| |
| |||||||
Log-Analyse und Auswertung: Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.02.2013, 13:52
| #1 |
 |  Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden Hallo Community Ich habe vor 3-4 Wochen problemlos gesurft und hatte keine Probleme. Aber diese Woche habe ich gemerkt das mit mein Internet irgendwas nicht stimmt. Mein Internet wird immer wieder gebremst für 2-4 Sekunden. Und dann geht es wieder dann wirds wieder gebremst. Ich weiß nicht woran das liegt ? Habs im FritzBox nachgeschaut ob es von dort ist aber nichts gefunden. Mein Laptop ist sehr schnell (vor 4 Tagen noch Festplatte formatiert) und Internetgeschwindigkeit ist auch sehr schnell (16.000 DSL) aber wird halt nur gebremst. Gestern habe ich mit Malwarebytes Vollständigen Scan gemacht und habe da was gefunden. Undzwar Backdoor.Agent.DCGen, RegistryValue; (HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|rundll32) Habe mit OTL , Malwarebytes und mit HijackThis Scanns gemacht. Java 7 Update 11 habe ich auch deinstalliert. Und alle Plugins von Java deaktiviert. Habe nurnoch Java 7 Update 10 (64-bit) Version. Hijackthis , Malwarebyts und OTL LOGS angehängt. (OTL Text hatte über 188 Kb konnte als LOG Datei nicht hochladen. Deswegen als Rar eingepackt. Das war auch Minimum - Ausgabe; Deswegen als Rar eingepackt ) Was soll ich tuun ? :/ Geändert von oguzhan002 (02.02.2013 um 14:20 Uhr) |
|
02.02.2013, 17:43
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden Zitat:
 Du hast nur ein Log von MBAM ohne Funde gepostet, wie soll das bitte relevante Infos haben? Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520 Bitte alles nach Möglichkeit hier in CODE-Tags posten.  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
02.02.2013, 18:28
| #3 |
| | Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden Ja weil dieser Backdoor Troj. in Quarantäne ist deswegen ist in LOGS nichts zu finden
__________________ OTL Code:
ATTFilter OTL logfile created on: 02.02.2013 13:40:33 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 43,93% Memory free 7,99 Gb Paging File | 5,33 Gb Available in Paging File | 66,67% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 378,04 Gb Free Space | 81,18% Space Free | Partition Type: NTFS Drive F: | 7,55 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: ***** | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Users\*****\AppData\Local\Apps\2.0\QE3JXTYP.KJ7\9QHDYYQR.MOK\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe (AVM Berlin) PRC - C:\Windows\SysWOW64\bmon.exe () PRC - C:\Windows\SysWOW64\sasvc.exe () PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\LogMeIn Hamachi2\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Users\*****\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\2fde951bac2fe8259fd13df4f05e4023\System.Deployment.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\581e9ba9c81e2840a917fbd3d9661f85\System.Security.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\82f376255a9523982c52cf58b13268d3\PresentationFramework.Classic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e43f80b6a3a40323520dd89cb77500a8\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll () MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () MOD - C:\Windows\PLFSetI.exe () MOD - C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\DetMethod.dll () MOD - C:\Program Files (x86)\Launch Manager\PowerUtl.dll () ========== Services (SafeList) ========== SRV:64bit: - (GFilterSvc) -- C:\Windows\SysNative\GFilterSvc.exe () SRV:64bit: - (prevhpst) -- C:\Windows\SysNative\L2SecHCd.exe () SRV - (MCMUv2) -- C:\Windows\SysWOW64\bmon.exe () SRV - (SABBv1b) -- C:\Windows\SysWOW64\sasvc.exe () SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MsgPlusService) -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi2\hamachi-2.exe (LogMeIn Inc.) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab) DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (avmaura) -- C:\Windows\SysNative\drivers\avmaura.sys (AVM Berlin) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (MsgPlusDriver) -- C:\Windows\SysNative\drivers\MsgPlusDriver.sys (Yune Software) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH) DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (AR5416) -- C:\Windows\SysNative\drivers\athwx.sys (Atheros Communications, Inc.) DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys (Screaming Bee LLC) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited) DRV - (SLEE_18_DRIVER) -- C:\Windows\SleeN1864.sys (Softwareentwicklung Remus - ArchiCrypt - ) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (DritekPortIO) -- C:\PROGRA~2\LAUNCH~1\DPortIO.sys (Dritek System Inc.) DRV - (Winsock) -- C:\Windows\SysWow64\WINSOCK.SRG () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutDtDtByCtB0Dzy0C0FtAtAtAyB0AtA0CtN0D0Tzu0CtBzyyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=866207549 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={3BC7965D-419A-11E2-89A5-0017C4CA868C} IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=4f12f484-899c-41d0-9804-253b25f2e3e4&searchtype=ds&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={3BC7965D-419A-11E2-89A5-0017C4CA868C} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3461211073-1526684044-2221221769-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=4f12f484-899c-41d0-9804-253b25f2e3e4&searchtype=ds&q={searchTerms} IE - HKU\S-1-5-21-3461211073-1526684044-2221221769-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=4f12f484-899c-41d0-9804-253b25f2e3e4&searchtype=ds&q={searchTerms} IE - HKU\S-1-5-21-3461211073-1526684044-2221221769-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKU\S-1-5-21-3461211073-1526684044-2221221769-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3461211073-1526684044-2221221769-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3461211073-1526684044-2221221769-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 BB 6D 72 FB AD CD 01 [binary data] IE - HKU\S-1-5-21-3461211073-1526684044-2221221769-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=4f12f484-899c-41d0-9804-253b25f2e3e4&searchtype=ds&q={searchTerms} IE - HKU\S-1-5-21-3461211073-1526684044-2221221769-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=4f12f484-899c-41d0-9804-253b25f2e3e4&searchtype=ds&q={searchTerms} IE - HKU\S-1-5-21-3461211073-1526684044-2221221769-1004\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found IE - HKU\S-1-5-21-3461211073-1526684044-2221221769-1004\..\SearchScopes,DefaultScope = {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} IE - HKU\S-1-5-21-3461211073-1526684044-2221221769-1004\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=4f12f484-899c-41d0-9804-253b25f2e3e4&searchtype=ds&q={searchTerms} IE - HKU\S-1-5-21-3461211073-1526684044-2221221769-1004\..\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo IE - HKU\S-1-5-21-3461211073-1526684044-2221221769-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.param.yahoo-fr: "chrf-comodo" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-comodo" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ncr" FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13 FF - prefs.js..extensions.enabledAddons: %7B9c51bd27-6ed8-4000-a2bf-36cb95c0c947%7D:11.0.1 FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.2 FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2 FF - prefs.js..extensions.enabledAddons: content_blocker%40kaspersky.com:13.0.1.4250 FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4250 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - prefs.js..network.proxy.gopher: "" FF - prefs.js..network.proxy.gopher_port: 0 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ncr" FF - user.js..browser.search.defaultenginename: "Google" FF - user.js..browser.search.selectedEngine: "Google" FF - user.js..browser.startup.homepage: "hxxp://www.google.de/ncr" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\*****\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files (x86)\Iminent\webbooster@iminent.com FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.02.01 17:42:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.02.01 17:42:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.02.01 17:42:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.02.01 17:42:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.02.01 17:42:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.20 01:36:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.17 19:00:08 | 000,000,000 | ---D | M] [2012.10.18 21:34:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2013.02.01 11:58:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\gpvu8bv2.default-1352417479729\extensions [2013.01.13 02:41:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\gpvu8bv2.default-1352417479729\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.01.17 17:25:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\txn8x6g4.default\extensions [2012.11.05 21:54:55 | 000,000,000 | ---D | M] (COMPUTERBILD-Abzockschutz) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\txn8x6g4.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398} [2013.01.17 17:25:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\txn8x6g4.default\extensions\plugin@yontoo.com [2012.12.13 16:09:22 | 002,151,598 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\gpvu8bv2.default-1352417479729\extensions\firebug@software.joehewitt.com.xpi [2013.01.18 20:25:45 | 000,615,655 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\gpvu8bv2.default-1352417479729\extensions\testpilot@labs.mozilla.com.xpi [2013.02.01 11:58:19 | 000,533,536 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\gpvu8bv2.default-1352417479729\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.01.13 02:43:46 | 000,080,872 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\gpvu8bv2.default-1352417479729\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2013.01.15 14:39:32 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\gpvu8bv2.default-1352417479729\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2013.02.01 11:58:21 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\gpvu8bv2.default-1352417479729\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.12.16 23:05:18 | 000,002,413 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\gpvu8bv2.default-1352417479729\searchplugins\askcom.xml [2012.12.11 13:18:58 | 000,003,576 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\gpvu8bv2.default-1352417479729\searchplugins\Google.xml [2012.12.09 02:19:40 | 000,003,983 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\gpvu8bv2.default-1352417479729\searchplugins\sweetim.xml [2012.12.19 17:21:51 | 000,001,044 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\gpvu8bv2.default-1352417479729\searchplugins\winload-customized-web-search.xml [2013.01.20 01:36:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.05 04:44:54 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.20 06:26:19 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Disabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Disabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Photo Gallery (Disabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: Stylish = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\1.1_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Stylish = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\1.1_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2012.11.14 17:27:02 | 000,444,833 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15276 more lines... O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (ProxTube) - {0AA2810A-F009-4BD7-A10A-32F140A1B9F3} - C:\Users\User\AppData\LocalLow\ProxTube\IE\ProxTube.dll (Malte Goetz) O2 - BHO: (OneTab Add-on) - {16ADEA98-D215-4F51-80AF-5E5ED660B9C0} - C:\Users\*****\AppData\Roaming\OneTab\OneTab.dll (OnPageAds) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (no name) - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - No CLSID value found. O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O3 - HKU\S-1-5-21-3461211073-1526684044-2221221769-1004\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [PLFSetL] C:\Windows\\PLFSetL.exe File not found O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe () O4 - HKLM..\Run: [LManager] C:\PROGRA~2\LAUNCH~1\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi2\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe (Ulead Systems, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3461211073-1526684044-2221221769-1004..\Run: [AVMUSBFernanschluss] C:\Users\*****\AppData\Local\Apps\2.0\QE3JXTYP.KJ7\9QHDYYQR.MOK\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe (AVM Berlin) O4 - HKU\S-1-5-21-3461211073-1526684044-2221221769-1004..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-3461211073-1526684044-2221221769-1004..\Run: [Facebook Update] "C:\Users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found O4 - HKU\S-1-5-21-3461211073-1526684044-2221221769-1007..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3461211073-1526684044-2221221769-1004..\RunOnce: [Uninstall C:\Users\*****\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\*****\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" File not found O4 - HKU\S-1-5-21-3461211073-1526684044-2221221769-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = File not found O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = File not found O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-3461211073-1526684044-2221221769-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BC0B89A-3EEF-4403-A4EA-677FF0919390}: NameServer = 8.26.56.26,156.154.70.22 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79177F28-CEC0-4E58-9BB4-BB8F83901D36}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79177F28-CEC0-4E58-9BB4-BB8F83901D36}: NameServer = 8.26.56.26,156.154.70.22 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.03.09 20:28:18 | 000,231,518 | R--- | M] () - F:\autorun.ico -- [ UDF ] O32 - AutoRun File - [2010.02.11 04:05:02 | 000,000,047 | R--- | M] () - F:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.02 12:07:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.02.01 23:21:02 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Fable3+13Tr-LinGon [2013.02.01 16:49:08 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Fable 3 [2013.02.01 16:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013 [2013.02.01 16:14:30 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll [2013.02.01 16:00:07 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP [2013.02.01 15:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013.02.01 15:59:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2013.02.01 15:57:00 | 000,613,720 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2013.02.01 15:57:00 | 000,089,432 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys [2013.02.01 12:00:28 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.01.31 20:36:20 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.01.31 20:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.01.31 20:36:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.01.31 19:02:59 | 006,382,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2013.01.31 19:02:59 | 003,455,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2013.01.31 19:02:59 | 002,558,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2013.01.31 19:02:59 | 000,118,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2013.01.31 19:02:59 | 000,063,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2013.01.31 18:59:58 | 001,472,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll [2013.01.31 18:59:58 | 000,189,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys [2013.01.31 18:59:58 | 000,031,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll [2013.01.31 18:59:56 | 026,931,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2013.01.31 18:59:56 | 025,256,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2013.01.31 18:59:56 | 020,450,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2013.01.31 18:59:56 | 018,054,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2013.01.31 18:59:56 | 017,560,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2013.01.31 18:59:56 | 015,129,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2013.01.31 18:59:56 | 015,052,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2013.01.31 18:59:56 | 012,641,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2013.01.31 18:59:56 | 009,389,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2013.01.31 18:59:56 | 007,931,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2013.01.31 18:59:56 | 007,565,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2013.01.31 18:59:56 | 006,263,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2013.01.31 18:59:56 | 002,904,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2013.01.31 18:59:56 | 002,824,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2013.01.31 18:59:56 | 002,720,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2013.01.31 18:59:56 | 002,504,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2013.01.31 18:59:56 | 002,344,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2013.01.31 18:59:56 | 001,985,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2013.01.31 18:59:56 | 001,813,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll [2013.01.31 18:59:56 | 001,504,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll [2013.01.20 06:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.01.20 03:30:11 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRITZ!Box [2013.01.20 03:00:13 | 000,116,480 | ---- | C] (AVM Berlin) -- C:\Windows\SysNative\drivers\avmaura.sys [2013.01.20 02:59:38 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Apps [2013.01.20 02:59:37 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Deployment [2013.01.20 02:04:41 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2013.01.20 01:57:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo [2013.01.19 23:02:13 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Tor [2013.01.19 23:02:12 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Vidalia [2013.01.19 23:02:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vidalia Bridge Bundle [2013.01.17 22:26:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA 3D Vision driver [2013.01.17 22:26:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2013.01.17 22:25:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2013.01.17 22:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2013.01.17 21:47:45 | 000,000,000 | ---D | C] -- C:\Windows\snApp [2013.01.17 21:47:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\obstore [2013.01.17 21:47:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\ext [2013.01.17 21:40:28 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\FRITZ! [2013.01.17 21:40:28 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\FRITZ! [2013.01.17 21:35:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FRITZ!DSL [2013.01.17 21:32:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.01.17 19:29:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.01.15 13:51:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools [2013.01.15 13:47:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools [2013.01.15 13:40:53 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2013.01.15 13:40:51 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\TestApp [2013.01.13 22:52:02 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\TagsRevisited [2013.01.13 22:24:07 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cheatbook Database2013 [2013.01.13 22:23:09 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Cheatbook [2013.01.13 21:09:59 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\MigWiz [2013.01.11 18:15:26 | 000,308,200 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013.01.11 18:15:09 | 000,188,392 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013.01.11 18:15:09 | 000,188,392 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013.01.11 18:15:09 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013.01.10 00:41:59 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.01.10 00:41:58 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.01.10 00:41:58 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.01.10 00:41:58 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.01.10 00:41:58 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.01.10 00:41:58 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.01.10 00:41:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.01.10 00:41:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.01.10 00:41:58 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.01.10 00:41:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.01.10 00:41:58 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.01.10 00:41:58 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.01.10 00:41:58 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.01.10 00:41:58 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.01.10 00:41:58 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.01.10 00:41:58 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.01.10 00:41:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.10 00:41:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.10 00:41:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.10 00:41:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.10 00:41:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.10 00:41:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.10 00:41:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.01.10 00:41:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.01.10 00:41:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.01.10 00:41:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.10 00:41:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.10 00:41:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.01.10 00:41:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.01.10 00:41:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.01.10 00:41:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.10 00:41:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.10 00:41:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.10 00:41:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.10 00:41:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.10 00:41:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.01.10 00:41:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.01.10 00:41:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.01.10 00:41:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.10 00:41:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.10 00:41:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.10 00:41:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.01.10 00:41:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.01.10 00:41:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.01.10 00:41:23 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013.01.10 00:41:23 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013.01.10 00:41:23 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013.01.10 00:41:23 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013.01.10 00:41:23 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013.01.10 00:41:23 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013.01.10 00:41:23 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013.01.10 00:41:22 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013.01.10 00:41:22 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013.01.10 00:41:22 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013.01.10 00:41:22 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013.01.10 00:41:22 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013.01.10 00:41:22 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013.01.10 00:41:22 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013.01.10 00:41:22 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013.01.10 00:41:22 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013.01.10 00:41:22 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013.01.10 00:41:22 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013.01.10 00:41:22 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013.01.10 00:41:22 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013.01.10 00:41:22 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013.01.10 00:41:22 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013.01.10 00:41:22 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013.01.10 00:41:22 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013.01.10 00:41:22 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013.01.10 00:41:22 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013.01.10 00:41:22 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013.01.10 00:41:22 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013.01.10 00:41:22 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013.01.10 00:41:22 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013.01.10 00:41:22 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013.01.10 00:41:21 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013.01.10 00:41:03 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.01.10 00:41:03 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.01.10 00:41:00 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013.01.10 00:40:57 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013.01.10 00:40:56 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013.01.09 13:24:08 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\7road [2013.01.09 11:39:33 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\FileZilla [2013.01.09 11:39:09 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [2013.01.09 11:39:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client [2013.01.07 00:05:55 | 000,000,000 | ---D | C] -- C:\Temp [2013.01.06 20:25:13 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Iminent [2013.01.06 20:20:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo [2013.01.06 20:19:34 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PutLockerDownloader.com [2013.01.04 22:32:02 | 000,000,000 | ---D | C] -- C:\Users\*****\Neuer Ordner [2013.01.04 22:03:16 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\PlatinumHideIP [2013.01.04 22:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\PlatinumHideIP [2013.01.04 20:32:56 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\eType [2013.01.04 18:25:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2013.01.04 18:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2013.01.04 18:24:29 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2013.01.04 18:24:29 | 001,361,336 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tosade.dll [2013.01.04 18:24:29 | 000,836,544 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll [2013.01.04 18:24:29 | 000,148,416 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo.dll [2013.01.04 18:24:29 | 000,065,944 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\SysNative\tepeqapo64.dll [2013.01.04 18:24:28 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2013.01.04 18:24:28 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2013.01.04 18:24:28 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2013.01.04 18:24:28 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2013.01.04 18:24:21 | 000,220,776 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll [2013.01.04 18:24:20 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll [2013.01.04 18:24:20 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll [2013.01.04 18:24:20 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll [2013.01.04 18:24:20 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll [2013.01.04 18:24:19 | 002,674,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll [2013.01.04 18:24:19 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2013.01.04 18:24:19 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll [2013.01.04 18:24:18 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll [2013.01.04 18:24:18 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll [2013.01.04 18:24:17 | 003,615,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll [2013.01.04 18:24:16 | 000,869,520 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll [2013.01.04 18:24:16 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2013.01.04 18:24:16 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2013.01.04 18:24:16 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2013.01.04 18:24:16 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2013.01.04 18:24:13 | 005,096,448 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat [2013.01.04 18:24:13 | 001,262,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll [2013.01.04 18:24:13 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2013.01.04 18:24:13 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2013.01.04 18:24:12 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll [2013.01.04 18:24:12 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll [2013.01.04 18:24:12 | 000,105,616 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll [2013.01.04 18:24:11 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll [2013.01.04 18:24:11 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll [2013.01.04 18:24:11 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll [2013.01.04 18:24:08 | 001,345,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll [2013.01.04 18:24:08 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll [2013.01.04 18:24:07 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll [2013.01.04 18:24:07 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2013.01.04 18:24:07 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll [2013.01.04 18:24:06 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll [2013.01.04 18:24:06 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll [2013.01.04 18:24:06 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2013.01.04 18:24:02 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2013.01.04 18:24:02 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll [2013.01.04 18:24:02 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll [2013.01.04 18:24:02 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll [2013.01.04 18:24:02 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll [2013.01.04 18:24:02 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll [2013.01.04 18:24:02 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll [2013.01.04 18:24:02 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll [2013.01.04 18:24:01 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll [2013.01.04 18:24:01 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll [2013.01.04 18:24:01 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll [2013.01.04 18:24:01 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll [2013.01.04 18:24:01 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll [2013.01.04 18:24:01 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll [2013.01.04 18:24:01 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll [2013.01.04 18:24:01 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll [2013.01.04 18:24:00 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll [2013.01.04 18:23:59 | 000,202,336 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll [2013.01.04 18:23:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2013.01.04 01:48:24 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Screaming Bee [2013.01.04 01:48:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Screaming Bee [2013.01.04 01:48:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Screaming Bee [2013.01.03 18:48:28 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\COMPUTERBILD-Abzockschutz [2012.11.21 17:40:03 | 001,230,848 | ---- | C] (Alexander Roshal) -- C:\Users\*****\WinRAR.exe [2012.11.21 17:40:03 | 000,287,744 | ---- | C] (Alexander Roshal) -- C:\Users\*****\UnRAR.exe [2012.11.21 17:40:03 | 000,196,096 | ---- | C] (Alexander Roshal) -- C:\Users\*****\RarExt.dll [2012.11.21 17:40:03 | 000,167,936 | ---- | C] (Alexander Roshal) -- C:\Users\*****\RarExt32.dll [2012.11.21 17:40:02 | 000,426,496 | ---- | C] (Alexander Roshal) -- C:\Users\*****\Rar.exe [2012.11.21 17:40:02 | 000,135,168 | ---- | C] (Alexander Roshal) -- C:\Users\*****\Uninstall.exe [7 C:\Windows\SysWow64\drivers\ext\*.tmp files -> C:\Windows\SysWow64\drivers\ext\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.02 13:38:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.02 13:35:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3461211073-1526684044-2221221769-1000UA.job [2013.02.02 12:53:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3461211073-1526684044-2221221769-1004UA.job [2013.02.02 12:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.02 11:51:21 | 000,000,770 | ---- | M] () -- C:\Users\*****\Desktop\Demon Slayer - Anmeldeclient.lnk [2013.02.02 11:38:45 | 000,022,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.02 11:38:45 | 000,022,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.02 11:32:44 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.02 11:32:37 | 000,004,872 | ---- | M] () -- C:\Windows\SysWow64\drivers\ext\tmp5622617008.cfg [2013.02.02 11:31:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.02 11:31:10 | 3217,231,872 | -HS- | M] () -- C:\hiberfil.sys [2013.02.02 06:00:48 | 000,004,872 | ---- | M] () -- C:\Windows\SysWow64\drivers\ext\tmp5622617008.cfg.old [2013.02.01 19:35:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3461211073-1526684044-2221221769-1000Core.job [2013.02.01 19:29:14 | 000,000,456 | ---- | M] () -- C:\Users\*****\Desktop\Drahtlosnetzwerkverbindung - Verknüpfung.lnk [2013.02.01 19:21:49 | 000,001,352 | ---- | M] () -- C:\Windows\SysWow64\drivers\ext\tmp4612141731.cfg [2013.02.01 19:21:49 | 000,000,280 | ---- | M] () -- C:\Windows\SysWow64\drivers\ext\tmp9851225802.cfg [2013.02.01 18:53:03 | 000,007,599 | ---- | M] () -- C:\Users\*****\AppData\Local\resmon.resmoncfg [2013.02.01 17:41:32 | 000,054,104 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\kltdi.sys [2013.02.01 17:41:31 | 000,613,720 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2013.02.01 16:55:27 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.02.01 16:14:53 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk [2013.02.01 14:24:57 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.02.01 11:42:43 | 001,621,308 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.01 11:42:43 | 000,700,418 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.01 11:42:43 | 000,655,090 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.01 11:42:43 | 000,149,182 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.01 11:42:43 | 000,121,962 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.31 22:25:51 | 000,000,280 | ---- | M] () -- C:\Windows\SysWow64\drivers\ext\tmp9851225802.cfg.old [2013.01.31 22:25:50 | 000,001,112 | ---- | M] () -- C:\Windows\SysWow64\drivers\ext\tmp4612141731.cfg.old [2013.01.20 03:53:05 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3461211073-1526684044-2221221769-1004Core.job [2013.01.20 03:00:02 | 000,116,480 | ---- | M] (AVM Berlin) -- C:\Windows\SysNative\drivers\avmaura.sys [2013.01.20 01:36:23 | 000,001,183 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.01.17 21:48:03 | 000,220,928 | ---- | M] () -- C:\Windows\SysWow64\bmon.exe [2013.01.17 21:47:57 | 000,981,130 | ---- | M] () -- C:\Windows\SysWow64\drivers\ext\tmp5460680952.cfg [2013.01.17 21:47:57 | 000,210,176 | ---- | M] () -- C:\Windows\SysWow64\sasvc.exe [2013.01.17 21:47:55 | 000,034,099 | ---- | M] () -- C:\Windows\SysWow64\drivers\ext\tmp5129300737.cfg [2013.01.17 21:47:54 | 000,002,637 | ---- | M] () -- C:\Windows\SysWow64\drivers\ext\tmp3866038127.cfg [2013.01.17 21:47:53 | 000,113,573 | ---- | M] () -- C:\Windows\SysWow64\drivers\ext\tmp310869315.cfg [2013.01.17 21:47:53 | 000,006,446 | ---- | M] () -- C:\Windows\SysWow64\drivers\ext\tmp2719844686.cfg [2013.01.17 21:47:51 | 000,134,112 | ---- | M] () -- C:\Windows\SysWow64\drivers\ext\tmp23393047594.cfg [2013.01.17 21:47:50 | 000,000,840 | ---- | M] () -- C:\Windows\SysWow64\drivers\ext\tmp167013990385.cfg [2013.01.17 21:47:50 | 000,000,640 | ---- | M] () -- C:\Windows\SysWow64\drivers\ext\tmp6277024184.cfg [2013.01.17 21:47:50 | 000,000,208 | ---- | M] () -- C:\Windows\SysWow64\drivers\ext\tmp3297547218.cfg [2013.01.17 21:47:50 | 000,000,144 | ---- | M] () -- C:\Windows\SysWow64\drivers\ext\tmp4832236295.cfg [2013.01.17 21:32:15 | 000,000,854 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.01.17 19:29:47 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.01.12 12:42:39 | 000,002,291 | ---- | M] () -- C:\Users\*****\Desktop\Google Chrome.lnk [2013.01.12 03:49:02 | 000,001,319 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2013.01.12 03:30:38 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.01.12 03:30:33 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.01.11 18:14:53 | 000,308,200 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013.01.11 18:14:53 | 000,188,392 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013.01.11 18:14:53 | 000,188,392 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013.01.11 18:14:53 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013.01.11 18:14:52 | 001,081,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013.01.11 18:14:52 | 000,959,976 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013.01.10 01:51:38 | 000,464,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.10 01:02:11 | 001,599,202 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.08 22:53:22 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.01.08 22:53:22 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.01.07 23:41:10 | 000,000,898 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013.01.05 01:25:09 | 000,287,772 | ---- | M] () -- C:\Users\*****\Documents\ts3_clientui-win64-1351504843-2013-01-05 01_25_08.805906.dmp [2013.01.05 01:09:03 | 000,280,500 | ---- | M] () -- C:\Users\*****\Documents\ts3_clientui-win64-1351504843-2013-01-05 01_09_02.558640.dmp [2013.01.05 01:08:18 | 000,281,524 | ---- | M] () -- C:\Users\*****\Documents\ts3_clientui-win64-1351504843-2013-01-05 01_08_17.684073.dmp [2013.01.05 00:59:44 | 000,280,772 | ---- | M] () -- C:\Users\*****\Documents\ts3_clientui-win64-1351504843-2013-01-05 00_59_44.316710.dmp [2013.01.05 00:59:15 | 000,290,247 | ---- | M] () -- C:\Users\*****\Documents\ts3_clientui-win64-1351504843-2013-01-05 00_59_15.484061.dmp [2013.01.05 00:20:39 | 000,290,107 | ---- | M] () -- C:\Users\*****\Documents\ts3_clientui-win64-1351504843-2013-01-05 00_20_36.210406.dmp [2013.01.04 20:26:59 | 000,287,295 | ---- | M] () -- C:\Users\*****\Documents\ts3_clientui-win64-1351504843-2013-01-04 20_26_58.466637.dmp [2013.01.04 01:48:24 | 000,002,284 | ---- | M] () -- C:\Users\*****\Desktop\MorphVOX Pro.lnk [2013.01.03 22:33:12 | 000,000,078 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mbam.context.scan [7 C:\Windows\SysWow64\drivers\ext\*.tmp files -> C:\Windows\SysWow64\drivers\ext\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.01 19:29:14 | 000,000,456 | ---- | C] () -- C:\Users\*****\Desktop\Drahtlosnetzwerkverbindung - Verknüpfung.lnk [2013.02.01 16:21:12 | 000,001,178 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk [2013.01.31 18:59:56 | 000,017,266 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2013.01.17 21:48:03 | 000,220,928 | ---- | C] () -- C:\Windows\SysWow64\bmon.exe [2013.01.17 21:47:57 | 000,210,176 | ---- | C] () -- C:\Windows\SysWow64\sasvc.exe [2013.01.17 21:47:56 | 000,981,130 | ---- | C] () -- C:\Windows\SysWow64\drivers\ext\tmp5460680952.cfg [2013.01.17 21:47:55 | 000,034,099 | ---- | C] () -- C:\Windows\SysWow64\drivers\ext\tmp5129300737.cfg [2013.01.17 21:47:54 | 000,002,637 | ---- | C] () -- C:\Windows\SysWow64\drivers\ext\tmp3866038127.cfg [2013.01.17 21:47:53 | 000,113,573 | ---- | C] () -- C:\Windows\SysWow64\drivers\ext\tmp310869315.cfg [2013.01.17 21:47:53 | 000,006,446 | ---- | C] () -- C:\Windows\SysWow64\drivers\ext\tmp2719844686.cfg [2013.01.17 21:47:51 | 000,134,112 | ---- | C] () -- C:\Windows\SysWow64\drivers\ext\tmp23393047594.cfg [2013.01.17 21:47:51 | 000,004,872 | ---- | C] () -- C:\Windows\SysWow64\drivers\ext\tmp5622617008.cfg.old [2013.01.17 21:47:51 | 000,004,872 | ---- | C] () -- C:\Windows\SysWow64\drivers\ext\tmp5622617008.cfg [2013.01.17 21:47:51 | 000,000,280 | ---- | C] () -- C:\Windows\SysWow64\drivers\ext\tmp9851225802.cfg.old [2013.01.17 21:47:51 | 000,000,280 | ---- | C] () -- C:\Windows\SysWow64\drivers\ext\tmp9851225802.cfg [2013.01.17 21:47:50 | 000,001,352 | ---- | C] () -- C:\Windows\SysWow64\drivers\ext\tmp4612141731.cfg [2013.01.17 21:47:50 | 000,001,112 | ---- | C] () -- C:\Windows\SysWow64\drivers\ext\tmp4612141731.cfg.old [2013.01.17 21:47:50 | 000,000,840 | ---- | C] () -- C:\Windows\SysWow64\drivers\ext\tmp167013990385.cfg [2013.01.17 21:47:50 | 000,000,640 | ---- | C] () -- C:\Windows\SysWow64\drivers\ext\tmp6277024184.cfg [2013.01.17 21:47:50 | 000,000,208 | ---- | C] () -- C:\Windows\SysWow64\drivers\ext\tmp3297547218.cfg [2013.01.17 21:47:50 | 000,000,144 | ---- | C] () -- C:\Windows\SysWow64\drivers\ext\tmp4832236295.cfg [2013.01.17 19:29:47 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.01.12 19:30:53 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3461211073-1526684044-2221221769-1000UA.job [2013.01.12 19:30:52 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3461211073-1526684044-2221221769-1000Core.job [2013.01.12 03:48:51 | 000,001,319 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2013.01.12 03:48:32 | 000,000,940 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3461211073-1526684044-2221221769-1004UA.job [2013.01.12 03:48:30 | 000,000,918 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3461211073-1526684044-2221221769-1004Core.job [2013.01.09 13:24:11 | 000,000,770 | ---- | C] () -- C:\Users\*****\Desktop\Demon Slayer - Anmeldeclient.lnk [2013.01.06 20:24:17 | 000,000,898 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013.01.05 01:25:08 | 000,287,772 | ---- | C] () -- C:\Users\*****\Documents\ts3_clientui-win64-1351504843-2013-01-05 01_25_08.805906.dmp [2013.01.05 01:09:02 | 000,280,500 | ---- | C] () -- C:\Users\*****\Documents\ts3_clientui-win64-1351504843-2013-01-05 01_09_02.558640.dmp [2013.01.05 01:08:17 | 000,281,524 | ---- | C] () -- C:\Users\*****\Documents\ts3_clientui-win64-1351504843-2013-01-05 01_08_17.684073.dmp [2013.01.05 00:59:44 | 000,280,772 | ---- | C] () -- C:\Users\*****\Documents\ts3_clientui-win64-1351504843-2013-01-05 00_59_44.316710.dmp [2013.01.05 00:59:15 | 000,290,247 | ---- | C] () -- C:\Users\*****\Documents\ts3_clientui-win64-1351504843-2013-01-05 00_59_15.484061.dmp [2013.01.05 00:20:36 | 000,290,107 | ---- | C] () -- C:\Users\*****\Documents\ts3_clientui-win64-1351504843-2013-01-05 00_20_36.210406.dmp [2013.01.04 20:26:58 | 000,287,295 | ---- | C] () -- C:\Users\*****\Documents\ts3_clientui-win64-1351504843-2013-01-04 20_26_58.466637.dmp [2013.01.04 18:24:13 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2013.01.04 01:48:24 | 000,002,284 | ---- | C] () -- C:\Users\*****\Desktop\MorphVOX Pro.lnk [2013.01.03 22:33:12 | 000,000,078 | ---- | C] () -- C:\Users\*****\AppData\Roaming\mbam.context.scan [2012.11.23 22:26:12 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe [2012.11.23 22:26:11 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2012.11.23 22:26:11 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2012.11.23 22:26:11 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini [2012.11.23 20:55:14 | 000,003,584 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.21 17:40:14 | 000,000,022 | ---- | C] () -- C:\Users\*****\zipnew.dat [2012.11.21 17:40:14 | 000,000,020 | ---- | C] () -- C:\Users\*****\rarnew.dat [2012.11.21 17:40:06 | 000,337,657 | ---- | C] () -- C:\Users\*****\WinRAR.chm [2012.11.21 17:40:06 | 000,109,824 | ---- | C] () -- C:\Users\*****\Zip64.SFX [2012.11.21 17:40:06 | 000,103,180 | ---- | C] () -- C:\Users\*****\winrar.lng [2012.11.21 17:40:06 | 000,082,944 | ---- | C] () -- C:\Users\*****\Zip.SFX [2012.11.21 17:40:06 | 000,038,566 | ---- | C] () -- C:\Users\*****\rar.lng [2012.11.21 17:40:06 | 000,008,028 | ---- | C] () -- C:\Users\*****\uninstall.lng [2012.11.21 17:40:06 | 000,003,584 | ---- | C] () -- C:\Users\*****\rarext.lng [2012.11.21 17:40:05 | 000,106,448 | ---- | C] () -- C:\Users\*****\WinCon64.SFX [2012.11.21 17:40:04 | 000,140,032 | ---- | C] () -- C:\Users\*****\Default64.SFX [2012.11.21 17:40:04 | 000,102,400 | ---- | C] () -- C:\Users\*****\Default.SFX [2012.11.21 17:40:04 | 000,076,288 | ---- | C] () -- C:\Users\*****\WinCon.SFX [2012.11.21 17:40:02 | 000,003,973 | ---- | C] () -- C:\Users\*****\Order.htm [2012.11.21 17:40:02 | 000,001,400 | ---- | C] () -- C:\Users\*****\RarFiles.lst [2012.11.21 17:40:02 | 000,000,686 | ---- | C] () -- C:\Users\*****\Uninstall.lst [2012.11.21 17:40:01 | 000,001,420 | ---- | C] () -- C:\Users\*****\Descript.ion [2012.11.21 17:40:01 | 000,000,616 | ---- | C] () -- C:\Users\*****\File_Id.diz [2012.11.14 18:08:09 | 000,005,197 | ---- | C] () -- C:\Windows\wininit.ini [2012.11.10 18:28:15 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\Userdata.ini [2012.11.08 14:49:22 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll [2012.11.08 14:45:19 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2012.11.08 14:45:01 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2012.11.05 22:42:26 | 000,000,306 | RHS- | C] () -- C:\Users\*****\ntuser.pol [2012.10.26 00:08:11 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2012.10.23 18:47:48 | 000,001,644 | ---- | C] () -- C:\Windows\ODBCINST.INI [2012.10.23 18:47:48 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI [2012.10.19 22:00:11 | 000,000,049 | ---- | C] () -- C:\Users\*****\jagex_cl_loginapplet_LIVE.dat [2012.10.19 21:53:57 | 000,000,047 | ---- | C] () -- C:\Users\*****\jagex_cl_runescape_LIVE.dat [2012.10.19 21:53:57 | 000,000,024 | ---- | C] () -- C:\Users\*****\random.dat [2012.10.18 22:10:08 | 000,007,599 | ---- | C] () -- C:\Users\*****\AppData\Local\resmon.resmoncfg [2012.10.18 02:06:20 | 001,749,376 | ---- | C] () -- C:\Windows\SysWow64\snp2uvc.sys [2012.10.18 02:06:19 | 000,172,032 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll [2012.10.18 02:06:19 | 000,028,032 | ---- | C] () -- C:\Windows\SysWow64\sncduvc.sys [2012.10.18 02:06:19 | 000,000,131 | ---- | C] () -- C:\Windows\SysWow64\PidList.ini [2012.10.18 01:26:28 | 000,000,030 | ---- | C] () -- C:\Windows\iedit.INI [2012.10.18 01:22:41 | 000,000,603 | ---- | C] () -- C:\Windows\ulead32.ini [2012.10.17 15:57:24 | 001,599,202 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.01.09 13:24:08 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\7road [2012.10.22 18:00:57 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\AC3Filter [2012.10.19 20:41:06 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\AnvSoft [2013.01.03 18:48:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\COMPUTERBILD-Abzockschutz [2013.02.01 22:55:59 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DAEMON Tools Pro [2013.02.01 00:04:08 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\dclogs [2013.01.04 20:33:58 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\eType [2012.12.09 02:31:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\EurekaLog [2013.01.31 19:31:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FileZilla [2013.01.17 21:40:54 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FRITZ! [2013.01.07 23:40:36 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Iminent [2012.12.20 16:24:28 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\LumacDaemon [2012.11.08 17:47:25 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\MAGIX [2012.11.03 23:11:08 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\MAXON [2012.11.21 16:17:12 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien [2012.10.29 21:49:22 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien [2012.10.25 19:01:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OneTab [2013.01.04 22:03:16 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PlatinumHideIP [2012.10.18 22:31:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\portable [2013.01.02 21:33:24 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Screaming Bee [2012.12.06 22:37:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Steganos [2013.01.12 03:41:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TeamViewer [2013.01.15 13:40:51 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TestApp [2013.02.01 14:29:52 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TS3Client [2012.12.15 01:48:26 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ts3overlay [2012.12.15 01:47:00 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ts3overlay_hook_win64 [2012.12.17 15:00:02 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TuneUp Software [2012.11.15 20:46:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\uTorrent [2012.12.07 19:50:47 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\EurekaLog [2012.12.07 19:50:47 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\EurekaLog [2012.12.07 19:50:47 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\EurekaLog [2012.12.07 19:50:47 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\EurekaLog [2012.12.07 19:50:47 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser.*****\AppData\Roaming\EurekaLog [2012.10.17 18:05:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AnvSoft [2013.01.20 06:31:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BabSolution [2013.01.20 06:24:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Babylon [2012.10.09 09:08:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DRPSu [2013.01.07 15:00:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Iminent [2012.11.08 15:01:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MAGIX [2012.12.06 23:43:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Steganos ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:373E1720 < End of report > Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:54:01, on 02.02.2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16457) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\PLFSetI.exe C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe C:\Program Files (x86)\LogMeIn Hamachi2\hamachi-2-ui.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Users\*****\AppData\Local\Apps\2.0\QE3JXTYP.KJ7\9QHDYYQR.MOK\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\*****\Desktop\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=4f12f484-899c-41d0-9804-253b25f2e3e4&searchtype=ds&q={searchTerms} R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=4f12f484-899c-41d0-9804-253b25f2e3e4&searchtype=ds&q={searchTerms} R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={3BC7965D-419A-11E2-89A5-0017C4CA868C} R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=4f12f484-899c-41d0-9804-253b25f2e3e4&searchtype=ds&q={searchTerms} R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=4f12f484-899c-41d0-9804-253b25f2e3e4&searchtype=ds&q={searchTerms} R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - (no file) F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: ProxTube - {0AA2810A-F009-4BD7-A10A-32F140A1B9F3} - C:\Users\User\AppData\LocalLow\ProxTube\IE\ProxTube.dll (file missing) O2 - BHO: OneTab Add-on - {16ADEA98-D215-4F51-80AF-5E5ED660B9C0} - C:\Users\*****\AppData\Roaming\OneTab\OneTab.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll O2 - BHO: (no name) - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - (no file) O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing) O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~2\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi2\hamachi-2-ui.exe" --auto-start O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKCU\..\Run: [Facebook Update] "C:\Users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [AVMUSBFernanschluss] "C:\Users\*****\AppData\Local\Apps\2.0\QE3JXTYP.KJ7\9QHDYYQR.MOK\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe" O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun O4 - HKCU\..\RunOnce: [Uninstall C:\Users\*****\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\*****\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" O4 - Startup: Facebook Messenger.lnk = *****\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6BC0B89A-3EEF-4403-A4EA-677FF0919390}: NameServer = 8.26.56.26,156.154.70.22 O17 - HKLM\System\CCS\Services\Tcpip\..\{79177F28-CEC0-4E58-9BB4-BB8F83901D36}: NameServer = 8.26.56.26,156.154.70.22 O17 - HKLM\System\CS1\Services\Tcpip\..\{6BC0B89A-3EEF-4403-A4EA-677FF0919390}: NameServer = 8.26.56.26,156.154.70.22 O17 - HKLM\System\CS2\Services\Tcpip\..\{6BC0B89A-3EEF-4403-A4EA-677FF0919390}: NameServer = 8.26.56.26,156.154.70.22 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: G-Filter Service (GFilterSvc) - Unknown owner - C:\Windows\System32\GFilterSvc.exe (file missing) O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi2\hamachi-2.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Monitor Color Manager (MCMUv2) - Unknown owner - C:\Windows\syswow64\bmon.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Messenger Plus! Service (MsgPlusService) - Yuna Software - C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Hauppauge MFC Power (prevhpst) - Unknown owner - C:\Windows\system32\L2SecHCd.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: USB Device Adapter (SABBv1b) - Unknown owner - C:\Windows\syswow64\sasvc.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 14820 bytes |
|
02.02.2013, 18:50
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefundenZitat:
 Hast du dir überhaupt mal die Mühe gemacht meinen verlinkten Artikel zu lesen?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
02.02.2013, 18:55
| #5 | |
| | Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefundenZitat:
|
|
02.02.2013, 18:56
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefundenZitat:
__________________ --> Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden |
|
02.02.2013, 19:05
| #7 | |
| | Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefundenZitat:
Code:
ATTFilter Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.31.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Abdullah :: ***** [Administrator] Schutz: Aktiviert 31.01.2013 20:29:32 mbam-log-2013-01-31 (20-29-32).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 313696 Laufzeit: 17 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|rundll32 (Backdoor.Agent.DCGen) -> Daten: C:\Users\*****\AppData\Local\Temp\MSDCSC\msdcsc.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
02.02.2013, 19:07
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden Sind das alle Logs mit Funden?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.02.2013, 19:10
| #9 | |
| | Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefundenZitat:
Ansonsten hätte ich die ja auch eingefügt. |
|
03.02.2013, 01:25
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Malwarebytes Anti-Rootkit  Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.02.2013, 18:15
| #11 |
| | Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden Hier bitteschön alles wie gefolgt. mbar-log-2013-02-03 (18-08-36) Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org
Database version: v2013.02.03.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
***** :: ***** [administrator]
03.02.2013 18:08:36
mbar-log-2013-02-03 (18-08-36).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29272
Time elapsed: 4 minute(s), 59 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Delete on reboot.
HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Delete on reboot.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
03.02.2013, 22:49
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus. aswMBR-Download => aswMBR.exe - speichere die Datei auf deinem Desktop.
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.02.2013, 15:17
| #13 |
| | Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden aswMBR ist immer abgestürzt. Musste halt unten links auf ,,None'' stellen. Dann konnte ich den Scan vollenden. Das ist immer rausgekommen  GMER Logfile musste ich Anhängen weil wegen über 135.000 Zeichen. aswMBR Logfile Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-04 15:03:11
-----------------------------
15:03:11.859 OS Version: Windows x64 6.1.7601 Service Pack 1
15:03:11.860 Number of processors: 2 586 0x170A
15:03:11.861 ComputerName: ***** UserName:
15:03:14.504 Initialze error C000010E - driver not loaded
15:03:25.587 AVAST engine defs: 13020400
15:03:45.446 Service scanning
15:04:21.212 Modules scanning
15:04:21.219 Disk 0 trace - called modules:
15:04:21.222
15:04:21.228 Scan finished successfully
15:05:08.848 The log file has been saved successfully to "C:\Users\*****\Desktop\aswMBR.txt"
|
|
04.02.2013, 15:23
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefundenZitat:
 Und aswMBR bitte nochmal machen, da ist irgendwas schiefgelaufen und das Log was du gepostet hast ziemlich unbrauchbar
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.02.2013, 18:49
| #15 |
| | Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden C:\Users\*****\Desktop\OggY95\Playworld 3 2011 Client1\Playworld\xb3-Patchlist-Creator2.exe Das da ist ein MMORPG Online Spiel ,,Metin2'' nur halt Privater Server. Dieser Patchlist ist kein Virus.Es lädt nur neue Datenlisten von der Server runter damit die Serverdateien aktuell bleiben. habe nochmal Scan gemacht aber kommt nix, stürzt immer wieder ab wenn ich Quick Scan mache <.<  Geändert von oguzhan002 (04.02.2013 um 19:42 Uhr) |
|
| Themen zu Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden |
| datei, dll, dsl, festplatte, fritzbox, geschwindigkeit, hijack, hijackthis, interne, internet, internetgeschwindigkeit, laptop, malwarebytes, microsoft, nichts, platte, plugins, problemlos, registry value, scan, schnell, software, trojaner, update, version, virus, windows, woche, wochen |
Linear-Darstellung
