| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: sirefef.gen cWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.03.2013, 23:22
| #1 |
| |  sirefef.gen c Hallo Leute, endlich hab ich´s auch mal geschafft.  Hab mir den sirefef.gen c eingefangen und bin jetzt natürlich bestrebt ihn schnellstens wieder los zu werden. Nach allem was ich soweit lesen konnte ist OTL dafür ganz gut geeignet. Jetzt will ich aber nicht sinnlos rum probieren und mir das System ganz zerschießen. Kann mir da Jemand helfen? Der Log sagt folgendes aus:OTL logfile created on: 15.03.2013 22:30:06 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Hera\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,12 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 64,38% Memory free 4,97 Gb Paging File | 3,74 Gb Available in Paging File | 75,19% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Programme Drive C: | 149,04 Gb Total Space | 122,71 Gb Free Space | 82,33% Space Free | Partition Type: NTFS Drive D: | 1397,26 Gb Total Space | 1006,51 Gb Free Space | 72,03% Space Free | Partition Type: NTFS Drive F: | 3,84 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: MACHO | User Name: Hera | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.15 18:29:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Hera\Desktop\OTL.exe PRC - [2013.03.14 14:17:47 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2013.03.11 01:22:07 | 001,274,320 | ---- | M] (Google Inc.) -- C:\Programme\Google\Chrome\Application\chrome.exe PRC - [2013.03.09 19:38:20 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.12.05 13:22:40 | 000,092,632 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe PRC - [2012.08.31 08:52:14 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe PRC - [2012.08.31 08:52:12 | 000,964,024 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\Kies.exe PRC - [2012.07.03 09:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2011.05.17 10:40:26 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\nlssrv32.exe PRC - [2011.03.07 14:33:08 | 000,089,456 | ---- | M] (Elaborate Bytes AG) -- C:\Programme\VirtualCloneDrive\VCDDaemon.exe PRC - [2009.11.18 12:47:38 | 001,243,112 | ---- | M] (PC Tools) -- C:\Programme\PC Tools Internet Security\pctsTray.exe PRC - [2009.11.12 10:03:32 | 000,070,928 | ---- | M] (PC Tools) -- C:\Programme\PC Tools Internet Security\TFEngine\TFService.exe PRC - [2009.11.10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Programme\PC Tools Internet Security\BDT\BDTUpdateService.exe PRC - [2009.11.06 15:50:58 | 001,141,736 | ---- | M] (PC Tools) -- C:\Programme\PC Tools Internet Security\pctsSvc.exe PRC - [2009.10.30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) -- C:\Programme\PC Tools Internet Security\pctsAuxs.exe PRC - [2009.09.23 13:34:04 | 000,073,728 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\drivers\WTSrv.exe PRC - [2009.08.19 17:24:22 | 000,032,768 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\WTClient.exe PRC - [2009.05.11 16:02:53 | 000,131,752 | ---- | M] (Lexmark International Inc.) -- C:\Programme\Lexmark 5600-6600 Series\ezprint.exe PRC - [2009.05.11 16:02:50 | 000,684,712 | ---- | M] () -- C:\Programme\Lexmark 5600-6600 Series\lxdumon.exe PRC - [2009.04.29 10:02:01 | 000,270,336 | R--- | M] (LG Electronics) -- C:\Dokumente und Einstellungen\Hera\Bluebirds\BlueBirds.exe PRC - [2008.05.23 11:58:34 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxducoms.exe PRC - [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004.12.14 02:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe ========== Modules (No Company Name) ========== MOD - [2013.03.11 01:22:06 | 000,459,728 | ---- | M] () -- C:\Programme\Google\Chrome\Application\25.0.1364.172\ppgooglenaclpluginchrome.dll MOD - [2013.03.11 01:22:04 | 004,050,896 | ---- | M] () -- C:\Programme\Google\Chrome\Application\25.0.1364.172\pdf.dll MOD - [2013.03.11 01:21:16 | 001,552,848 | ---- | M] () -- C:\Programme\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll MOD - [2013.03.09 19:38:20 | 003,069,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.09.23 19:00:39 | 015,399,936 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\14a4e38a1795e56292e86fa1aa251456\Kies.Theme.ni.dll MOD - [2012.09.23 19:00:37 | 000,599,040 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\55d1cc5c55ccad68fd50a1a2d8dcbf5d\DevicePodcast.ni.dll MOD - [2012.09.23 19:00:34 | 000,284,160 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\2a112f862010ccc688b41911a358b0f9\DeviceVideo.ni.dll MOD - [2012.09.23 19:00:32 | 000,356,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\316cdd361103940bf1502d40b035282a\DevicePhoto.ni.dll MOD - [2012.09.23 19:00:29 | 000,292,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\9a8043981d399af9516005a488d7a908\DeviceMusic.ni.dll MOD - [2012.09.23 19:00:27 | 000,445,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\VideoManager\8faa42d902c4a2c707e6d5bfcc8812f0\VideoManager.ni.dll MOD - [2012.09.23 19:00:24 | 002,752,512 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PodcastService\44c85994bd21a326460b0ebc498864ab\PodcastService.ni.dll MOD - [2012.09.23 19:00:21 | 001,081,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Podcaster\126c12d6d08e5f6e940058c17cca07f6\Podcaster.ni.dll MOD - [2012.09.23 19:00:17 | 000,582,656 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\8c52eccc12a51bd8bcfaec6aaa12ce0f\PhotoManager.ni.dll MOD - [2012.09.23 18:59:42 | 000,033,792 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\1fd68a6d00a060ff7c589af3821382b6\Kies.Common.DeviceServiceLib.FirmwareUpdate.Firmw areUpdateAgentHelper.ni.dll MOD - [2012.09.23 18:59:38 | 005,572,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\8cc0e321c7a92fc883f7497974deee5d\DeviceHost.ni.dll MOD - [2012.09.23 18:59:14 | 001,798,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Phonebook\316abf3cdf48e68a38ac3c6cc258a996\Phonebook.ni.dll MOD - [2012.09.23 18:59:01 | 000,999,936 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\CPKTMusicPlugin\84b3c86f942e5af84bb21406670251ce\CPKTMusicPlugin.ni.dll MOD - [2012.09.23 18:58:56 | 000,931,328 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\MusicManager\49ce3c75e6557ab05c23685edb7c768a\MusicManager.ni.dll MOD - [2012.09.23 18:58:47 | 000,314,368 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\EBookManager\bbcfacfed68f6c62e9fa986abcb465cd\EBookManager.ni.dll MOD - [2012.09.23 18:58:44 | 000,381,440 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\465bf2c5a4637d4418e0088b29fa6f76\BATPlugin.ni.dll MOD - [2012.09.23 18:58:42 | 000,031,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\AllShareController\5cb7578fdbc2707036d2d0ea55b32ad9\AllShareController.ni.dll MOD - [2012.09.23 18:58:31 | 000,028,672 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\f7cb5ea0ff3b9556b57d56b63eb62ed3\Kies.Common.StoreManager.ni.dll MOD - [2012.09.23 18:58:29 | 000,504,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\85a512a39222ce215eedcbc3420299da\Kies.Common.MediaDB.ni.dll MOD - [2012.09.23 18:58:26 | 000,231,424 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\2d37df6c7b575511d0f0dbd67d6c8ad2\ASF_cSharpAPI.ni.dll MOD - [2012.09.23 18:58:25 | 000,063,488 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\930978e88684ab0f2c07ada414115ae7\Kies.Common.AllShare.ni.dll MOD - [2012.09.23 18:58:19 | 000,275,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\80a42a262154369c8aeae66bdb331b92\Kies.Common.DeviceServiceLib.FirmwareUpdate.Commo n.ni.dll MOD - [2012.09.23 18:58:16 | 000,189,440 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\00daabf059e1594dffe2bedf76240d55\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downl oader.ni.dll MOD - [2012.09.23 18:58:13 | 000,174,592 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\16d6d01954f9aed7d48c5cd58954f689\Interop.DevFileServiceLib.ni.dll MOD - [2012.09.23 18:58:12 | 000,557,056 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\5f434f65a34583e1cb727443de08694c\Kies.Common.DeviceServiceLib.FileService.ni.dll MOD - [2012.09.23 18:58:08 | 000,561,152 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\a7046e29391e62df2e5bd78613bd03e9\Kies.Common.DeviceServiceLib.DeviceDataService.ni .dll MOD - [2012.09.23 18:58:01 | 000,183,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\f5ec326766e2e016689cd47b5adc7430\Kies.Common.DeviceServiceLib.Interface.ni.dll MOD - [2012.09.23 18:57:59 | 000,890,880 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\dc5a40cda8e001d59b6c3e96d74c397c\Kies.Common.DeviceServiceLib.DeviceManagement.ni. dll MOD - [2012.09.23 18:57:55 | 001,009,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\385235423635266aeb6adaffc398f408\Kies.Common.DeviceService.ni.dll MOD - [2012.09.23 18:57:23 | 000,032,256 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\b1b81f9b86c2131558e522b5ac1fcfb4\Interop.OGGFileInfoCOMLib.ni.dll MOD - [2012.09.23 18:57:22 | 000,052,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\7fc26c403d62399cd9c3594743a3cbe5\Interop.MP3FileInfoCOMLib.ni.dll MOD - [2012.09.23 18:57:21 | 000,030,720 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\0c704bd6b4fd24eb7bd145598b362d8f\Interop.PRPLAYERCORELib.ni.dll MOD - [2012.09.23 18:57:20 | 000,171,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\e0cc7f1609cc547e0ce6d6e81a9d6f4b\Interop.P3MPINTERFACECTRLLib.ni.dll MOD - [2012.09.23 18:57:16 | 002,157,056 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\386357925c696049b50d9daeda818f29\Kies.Common.Multimedia.ni.dll MOD - [2012.09.23 18:56:47 | 000,180,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\2c4dbc664ecf7ea191f49fffc273ccce\Kies.Common.MainUI.ni.dll MOD - [2012.09.23 18:56:43 | 000,066,560 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\f57ad3b183dda8cb1e713dcc5c588877\Kies.Common.DBManager.ni.dll MOD - [2012.09.23 18:56:41 | 000,394,240 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\CabLib\4c9ae10bff753ec9851e3ed220c3936d\CabLib.ni.dll MOD - [2012.09.23 18:56:39 | 000,528,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\6eed206b7c7134d3869ccaa3a0c65222\ICSharpCode.SharpZipLib.ni.dll MOD - [2012.09.23 18:56:38 | 000,199,680 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\0f22c0af94ea7644c3b4f595cdbaff89\Kies.Common.Util.ni.dll MOD - [2012.09.23 18:56:36 | 000,052,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\74232e267f97c541487e9b4c0acd61cb\Interop.DeviceSearchLib.ni.dll MOD - [2012.09.23 18:56:35 | 001,437,696 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\e04b86bc3319f6f9fb19d90b331aba33\Kies.Locale.ni.dll MOD - [2012.09.23 18:56:33 | 000,078,848 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\3ecf11e8a772dda35f4bf3d3c65dd2d0\Kies.MVVM.ni.dll MOD - [2012.09.23 18:56:32 | 001,630,208 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\9e3d3fb12fccf8c71195af8550d241e1\Kies.UI.ni.dll MOD - [2012.09.23 18:56:28 | 000,113,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\f6ae014707218a08360d4b45856a56ae\GongSolutions.Wpf.DragDrop.ni.dll MOD - [2012.09.23 18:56:24 | 001,177,088 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\7c4ecfac2bd4b03b46e8b932be2c2dd3\Kies.Interface.ni.dll MOD - [2012.09.23 18:55:03 | 000,220,672 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\344664edacba22ded4adb2934ac667b8\System.ServiceProcess.ni.dll MOD - [2012.09.23 18:53:02 | 000,767,488 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\8bfae9ff16b1e1caee2b4bf3858c651b\System.Runtime.Remoting.ni.dll MOD - [2012.09.23 18:49:12 | 001,776,640 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\ca4bfbad4e94dd853b7b029314b39692\System.Xaml.ni.dll MOD - [2012.09.23 18:13:36 | 001,629,696 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Kies\c85cb3102195c71110f698a5e65f8bc4\Kies.ni.exe MOD - [2012.09.23 17:12:38 | 017,646,080 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\46cffda941bf201614ce664b6b33780d\PresentationFramework.ni.dll MOD - [2012.09.23 17:12:11 | 011,077,632 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\df76a08746ba3b19131299d83492ccca\PresentationCore.ni.dll MOD - [2012.09.23 17:11:58 | 003,800,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7aab210774a01cb44fbf03e8a55adfa4\WindowsBase.ni.dll MOD - [2012.09.23 17:06:53 | 005,571,072 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2a553f2e01d1273d925934706886b5c3\System.Xml.ni.dll MOD - [2012.09.23 17:03:32 | 000,973,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8bef1ef4c1f8ca4c76328025d9907a2e\System.Configuration.ni.dll MOD - [2012.09.23 17:03:18 | 007,025,152 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\7dada4f306222137e3eec7c391e5bcf9\System.Core.ni.dll MOD - [2012.09.23 17:03:08 | 009,003,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\66999a69b15d2061f012151c2a67ccb3\System.ni.dll MOD - [2012.09.23 17:02:58 | 014,416,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\0b6fafc69f01aa1a982b7f0bc40d48f0\mscorlib.ni.dll MOD - [2009.12.02 11:12:06 | 001,263,592 | ---- | M] () -- C:\Programme\PC Tools Internet Security\UserModeFileCache.dll MOD - [2009.11.13 15:45:28 | 003,426,280 | ---- | M] () -- C:\Programme\PC Tools Internet Security\SpamMonitor\SMEngine.dll MOD - [2009.11.10 10:26:46 | 000,767,952 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll MOD - [2009.09.28 13:33:28 | 000,137,192 | ---- | M] () -- C:\Programme\PC Tools Internet Security\avengine\sdkBSCtrl.dll MOD - [2009.09.24 16:16:14 | 000,200,704 | ---- | M] () -- C:\WINDOWS\system32\WinTab32.dll MOD - [2009.08.24 13:57:10 | 000,137,192 | ---- | M] () -- C:\Programme\PC Tools Internet Security\NetworkLayer\PCTCFHook.dll MOD - [2009.05.11 16:02:50 | 000,684,712 | ---- | M] () -- C:\Programme\Lexmark 5600-6600 Series\lxdumon.exe MOD - [2009.05.11 15:28:33 | 000,081,920 | ---- | M] () -- C:\Programme\Lexmark 5600-6600 Series\lxducaps.dll MOD - [2009.05.11 15:28:20 | 000,380,928 | ---- | M] () -- C:\Programme\Lexmark 5600-6600 Series\lxduscw.dll MOD - [2009.05.11 15:28:18 | 001,036,288 | ---- | M] () -- C:\Programme\Lexmark 5600-6600 Series\lxdudrs.dll MOD - [2009.05.11 15:26:16 | 000,380,928 | ---- | M] () -- C:\Programme\Lexmark 5600-6600 Series\iptk.dll MOD - [2009.05.11 15:16:45 | 000,188,416 | ---- | M] () -- C:\Programme\Lexmark 5600-6600 Series\lxdudatr.dll MOD - [2009.05.11 15:16:41 | 000,069,632 | ---- | M] () -- C:\Programme\Lexmark 5600-6600 Series\lxducnv4.dll MOD - [2008.05.23 11:17:14 | 000,121,856 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdudrpp.dll MOD - [2008.04.14 06:52:20 | 000,247,296 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll MOD - [2008.04.14 06:52:20 | 000,247,296 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll MOD - [2008.04.14 06:52:18 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2007.09.06 05:11:34 | 000,151,552 | ---- | M] () -- C:\Programme\Lexmark 5600-6600 Series\lxduptp.dll MOD - [2005.04.14 06:20:12 | 000,060,928 | ---- | M] () -- C:\WINDOWS\system32\antiwpa.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Programme\Tor\tor.exe -- (tor) SRV - [2013.03.14 14:17:47 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013.03.13 02:53:22 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.09 19:38:20 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.12.05 13:22:40 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2012.03.09 14:16:17 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.03.07 20:13:19 | 000,069,632 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2011.05.17 10:40:26 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\nlssrv32.exe -- (nlsX86cc) SRV - [2009.11.12 10:03:32 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Programme\PC Tools Internet Security\TFEngine\TFService.exe -- (ThreatFire) SRV - [2009.11.10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Programme\PC Tools Internet Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service) SRV - [2009.11.06 15:50:58 | 001,141,736 | ---- | M] (PC Tools) [Auto | Running] -- C:\Programme\PC Tools Internet Security\pctsSvc.exe -- (sdCoreService) SRV - [2009.10.30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Programme\PC Tools Internet Security\pctsAuxs.exe -- (sdAuxService) SRV - [2009.09.23 13:34:04 | 000,073,728 | ---- | M] (Tablet Driver) [Auto | Running] -- C:\WINDOWS\system32\drivers\WTSrv.exe -- (WinTabService) SRV - [2008.05.23 11:58:34 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxducoms.exe -- (lxdu_device) SRV - [2008.05.23 11:58:22 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\windows\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe -- (lxduCATSCustConnectService) SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\Tablet2k.sys -- (Tablet2k) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Running] -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\Hera\LOKALE~1\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.07.31 11:42:48 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2012.07.31 11:42:48 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2011.08.31 14:38:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3) DRV - [2011.08.31 14:38:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1) DRV - [2009.11.12 10:03:32 | 000,059,664 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TFSysMon) DRV - [2009.11.12 10:03:32 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon) DRV - [2009.11.12 10:03:32 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon) DRV - [2009.11.10 17:11:36 | 000,070,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter) DRV - [2009.11.09 11:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore) DRV - [2009.11.04 14:21:00 | 000,055,208 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNDIS) DRV - [2009.10.30 11:11:00 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi) DRV - [2009.10.16 16:55:00 | 000,115,216 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw) DRV - [2009.10.06 16:31:30 | 000,087,784 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent) DRV - [2009.09.03 09:45:12 | 000,070,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg) DRV - [2009.08.14 13:44:18 | 000,032,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis-DNS.sys -- (PCTFW-DNS) DRV - [2009.06.22 08:58:46 | 000,019,624 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UCTblHid.sys -- (UCTblHid) DRV - [2009.06.22 08:58:36 | 000,023,208 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TClass2k.sys -- (TClass2k) DRV - [2006.11.02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB) DRV - [2006.09.12 19:27:00 | 004,381,184 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) DRV - [2006.08.14 21:09:48 | 000,083,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119292&tt=070312_xn2&babsrc=HP_ss&mntrId=005600196645E96F IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119292&tt=070312_xn2&babsrc=SP_ss&mntrId=005600196645E96F IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={51024E17-E8E4-4C9F-A7F5-98547C43BD4C}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: en-US%40dictionaries.addons.mozilla.org:6.0 FF - prefs.js..extensions.enabledAddons: exif_viewer%40mozilla.doslash.org:2.00 FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.1.3 FF - prefs.js..extensions.enabledAddons: histogramviewer%40davidfichtmueller.de:2.0.4 FF - prefs.js..extensions.enabledAddons: %7B1A2D0EC4-75F5-4c91-89C4-3656F6E44B68%7D:0.4.6 FF - prefs.js..extensions.enabledAddons: %7B5B52016C-D097-4aec-BE61-9F129D8FDDBA%7D:2.0 FF - prefs.js..extensions.enabledAddons: %7B6AC85730-7D0F-4de0-B3FA-21142DD85326%7D:2.8 FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10 FF - prefs.js..extensions.enabledAddons: %7Bdd3d7613-0246-469d-bc65-2a3cc1668adc%7D:1.0.3 FF - prefs.js..extensions.enabledAddons: %7Bef62e1ce-d2a4-4cdd-b7ec-92b120366b66%7D:2.7.8 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: %7BFCAB6FDD-5585-425b-95C1-5ED856F3FD08%7D:6.9 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.7 FF - prefs.js..extensions.enabledAddons: firefox%40unfriendfinder.com:42.210 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129 FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8 FF - prefs.js..extensions.enabledAddons: %7B77d2ed30-4cd2-11e0-b8af-0800200c9a66%7D:5.6 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=" FF - prefs.js..network.proxy.gopher: "" FF - prefs.js..network.proxy.gopher_port: 0 FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 9666 FF - prefs.js..network.proxy.socks: "localhost" FF - prefs.js..network.proxy.socks_port: 9050 FF - prefs.js..network.proxy.socks_remote_dns: true FF - prefs.js..network.proxy.ssl: "localhost" FF - prefs.js..network.proxy.ssl_port: 9666 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.12.24 15:20:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Programme\Gemeinsame Dateien\DVDVideoSoft\plugins\ff\ [2013.01.25 11:11:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.03.09 19:38:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.02.23 19:50:07 | 000,000,000 | ---D | M] [2012.09.25 14:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hera\Anwendungsdaten\Mozilla\Extensions [2012.09.25 14:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hera\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com [2013.03.14 17:38:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hera\Anwendungsdaten\Mozilla\Firefox\Profiles\s7iw1c0r.default\extensions [2012.08.03 07:57:58 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Dokumente und Einstellungen\Hera\Anwendungsdaten\Mozilla\Firefox\Profiles\s7iw1c0r.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2013.03.01 23:45:11 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Dokumente und Einstellungen\Hera\Anwendungsdaten\Mozilla\Firefox\Profiles\s7iw1c0r.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2013.01.31 15:36:54 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Hera\Anwendungsdaten\Mozilla\Firefox\Profiles\s7iw1c0r.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.11.11 11:48:09 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Dokumente und Einstellungen\Hera\Anwendungsdaten\Mozilla\Firefox\Profiles\s7iw1c0r.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} [2012.10.13 16:44:22 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Dokumente und Einstellungen\Hera\Anwendungsdaten\Mozilla\Firefox\Profiles\s7iw1c0r.default\extensions\de-DE@dictionaries.addons.mozilla.org [2012.05.21 04:53:03 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Dokumente und Einstellungen\Hera\Anwendungsdaten\Mozilla\Firefox\Profiles\s7iw1c0r.default\extensions\en-US@dictionaries.addons.mozilla.org [2012.09.18 13:31:13 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Dokumente und Einstellungen\Hera\Anwendungsdaten\Mozilla\Firefox\Profiles\s7iw1c0r.default\extensions\foxmarks@kei.com [2013.01.25 11:14:12 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Dokumente und Einstellungen\Hera\Anwendungsdaten\Mozilla\Firefox\Profiles\s7iw1c0r.default\extensions\ich@maltegoetz.de [2013.02.05 20:23:29 | 000,000,000 | ---D | M] (LavaFox V2-Green) -- C:\Dokumente und Einstellungen\Hera\Anwendungsdaten\Mozilla\Firefox\Profiles\s7iw1c0r.default\extensions\zigboom@ymail.com [2012.08.27 18:46:12 | 000,230,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Hera\Anwendungsdaten\Mozilla\Firefox\Profiles\s7iw1c0r.default\extensions\exif_viewer@mozilla.doslash.org.xpi [2013.01.26 19:34:53 | 000,373,758 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Hera\Anwendungsdaten\Mozilla\Firefox\Profiles\s7iw1c0r.default\extensions\firefox@unfriendfinder.com.xpi [2012.03.07 21:51:23 | 000,020,772 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Hera\Anwendungsdaten\Mozilla\Firefox\Profiles\s7iw1c0r.default\extensions\histogramviewer@davidfichtmueller.de.xpi [2012.03.07 21:51:23 | 000,079,135 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Hera\Anwendungsdaten\Mozilla\Firefox\Profiles\s7iw1c0r.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2012.03.07 21:51:23 | 000,022,643 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Hera\Anwendungsdaten\Mozilla\Firefox\Profiles\s7iw1c0r.default\extensions\{5b1fdac4-a239-4933-9c52-b65a2a720b75}.xpi [2012.04.15 16:16:52 | 000,022,956 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Hera\Anwendungsdaten\Mozilla\Firefox\Profiles\s7iw1c0r.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}.xpi [2012.12.11 18:40:20 | 000,036,098 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Hera\Anwendungsdaten\Mozilla\Firefox\Profiles\s7iw1c0r.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.02.16 14:17:48 | 000,817,280 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Hera\Anwendungsdaten\Mozilla\Firefox\Profiles\s7iw1c0r.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.03.07 21:51:24 | 000,434,392 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Hera\Anwendungsdaten\Mozilla\Firefox\Profiles\s7iw1c0r.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2012.11.29 17:34:06 | 000,077,690 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Hera\Anwendungsdaten\Mozilla\Firefox\Profiles\s7iw1c0r.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi [2013.03.01 11:05:35 | 000,269,007 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Hera\Anwendungsdaten\Mozilla\Firefox\Profiles\s7iw1c0r.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013.01.07 22:16:31 | 000,304,450 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Hera\Anwendungsdaten\Mozilla\Firefox\Profiles\s7iw1c0r.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}.xpi [2013.03.11 14:20:36 | 000,002,112 | ---- | M] () -- C:\Dokumente und Einstellungen\Hera\Anwendungsdaten\Mozilla\Firefox\Profiles\s7iw1c0r.default\searchplugins\wot-safe-search.xml [2013.02.06 14:33:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.03.09 19:38:20 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll [2012.02.16 12:02:53 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.22 15:10:34 | 000,003,661 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\avg-secure-search.xml [2012.08.29 16:41:46 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.02.16 12:02:53 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.02.16 12:02:53 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.16 12:02:53 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.16 12:02:53 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google  riginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParam eter}, CHR - homepage: hxxp://start.iminent.com/?appId=47D13F33-9268-4C9F-A708-17AA44CC659B CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\25.0.1364.172\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Programme\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Programme\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: AdobeAAMDetect (Enabled) = C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U15 (Enabled) = C:\Programme\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Programme\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw_1168638.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\windows\system32\npDeployJava1.dll CHR - Extension: Google Docs = C:\Dokumente und Einstellungen\Hera\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: AdBlock = C:\Dokumente und Einstellungen\Hera\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\ O1 HOSTS File: ([2012.03.09 14:24:17 | 000,000,853 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\PC Tools Internet Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\PC Tools Internet Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Programme\Delta\delta\1.8.10.0\deltaTlbr.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\PC Tools Internet Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Programme\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe File not found O4 - HKLM..\Run: [Alcmtr] C:\windows\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [DivXMediaServer] C:\Programme\DivX\DivX Media Server\DivXMediaServer.exe () O4 - HKLM..\Run: [DivXUpdate] "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW File not found O4 - HKLM..\Run: [EzPrint] C:\Programme\Lexmark 5600-6600 Series\ezprint.exe (Lexmark International Inc.) O4 - HKLM..\Run: [ISTray] C:\Programme\PC Tools Internet Security\pctsTray.exe (PC Tools) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [lxdumon.exe] C:\Programme\Lexmark 5600-6600 Series\lxdumon.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nview\nwiz.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [VirtualCloneDrive] C:\Programme\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) O4 - HKLM..\Run: [WTClient] C:\windows\System32\WTClient.exe (Tablet Driver) O4 - HKCU..\Run: [bluebirds] C:\Dokumente und Einstellungen\Hera\Bluebirds\BlueBirds.exe (LG Electronics) O4 - HKCU..\Run: [KiesPreload] C:\Programme\Samsung\Kies\Kies.exe (Samsung) O4 - HKCU..\Run: [SimpleScreenshot] File not found O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\Hera\Anwendungsdaten\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Hera\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8AB742E-FA36-497D-90B1-15F3F7006E42}: DhcpNameServer = 192.168.1.1 192.168.1.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\Antiwpa: DllName - (C:\windows\system32\antiwpa.dll) - C:\WINDOWS\system32\antiwpa.dll () O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Hera\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Hera\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.03.06 21:19:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{08bd8463-5670-11e2-89b3-00196645e96f}\Shell - "" = AutoRun O33 - MountPoints2\{08bd8463-5670-11e2-89b3-00196645e96f}\Shell\1\Command - "" = .\recycled\info.exe O33 - MountPoints2\{08bd8463-5670-11e2-89b3-00196645e96f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{08bd8463-5670-11e2-89b3-00196645e96f}\Shell\AutoRun\command - "" = C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\recycled\info.exe O33 - MountPoints2\{2969869a-0711-11e2-88d9-00196645e96f}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe O33 - MountPoints2\{f65c46dc-4b78-11e2-8987-00196645e96f}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.03.15 22:21:44 | 000,000,000 | ---D | C] -- C:\windows\LastGood [2013.03.15 22:03:53 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Hera\Desktop\systeminfo.exe [2013.03.15 18:53:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hera\Anwendungsdaten\Malwarebytes [2013.03.15 18:52:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2013.03.15 18:52:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.03.15 18:52:08 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2013.03.15 18:52:08 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.03.15 18:43:10 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Hera\Desktop\mbam-setup-1.70.0.1100.exe [2013.03.15 18:29:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Hera\Desktop\OTL.exe [2013.03.15 15:03:50 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group [2013.03.15 15:02:44 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard [2013.03.15 14:36:07 | 000,726,464 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Dokumente und Einstellungen\Hera\Desktop\SpyHunter-Installer.exe [2013.03.15 14:32:41 | 000,716,336 | ---- | C] (Reimage®) -- C:\Dokumente und Einstellungen\Hera\Desktop\ReimageRepair.exe [2013.03.14 17:28:19 | 000,000,000 | ---D | C] -- C:\Programme\Lucis Pro [2013.03.14 17:28:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Lucis Pro [2013.03.14 17:22:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect [2013.03.14 17:21:19 | 000,000,000 | ---D | C] -- C:\Programme\Delta [2013.03.14 17:21:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hera\Anwendungsdaten\Delta [2013.03.14 17:18:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon [2013.03.14 17:17:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hera\Anwendungsdaten\Babylon [2013.03.14 17:17:38 | 000,000,000 | ---D | C] -- C:\Programme\GoforFiles [2013.03.14 17:17:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hera\Anwendungsdaten\GoforFiles [2013.03.14 14:18:05 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaws.exe [2013.03.14 14:17:57 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll [2013.03.14 14:17:14 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaw.exe [2013.03.14 14:17:14 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\System32\java.exe [2013.03.13 15:34:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hera\Anwendungsdaten\Lucis [2013.03.13 15:32:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lucis [2013.03.13 15:19:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Digital Element [2013.03.13 14:12:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hera\Anwendungsdaten\Imagenomic [2013.03.13 14:10:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Imagenomic [2013.03.13 14:10:58 | 000,000,000 | ---D | C] -- C:\Programme\Imagenomic [2013.03.13 01:53:44 | 016,486,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerInstaller.exe [2013.03.12 15:37:20 | 000,000,000 | ---D | C] -- D:\! LAUFWERK E\Eigene Dateien\Neuer Ordner (2) [2013.03.12 15:11:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hera\Desktop\Neuer Ordner [2013.03.12 04:02:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess [2013.03.11 17:29:50 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{54AE07EB-BBE5-4429-9DF3-C156DB112B54} [2013.03.11 17:29:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Topaz Labs [2013.03.11 17:27:44 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{7D1F40B1-FDA9-48B3-9A00-C43B98B6061B} [2013.03.11 16:28:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Reincubate [2013.03.11 16:28:28 | 000,000,000 | ---D | C] -- C:\Programme\Reincubate [2013.03.10 20:36:41 | 000,000,000 | ---D | C] -- C:\Programme\Topaz Labs [2013.03.10 20:36:41 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Topaz Labs [2013.03.10 20:32:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\PCToolsFirewallPlus [2013.03.10 20:32:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Spam Monitor [2013.03.09 21:51:46 | 000,000,000 | ---D | C] -- C:\windows\System32\languages [2013.03.09 21:51:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ffdshow [2013.03.09 21:51:46 | 000,000,000 | ---D | C] -- C:\windows\System32\custom matrices [2013.03.09 21:50:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hera\Anwendungsdaten\Toolbar4 [2013.03.09 21:48:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hera\Lokale Einstellungen\Anwendungsdaten\Temp [2013.03.09 21:46:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer [2013.03.09 21:45:57 | 000,000,000 | ---D | C] -- C:\Programme\Movie2KDownloader.com [2013.03.09 21:45:50 | 000,000,000 | ---D | C] -- C:\Programme\hdvidcodec.com [2013.03.09 21:45:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hera\Startmenü\Programme\hdvidcodec.com [2013.03.09 18:29:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hera\Desktop\Neue Techniken [2013.02.25 22:08:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome [2013.02.25 22:06:52 | 000,000,000 | ---D | C] -- C:\Programme\Google [2013.02.25 22:06:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hera\Lokale Einstellungen\Anwendungsdaten\Google [2013.02.21 21:37:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hera\.jordan [2013.02.21 17:42:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hera\Desktop\site [2013.02.21 14:56:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hera\Desktop\VK [7 C:\windows\System32\drivers\*.tmp files -> C:\windows\System32\drivers\*.tmp -> ] [4 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ] [4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.15 23:12:00 | 000,001,086 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.15 22:53:28 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.03.15 22:16:10 | 000,001,082 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.15 22:16:00 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat [2013.03.15 22:03:48 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Hera\Desktop\systeminfo.exe [2013.03.15 21:50:30 | 000,002,278 | ---- | M] () -- C:\windows\System32\wpa.dbl [2013.03.15 18:52:20 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.15 18:47:12 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Hera\Desktop\mbam-setup-1.70.0.1100.exe [2013.03.15 18:29:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Hera\Desktop\OTL.exe [2013.03.15 15:09:07 | 000,000,779 | ---- | M] () -- C:\Dokumente und Einstellungen\Hera\Desktop\Susi.lnk [2013.03.15 14:42:03 | 000,000,162 | ---- | M] () -- C:\windows\Reimage.ini [2013.03.15 14:40:24 | 000,000,897 | ---- | M] () -- C:\Dokumente und Einstellungen\Hera\Desktop\Install Bitdefender free trial.lnk [2013.03.15 14:37:50 | 000,726,464 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Dokumente und Einstellungen\Hera\Desktop\SpyHunter-Installer.exe [2013.03.15 14:32:52 | 000,716,336 | ---- | M] (Reimage®) -- C:\Dokumente und Einstellungen\Hera\Desktop\ReimageRepair.exe [2013.03.14 17:33:24 | 000,000,099 | ---- | M] () -- C:\windows\LucisPro.INI [2013.03.14 14:17:47 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\windows\System32\npDeployJava1.dll [2013.03.14 14:17:47 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\windows\System32\deployJava1.dll [2013.03.14 14:17:47 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaws.exe [2013.03.14 14:17:47 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaw.exe [2013.03.14 14:17:47 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\System32\java.exe [2013.03.14 14:17:47 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javacpl.cpl [2013.03.14 14:17:47 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll [2013.03.13 16:38:31 | 000,001,922 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Detail UsersGuide.pdf.lnk [2013.03.13 16:38:31 | 000,001,922 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Detail QuickStart.pdf.lnk [2013.03.13 15:29:41 | 000,018,775 | ---- | M] () -- C:\Dokumente und Einstellungen\Hera\Desktop\65583_421053271311449_1128110342_n_fhdr.jpg [2013.03.13 15:25:06 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Dynamic-Photo HDR 5.lnk [2013.03.13 14:53:36 | 000,131,072 | ---- | M] () -- C:\Dokumente und Einstellungen\Hera\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.03.13 02:53:21 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe [2013.03.13 02:53:21 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2013.03.13 02:53:20 | 016,486,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerInstaller.exe [2013.03.11 19:06:36 | 000,001,922 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ReMask UsersGuide.pdf.lnk [2013.03.11 19:06:36 | 000,001,922 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ReMask QuickStart.pdf.lnk [2013.03.11 18:43:11 | 000,001,922 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DeJPEG UsersGuide.pdf.lnk [2013.03.11 18:43:11 | 000,001,922 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DeJPEG QuickStart.pdf.lnk [2013.03.11 18:31:47 | 000,001,920 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Clean3 UsersGuide.pdf.lnk [2013.03.11 18:31:47 | 000,001,920 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Clean3 QuickStart.pdf.lnk [2013.03.11 16:28:29 | 000,000,831 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DMG Extractor.lnk [2013.03.10 23:33:33 | 000,022,531 | ---- | M] () -- C:\Dokumente und Einstellungen\Hera\Desktop\537667_496577437068185_1914324596_n.jpg [2013.03.10 18:05:23 | 000,047,389 | ---- | M] () -- C:\Dokumente und Einstellungen\Hera\Desktop\602761_494119107314018_1013947200_n.jpg [2013.03.09 23:33:33 | 000,070,053 | ---- | M] () -- C:\Dokumente und Einstellungen\Hera\Desktop\post2.jpg [2013.03.09 21:55:41 | 000,000,806 | ---- | M] () -- C:\windows\System32\InstallUtil.InstallLog [2013.03.09 21:51:56 | 000,053,363 | ---- | M] () -- C:\windows\System32\unins000.dat [2013.03.09 21:51:38 | 001,180,013 | ---- | M] () -- C:\windows\System32\unins000.exe [2013.03.06 14:52:16 | 002,076,840 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2013.03.04 20:20:11 | 000,265,543 | ---- | M] () -- C:\Dokumente und Einstellungen\Hera\Desktop\18261_4993617884402_234685390_n.jpg [2013.03.01 20:45:00 | 000,000,276 | ---- | M] () -- C:\windows\tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-162531612-1801674531-1003.job [2013.02.28 19:28:38 | 000,049,062 | ---- | M] () -- C:\Dokumente und Einstellungen\Hera\Desktop\482250_10151437455599641_1773683087_n.jpg [2013.02.24 15:04:46 | 000,056,932 | ---- | M] () -- C:\Dokumente und Einstellungen\Hera\Desktop\485084_435714776503815_819280474_n.jpg [2013.02.21 14:40:16 | 000,068,393 | ---- | M] () -- C:\Dokumente und Einstellungen\Hera\Desktop\800px-Pellicola_Cinematografica_Sotto.png [2013.02.21 14:40:11 | 000,068,647 | ---- | M] () -- C:\Dokumente und Einstellungen\Hera\Desktop\800px-Pellicola_Cinematografica_Sopra.png [2013.02.21 14:40:05 | 000,103,764 | ---- | M] () -- C:\Dokumente und Einstellungen\Hera\Desktop\Crystal_Project_film.png [2013.02.21 14:09:49 | 000,037,546 | ---- | M] () -- C:\Dokumente und Einstellungen\Hera\Desktop\facebooklogo.gif [2013.02.21 12:03:58 | 001,074,457 | ---- | M] () -- C:\Dokumente und Einstellungen\Hera\Desktop\bb4bdeea34730456bb1bb6fdc8589f0b.PDF [2013.02.21 12:03:02 | 000,210,900 | ---- | M] () -- C:\Dokumente und Einstellungen\Hera\Desktop\Bedienungsanleitung-SAMSUNG-SPF-85H-D.pdf [2013.02.20 16:08:02 | 000,036,718 | ---- | M] () -- C:\Dokumente und Einstellungen\Hera\Desktop\65583_421053271311449_1128110342_n.jpg [2013.02.19 22:44:02 | 000,059,986 | ---- | M] () -- C:\Dokumente und Einstellungen\Hera\Desktop\543879_408875949193136_837127103_n.jpg [2013.02.19 22:40:29 | 000,022,823 | ---- | M] () -- C:\Dokumente und Einstellungen\Hera\Desktop\542408_420808581333206_251006504_n.jpg [2013.02.19 22:19:14 | 000,100,693 | ---- | M] () -- C:\Dokumente und Einstellungen\Hera\Desktop\523636_438316406225814_1597992245_n.jpg [2013.02.19 20:07:09 | 000,492,861 | ---- | M] () -- C:\Dokumente und Einstellungen\Hera\Desktop\tumblr_m1r0wq4XT51r2kjgmo2_500.gif [2013.02.16 22:42:52 | 000,042,006 | ---- | M] () -- C:\Dokumente und Einstellungen\Hera\Desktop\426152_432750513466908_1025310220_n.jpg [2013.02.16 19:43:45 | 000,092,112 | ---- | M] () -- C:\Dokumente und Einstellungen\Hera\Desktop\hard-drive-western-digital-caviar-blue-160gb-sata-7200-rpm-8mb-cache-model-wd1600aajs-8mb-average-seek-operating-msec-65-msec-350-type-ad-179477.jpg [2013.02.16 19:43:37 | 000,293,992 | ---- | M] () -- C:\windows\System32\nvdrsdb1.bin [2013.02.16 19:43:37 | 000,000,001 | ---- | M] () -- C:\windows\System32\nvdrssel.bin [7 C:\windows\System32\drivers\*.tmp files -> C:\windows\System32\drivers\*.tmp -> ] [4 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ] [4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.15 22:14:56 | 000,060,928 | ---- | C] () -- C:\windows\System32\antiwpa.dll [2013.03.15 21:43:49 | 000,000,142 | ---- | C] () -- C:\Dokumente und Einstellungen\Hera\Desktop\SetOOBEActivated.reg [2013.03.15 21:43:49 | 000,000,071 | ---- | C] () -- C:\Dokumente und Einstellungen\Hera\Desktop\removewpalinks.bat [2013.03.15 18:52:20 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.15 14:40:24 | 000,000,897 | ---- | C] () -- C:\Dokumente und Einstellungen\Hera\Desktop\Install Bitdefender free trial.lnk [2013.03.15 14:32:59 | 000,000,162 | ---- | C] () -- C:\windows\Reimage.ini [2013.03.14 17:29:06 | 000,000,099 | ---- | C] () -- C:\windows\LucisPro.INI [2013.03.13 16:38:31 | 000,001,922 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Detail UsersGuide.pdf.lnk [2013.03.13 16:38:31 | 000,001,922 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Detail QuickStart.pdf.lnk [2013.03.13 15:29:41 | 000,018,775 | ---- | C] () -- C:\Dokumente und Einstellungen\Hera\Desktop\65583_421053271311449_1128110342_n_fhdr.jpg [2013.03.13 15:25:06 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Dynamic-Photo HDR 5.lnk [2013.03.13 14:59:46 | 000,000,974 | ---- | C] () -- C:\Dokumente und Einstellungen\Hera\Startmenü\Programme\Xenofex 2 Manual.lnk [2013.03.11 19:06:36 | 000,001,922 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ReMask UsersGuide.pdf.lnk [2013.03.11 19:06:36 | 000,001,922 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ReMask QuickStart.pdf.lnk [2013.03.11 18:43:11 | 000,001,922 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DeJPEG UsersGuide.pdf.lnk [2013.03.11 18:43:11 | 000,001,922 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DeJPEG QuickStart.pdf.lnk [2013.03.11 18:31:47 | 000,001,920 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Clean3 UsersGuide.pdf.lnk [2013.03.11 18:31:47 | 000,001,920 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Clean3 QuickStart.pdf.lnk [2013.03.11 16:28:29 | 000,000,831 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DMG Extractor.lnk [2013.03.10 23:33:31 | 000,022,531 | ---- | C] () -- C:\Dokumente und Einstellungen\Hera\Desktop\537667_496577437068185_1914324596_n.jpg [2013.03.10 18:05:15 | 000,047,389 | ---- | C] () -- C:\Dokumente und Einstellungen\Hera\Desktop\602761_494119107314018_1013947200_n.jpg [2013.03.09 21:51:46 | 000,001,695 | ---- | C] () -- C:\windows\System32\openIE.js [2013.03.09 21:51:45 | 001,525,248 | ---- | C] () -- C:\windows\System32\ff_samplerate.dll [2013.03.09 21:51:45 | 000,328,704 | ---- | C] () -- C:\windows\System32\ff_libfaad2.dll [2013.03.09 21:51:45 | 000,260,608 | ---- | C] () -- C:\windows\System32\TomsMoComp_ff.dll [2013.03.09 21:51:45 | 000,250,880 | ---- | C] () -- C:\windows\System32\ff_kernelDeint.dll [2013.03.09 21:51:45 | 000,212,480 | ---- | C] () -- C:\windows\System32\ff_libdts.dll [2013.03.09 21:51:45 | 000,158,720 | ---- | C] () -- C:\windows\System32\ff_unrar.dll [2013.03.09 21:51:45 | 000,146,944 | ---- | C] () -- C:\windows\System32\ff_libmad.dll [2013.03.09 21:51:45 | 000,137,728 | ---- | C] () -- C:\windows\System32\libmpeg2_ff.dll [2013.03.09 21:51:45 | 000,115,200 | ---- | C] () -- C:\windows\System32\ff_liba52.dll [2013.03.09 21:51:44 | 004,427,264 | ---- | C] () -- C:\windows\System32\ffmpeg.dll [2013.03.09 21:51:44 | 001,180,013 | ---- | C] () -- C:\windows\System32\unins000.exe [2013.03.09 21:51:43 | 000,053,363 | ---- | C] () -- C:\windows\System32\unins000.dat [2013.03.09 21:48:53 | 000,000,806 | ---- | C] () -- C:\windows\System32\InstallUtil.InstallLog [2013.03.09 01:22:24 | 000,070,053 | ---- | C] () -- C:\Dokumente und Einstellungen\Hera\Desktop\post2.jpg [2013.03.04 20:20:08 | 000,265,543 | ---- | C] () -- C:\Dokumente und Einstellungen\Hera\Desktop\18261_4993617884402_234685390_n.jpg [2013.02.28 19:28:35 | 000,049,062 | ---- | C] () -- C:\Dokumente und Einstellungen\Hera\Desktop\482250_10151437455599641_1773683087_n.jpg [2013.02.25 22:07:01 | 000,001,086 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.25 22:06:59 | 000,001,082 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.24 18:48:24 | 000,056,932 | ---- | C] () -- C:\Dokumente und Einstellungen\Hera\Desktop\485084_435714776503815_819280474_n.jpg [2013.02.21 14:40:15 | 000,068,393 | ---- | C] () -- C:\Dokumente und Einstellungen\Hera\Desktop\800px-Pellicola_Cinematografica_Sotto.png [2013.02.21 14:40:10 | 000,068,647 | ---- | C] () -- C:\Dokumente und Einstellungen\Hera\Desktop\800px-Pellicola_Cinematografica_Sopra.png [2013.02.21 14:40:04 | 000,103,764 | ---- | C] () -- C:\Dokumente und Einstellungen\Hera\Desktop\Crystal_Project_film.png [2013.02.21 14:09:47 | 000,037,546 | ---- | C] () -- C:\Dokumente und Einstellungen\Hera\Desktop\facebooklogo.gif [2013.02.21 12:03:56 | 001,074,457 | ---- | C] () -- C:\Dokumente und Einstellungen\Hera\Desktop\bb4bdeea34730456bb1bb6fdc8589f0b.PDF [2013.02.21 12:03:01 | 000,210,900 | ---- | C] () -- C:\Dokumente und Einstellungen\Hera\Desktop\Bedienungsanleitung-SAMSUNG-SPF-85H-D.pdf [2013.02.20 15:46:52 | 000,036,718 | ---- | C] () -- C:\Dokumente und Einstellungen\Hera\Desktop\65583_421053271311449_1128110342_n.jpg [2013.02.19 22:44:01 | 000,059,986 | ---- | C] () -- C:\Dokumente und Einstellungen\Hera\Desktop\543879_408875949193136_837127103_n.jpg [2013.02.19 22:40:28 | 000,022,823 | ---- | C] () -- C:\Dokumente und Einstellungen\Hera\Desktop\542408_420808581333206_251006504_n.jpg [2013.02.19 22:19:10 | 000,100,693 | ---- | C] () -- C:\Dokumente und Einstellungen\Hera\Desktop\523636_438316406225814_1597992245_n.jpg [2013.02.19 20:07:06 | 000,492,861 | ---- | C] () -- C:\Dokumente und Einstellungen\Hera\Desktop\tumblr_m1r0wq4XT51r2kjgmo2_500.gif [2013.02.16 22:42:51 | 000,042,006 | ---- | C] () -- C:\Dokumente und Einstellungen\Hera\Desktop\426152_432750513466908_1025310220_n.jpg [2013.01.09 18:45:19 | 000,001,096 | ---- | C] () -- C:\windows\wininit.ini [2012.12.23 18:01:07 | 000,767,952 | ---- | C] () -- C:\windows\BDTSupport.dll [2012.12.23 14:22:09 | 000,054,577 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1356268922.bdinstall.bin [2012.12.23 14:19:39 | 000,557,190 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1356267957.bdinstall.bin [2012.09.25 14:33:48 | 000,102,960 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2012.09.23 14:51:28 | 000,040,960 | ---- | C] () -- C:\windows\System32\lxduvs.dll [2012.09.23 14:51:27 | 000,360,448 | ---- | C] () -- C:\windows\System32\lxducoin.dll [2012.09.23 14:50:54 | 001,036,288 | ---- | C] () -- C:\windows\System32\lxdudrs.dll [2012.09.23 14:50:54 | 000,081,920 | ---- | C] () -- C:\windows\System32\lxducaps.dll [2012.09.23 14:50:54 | 000,069,632 | ---- | C] () -- C:\windows\System32\lxducnv4.dll [2012.09.23 14:49:57 | 001,069,056 | ---- | C] ( ) -- C:\windows\System32\lxduserv.dll [2012.09.23 14:49:57 | 000,851,968 | ---- | C] ( ) -- C:\windows\System32\lxduusb1.dll [2012.09.23 14:49:57 | 000,765,952 | ---- | C] ( ) -- C:\windows\System32\lxducomc.dll [2012.09.23 14:49:57 | 000,679,936 | ---- | C] ( ) -- C:\windows\System32\lxduhbn3.dll [2012.09.23 14:49:57 | 000,651,264 | ---- | C] ( ) -- C:\windows\System32\lxdupmui.dll [2012.09.23 14:49:57 | 000,594,600 | ---- | C] ( ) -- C:\windows\System32\lxducoms.exe [2012.09.23 14:49:57 | 000,577,536 | ---- | C] ( ) -- C:\windows\System32\lxdulmpm.dll [2012.09.23 14:49:57 | 000,438,272 | ---- | C] ( ) -- C:\windows\System32\LXDUhcp.dll [2012.09.23 14:49:57 | 000,389,120 | ---- | C] () -- C:\windows\System32\LXDUinst.dll [2012.09.23 14:49:57 | 000,376,832 | ---- | C] ( ) -- C:\windows\System32\lxducomm.dll [2012.09.23 14:49:57 | 000,369,320 | ---- | C] ( ) -- C:\windows\System32\lxducfg.exe [2012.09.23 14:49:57 | 000,364,544 | ---- | C] ( ) -- C:\windows\System32\lxduinpa.dll [2012.09.23 14:49:57 | 000,339,968 | ---- | C] ( ) -- C:\windows\System32\lxduiesc.dll [2012.09.23 14:49:57 | 000,328,360 | ---- | C] ( ) -- C:\windows\System32\lxduih.exe [2012.09.23 14:49:57 | 000,208,896 | ---- | C] () -- C:\windows\System32\lxdugrd.dll [2012.08.28 09:04:34 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll [2012.08.28 09:04:34 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll [2012.08.28 09:04:34 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll [2012.08.28 09:04:34 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe [2012.08.28 09:04:32 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll [2012.06.26 22:06:02 | 000,051,712 | ---- | C] () -- C:\windows\System32\coodest.dll [2012.04.21 11:54:46 | 000,767,952 | ---- | C] () -- C:\windows\BDTSupport.dll.old [2012.04.15 16:21:23 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Hera\PUTTY.RND [2012.04.06 12:18:16 | 000,000,013 | ---- | C] () -- C:\windows\System32\nvModes.dat [2012.03.17 15:29:09 | 000,000,038 | ---- | C] () -- C:\windows\AviSplitter.INI [2012.03.09 17:06:14 | 000,131,072 | ---- | C] () -- C:\Dokumente und Einstellungen\Hera\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.07 20:29:28 | 000,000,000 | ---- | C] () -- C:\windows\OpPrintServer.INI [2012.03.07 16:19:20 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI [2012.03.07 15:54:24 | 000,293,992 | ---- | C] () -- C:\windows\System32\nvdrsdb0.bin [2012.03.07 15:54:19 | 000,293,992 | ---- | C] () -- C:\windows\System32\nvdrsdb1.bin [2012.03.07 15:54:19 | 000,000,001 | ---- | C] () -- C:\windows\System32\nvdrssel.bin [2012.03.07 15:53:56 | 002,784,050 | ---- | C] () -- C:\windows\System32\nvdata.data [2012.03.07 14:49:08 | 000,060,928 | R--- | C] () -- C:\windows\System32\antiwpa.dll10F147 [2012.03.07 11:20:50 | 000,000,664 | ---- | C] () -- C:\windows\System32\d3d9caps.dat [2012.03.06 21:26:21 | 000,143,360 | ---- | C] () -- C:\windows\System32\RtlCPAPI.dll [2012.03.06 21:26:21 | 000,049,152 | ---- | C] () -- C:\windows\System32\ChCfg.exe [2012.03.06 21:20:52 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat [2012.03.06 21:16:36 | 000,021,740 | ---- | C] () -- C:\windows\System32\emptyregdb.dat [2012.03.06 21:10:39 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI [2012.03.06 21:07:56 | 002,076,840 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT [2011.07.10 03:43:59 | 000,159,744 | ---- | C] () -- C:\windows\System32\mschcword.dll [2011.03.29 23:17:10 | 000,316,928 | ---- | C] () -- C:\windows\System32\HDREfexProFC32.dll ========== ZeroAccess Check ========== [2012.03.07 21:14:04 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 06:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008.04.14 06:52:12 | 000,472,064 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 06:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\windows\$NtUninstallKB34546$] -> Error: Cannot create file handle -> Unknown point type ========== Alternate Data Streams ========== @Alternate Data Stream - 256 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:430C6D84 @Alternate Data Stream - 192 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8927A071 @Alternate Data Stream - 131 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP  FC5A2B2@Alternate Data Stream - 100 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5160F090 < End of report > Liebe Grüße und Danke im Voraus!  |
|
16.03.2013, 00:10
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | sirefef.gen c Hallo und
__________________ Zitat:
Sry aber bei illegaler Software gibt es hier nur noch Hilfe zur Datensicherung + Neuinstallation von Windows - und besorg dir ein legales Windows! Siehe auch => http://www.trojaner-board.de/95393-c...-software.html Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden. Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!! Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein! In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________ |
|
| Themen zu sirefef.gen c |
| adblock, adobe, applaus, bho, browser, converter, defender, delta toolbar, einstellungen, enigma, error, explorer, firefox, flash player, fontcache, format, google, home, installation, logfile, mozilla, nvidia, plug-in, realtek, registry, rundll, safer networking, scan, security, software, system, tablet, tarma, temp |
Linear-Darstellung
