:04:55 | 000,000,000 | ---D | M](C:\ProgramData\?2?20) -- C:\ProgramData\䇀2㹰20 [2012.12.27 22:04:55 | 000,000,000 | ---D | M](C:\ProgramData\?2?20) -- C:\ProgramData\䇀2㹰20 [2012.12.27 22:04:55 | 000,000,000 | ---D | C](C:\ProgramData\?2?20) -- C:\ProgramData\䇀2㹰20 [2012.12.27 13:58:32 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀Ž㹰Ž0 [2012.12.27 13:58:32 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀Ž㹰Ž0 [2012.12.27 13:58:32 | 000,000,000 | ---D | C](C:\ProgramData\????0) -- C:\ProgramData\䇀Ž㹰Ž0 [2012.12.26 17:48:16 | 000,000,000 | ---D | M](C:\ProgramData\?S?S0) -- C:\ProgramData\䇀Ŝ㹰Ŝ0 [2012.12.26 17:48:16 | 000,000,000 | ---D | M](C:\ProgramData\?S?S0) -- C:\ProgramData\䇀Ŝ㹰Ŝ0 [2012.12.26 17:48:16 | 000,000,000 | ---D | C](C:\ProgramData\?S?S0) -- C:\ProgramData\䇀Ŝ㹰Ŝ0 [2012.12.26 10:48:15 | 000,000,000 | ---D | M](C:\ProgramData\?.?.0) -- C:\ProgramData\䇀.㹰.0 [2012.12.26 10:48:15 | 000,000,000 | ---D | M](C:\ProgramData\?.?.0) -- C:\ProgramData\䇀.㹰.0 [2012.12.26 10:48:15 | 000,000,000 | ---D | C](C:\ProgramData\?.?.0) -- C:\ProgramData\䇀.㹰.0 [2012.12.19 18:38:39 | 000,000,000 | ---D | M](C:\ProgramData\?)?)0) -- C:\ProgramData\䇀)㹰)0 [2012.12.19 18:38:39 | 000,000,000 | ---D | M](C:\ProgramData\?)?)0) -- C:\ProgramData\䇀)㹰)0 [2012.12.19 18:38:39 | 000,000,000 | ---D | C](C:\ProgramData\?)?)0) -- C:\ProgramData\䇀)㹰)0 [2012.12.18 15:42:23 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀Ʋ㹰Ʋ0 [2012.12.18 15:42:23 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀Ʋ㹰Ʋ0 [2012.12.18 15:42:23 | 000,000,000 | ---D | C](C:\ProgramData\????0) -- C:\ProgramData\䇀Ʋ㹰Ʋ0 [2012.12.14 13:49:01 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀‹㹰‹0 [2012.12.14 13:49:01 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀‹㹰‹0 [2012.12.14 13:49:01 | 000,000,000 | ---D | C](C:\ProgramData\????0) -- C:\ProgramData\䇀‹㹰‹0 [2012.12.11 18:29:47 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀Ǵ㹰Ǵ0 [2012.12.11 18:29:47 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀Ǵ㹰Ǵ0 [2012.12.11 18:29:47 | 000,000,000 | ---D | C](C:\ProgramData\????0) -- C:\ProgramData\䇀Ǵ㹰Ǵ0 [2012.12.09 15:30:21 | 000,000,000 | ---D | M](C:\ProgramData\?i?i0) -- C:\ProgramData\䇀ǐ㹰ǐ0 [2012.12.09 15:30:21 | 000,000,000 | ---D | M](C:\ProgramData\?i?i0) -- C:\ProgramData\䇀ǐ㹰ǐ0 [2012.12.04 14:13:59 | 000,000,000 | ---D | M](C:\ProgramData\?u?u0) -- C:\ProgramData\䇀ǚ㹰ǚ0 [2012.12.04 14:13:59 | 000,000,000 | ---D | M](C:\ProgramData\?u?u0) -- C:\ProgramData\䇀ǚ㹰ǚ0 [2012.12.01 13:28:43 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀œ㹰œ0 [2012.12.01 13:28:43 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀œ㹰œ0 [2012.11.29 21:19:09 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀Ʃ㹰Ʃ0 [2012.11.29 21:19:09 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀Ʃ㹰Ʃ0 [2012.11.29 20:43:10 | 000,000,000 | ---D | M](C:\ProgramData\?A?A0) -- C:\ProgramData\䇀Ǎ㹰Ǎ0 [2012.11.29 20:43:10 | 000,000,000 | ---D | M](C:\ProgramData\?A?A0) -- C:\ProgramData\䇀Ǎ㹰Ǎ0 [2012.11.27 21:07:47 | 000,000,000 | ---D | M](C:\ProgramData\?o?o0) -- C:\ProgramData\䇀ǒ㹰ǒ0 [2012.11.27 21:07:47 | 000,000,000 | ---D | M](C:\ProgramData\?o?o0) -- C:\ProgramData\䇀ǒ㹰ǒ0 [2012.11.26 21:04:34 | 000,000,000 | ---D | M](C:\ProgramData\?c?c0) -- C:\ProgramData\䇀ĉ㹰ĉ0 [2012.11.26 21:04:34 | 000,000,000 | ---D | M](C:\ProgramData\?c?c0) -- C:\ProgramData\䇀ĉ㹰ĉ0 [2012.11.24 20:44:02 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀Ǣ㹰Ǣ0 [2012.11.24 20:44:02 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀Ǣ㹰Ǣ0 [2012.11.23 22:07:22 | 000,000,000 | ---D | M](C:\ProgramData\?o?o0) -- C:\ProgramData\䇀ǫ㹰ǫ0 [2012.11.23 22:07:22 | 000,000,000 | ---D | M](C:\ProgramData\?o?o0) -- C:\ProgramData\䇀ǫ㹰ǫ0 [2012.11.22 20:13:26 | 000,000,000 | ---D | M](C:\ProgramData\?u?u0) -- C:\ProgramData\䇀ǜ㹰ǜ0 [2012.11.22 20:13:26 | 000,000,000 | ---D | M](C:\ProgramData\?u?u0) -- C:\ProgramData\䇀ǜ㹰ǜ0 [2012.11.22 00:14:51 | 000,000,000 | ---D | M](C:\ProgramData\?G?G0) -- C:\ProgramData\䇀Ǧ㹰Ǧ0 [2012.11.22 00:14:51 | 000,000,000 | ---D | M](C:\ProgramData\?G?G0) -- C:\ProgramData\䇀Ǧ㹰Ǧ0 [2012.11.21 12:52:07 | 000,000,000 | ---D | M](C:\ProgramData\?d?d0) -- C:\ProgramData\䇀đ㹰đ0 [2012.11.21 12:52:07 | 000,000,000 | ---D | M](C:\ProgramData\?d?d0) -- C:\ProgramData\䇀đ㹰đ0 [2012.11.21 10:42:07 | 000,000,000 | ---D | M](C:\ProgramData\?ü?ü0) -- C:\ProgramData\䇀ü㹰ü0 [2012.11.21 10:42:07 | 000,000,000 | ---D | M](C:\ProgramData\?ü?ü0) -- C:\ProgramData\䇀ü㹰ü0 [2012.11.20 15:10:28 | 000,000,000 | ---D | M](C:\ProgramData\?²?²0) -- C:\ProgramData\䇀²㹰²0 [2012.11.20 15:10:28 | 000,000,000 | ---D | M](C:\ProgramData\?²?²0) -- C:\ProgramData\䇀²㹰²0 [2012.11.20 09:49:25 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀ſ㹰ſ0 [2012.11.20 09:49:25 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀ſ㹰ſ0 [2012.11.19 19:18:37 | 000,000,000 | ---D | M](C:\ProgramData\?×?×0) -- C:\ProgramData\䇀×㹰×0 [2012.11.19 19:18:37 | 000,000,000 | ---D | M](C:\ProgramData\?×?×0) -- C:\ProgramData\䇀×㹰×0 [2012.11.19 07:23:16 | 000,000,000 | ---D | M](C:\ProgramData\?¬?¬0) -- C:\ProgramData\䇀¬㹰¬0 [2012.11.19 07:23:16 | 000,000,000 | ---D | M](C:\ProgramData\?¬?¬0) -- C:\ProgramData\䇀¬㹰¬0 [2012.11.18 16:45:54 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀ˆ㹰ˆ0 [2012.11.18 16:45:54 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀ˆ㹰ˆ0 [2012.11.18 09:32:22 | 000,000,000 | ---D | M](C:\ProgramData\?ã?ã0) -- C:\ProgramData\䇀ã㹰ã0 [2012.11.18 09:32:22 | 000,000,000 | ---D | M](C:\ProgramData\?ã?ã0) -- C:\ProgramData\䇀ã㹰ã0 [2012.11.17 17:56:35 | 000,000,000 | ---D | M](C:\ProgramData\?!?!0) -- C:\ProgramData\䇀ǃ㹰ǃ0 [2012.11.17 17:56:35 | 000,000,000 | ---D | M](C:\ProgramData\?!?!0) -- C:\ProgramData\䇀ǃ㹰ǃ0 [2012.11.16 23:33:37 | 000,000,000 | ---D | M](C:\ProgramData\?D?D0) -- C:\ProgramData\䇀D㹰D0 [2012.11.16 23:33:37 | 000,000,000 | ---D | M](C:\ProgramData\?D?D0) -- C:\ProgramData\䇀D㹰D0 [2012.11.16 18:46:22 | 000,000,000 | ---D | M](C:\ProgramData\?ä?ä0) -- C:\ProgramData\䇀ä㹰ä0 [2012.11.16 18:46:22 | 000,000,000 | ---D | M](C:\ProgramData\?ä?ä0) -- C:\ProgramData\䇀ä㹰ä0 [2012.11.16 12:19:22 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀Ǹ㹰Ǹ0 [2012.11.16 12:19:22 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀Ǹ㹰Ǹ0 [2012.11.15 20:22:34 | 000,000,000 | ---D | M](C:\ProgramData\?U?U0) -- C:\ProgramData\䇀Ǖ㹰Ǖ0 [2012.11.15 20:22:34 | 000,000,000 | ---D | M](C:\ProgramData\?U?U0) -- C:\ProgramData\䇀Ǖ㹰Ǖ0 [2012.11.14 21:23:43 | 000,000,000 | ---D | M](C:\ProgramData\?©?©0) -- C:\ProgramData\䇀©㹰©0 [2012.11.14 21:23:43 | 000,000,000 | ---D | M](C:\ProgramData\?©?©0) -- C:\ProgramData\䇀©㹰©0 [2012.11.14 18:27:37 | 000,000,000 | ---D | M](C:\ProgramData\?}?}0) -- C:\ProgramData\䇀}㹰}0 [2012.11.14 18:27:37 | 000,000,000 | ---D | M](C:\ProgramData\?}?}0) -- C:\ProgramData\䇀}㹰}0 (C:\ProgramData\?ü?ü0) -- C:\ProgramData\䇀ü㹰ü0 (C:\ProgramData\?U?U0) -- C:\ProgramData\䇀Ǖ㹰Ǖ0 (C:\ProgramData\?u?u0) -- C:\ProgramData\䇀ǚ㹰ǚ0 (C:\ProgramData\?u?u0) -- C:\ProgramData\䇀ǜ㹰ǜ0 (C:\ProgramData\?o?o0) -- C:\ProgramData\䇀ǫ㹰ǫ0 (C:\ProgramData\?o?o0) -- C:\ProgramData\䇀ǒ㹰ǒ0 (C:\ProgramData\?i?i0) -- C:\ProgramData\䇀ǐ㹰ǐ0 (C:\ProgramData\?G?G0) -- C:\ProgramData\䇀Ǧ㹰Ǧ0 (C:\ProgramData\?d?d0) -- C:\ProgramData\䇀đ㹰đ0 (C:\ProgramData\?D?D0) -- C:\ProgramData\䇀D㹰D0 (C:\ProgramData\?c?c0) -- C:\ProgramData\䇀ĉ㹰ĉ0 (C:\ProgramData\?ã?ã0) -- C:\ProgramData\䇀ã㹰ã0 (C:\ProgramData\?ä?ä0) -- C:\ProgramData\䇀ä㹰ä0 (C:\ProgramData\?A?A0) -- C:\ProgramData\䇀Ǎ㹰Ǎ0 (C:\ProgramData\?²?²0) -- C:\ProgramData\䇀²㹰²0 (C:\ProgramData\?¬?¬0) -- C:\ProgramData\䇀¬㹰¬0 (C:\ProgramData\?©?©0) -- C:\ProgramData\䇀©㹰©0 (C:\ProgramData\?×?×0) -- C:\ProgramData\䇀×㹰×0 (C:\ProgramData\?}?}0) -- C:\ProgramData\䇀}㹰}0 (C:\ProgramData\????0) -- C:\ProgramData\䇀ſ㹰ſ0 (C:\ProgramData\????0) -- C:\ProgramData\䇀Ʃ㹰Ʃ0 (C:\ProgramData\????0) -- C:\ProgramData\䇀Ǹ㹰Ǹ0 (C:\ProgramData\????0) -- C:\ProgramData\䇀Ǣ㹰Ǣ0 (C:\ProgramData\????0) -- C:\ProgramData\䇀œ㹰œ0 (C:\ProgramData\????0) -- C:\ProgramData\䇀ˆ㹰ˆ0 (C:\ProgramData\?!?!0) -- C:\ProgramData\䇀ǃ㹰ǃ0 < End of report > |
| Themen zu Verdacht auf GVU-Trojaner. Ist mein System betroffen? |
| .dll, absturz, adobe, antivir, autorun, avg, avira, bho, branding, chrome extension, converter, dealply, defender, explorer, firefox, flash player, format, helper, home, logfile, mozilla, mp3, pc performer, performer, programm, registry, software, system, temp, vista |
Baum-Darstellung