| |
| |||||||
Log-Analyse und Auswertung: TR/Crypt.XPACK.Gen auf Laptop gefunden. Wie entfernen?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
04.06.2013, 01:27
| #1 | |||
| |  TR/Crypt.XPACK.Gen auf Laptop gefunden. Wie entfernen? Hallo TrojanerBoard Team habe wie auch auch Shanti7 http://www.trojaner-board.de/135946-...entfernen.html TR/Crypt.XPack.Gen auf meinem Laptop. Ca. alle 5-10 Sekunden popen die Fehlerhinweise Zitat:
Zitat:
In beiden Fehlermeldung heißt es folglich: Zitat:
Zudem sollte ich vielleicht noch anfügen, dass ich absoluter Pc/Laptop Laie bin. Danke schon mal für die Hilfe Chris Hier die Avira Ergebnisse: Code:
ATTFilter xportierte Ereignisse:
03.06.2013 23:42 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Christopher\AppData\Roaming\WindowsFiless\usft_ext.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
03.06.2013 23:40 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Christopher\AppData\Roaming\-1036471146\sidebar.exe'
wurde ein Virus oder unerwünschtes Programm 'BDS/Androm.tzg' [backdoor]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
03.06.2013 23:40 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Christopher\AppData\Roaming\-1036471146\sidebar.exe'
wurde ein Virus oder unerwünschtes Programm 'BDS/Androm.tzg' [backdoor]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
03.06.2013 23:40 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Christopher\AppData\Roaming\-1036471146\sidebar.exe'
wurde ein Virus oder unerwünschtes Programm 'BDS/Androm.tzg' [backdoor]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
03.06.2013 23:39 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Christopher\AppData\Roaming\ie_util.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Ransom.Blocker.bgtk'
[trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5595998b.qua'
verschoben!
03.06.2013 23:37 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Christopher\AppData\Roaming\-1036471146\sidebar.exe'
wurde ein Virus oder unerwünschtes Programm 'BDS/Androm.tzg' [backdoor]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
03.06.2013 23:36 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Christopher\AppData\Roaming\-1036471146\sidebar.exe'
wurde ein Virus oder unerwünschtes Programm 'BDS/Androm.tzg' [backdoor]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
Code:
ATTFilter TL logfile created on: 04.06.2013 01:37:44 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christopher\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,96 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 54,32% Memory free 8,13 Gb Paging File | 6,16 Gb Available in Paging File | 75,78% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 283,40 Gb Total Space | 46,29 Gb Free Space | 16,33% Space Free | Partition Type: NTFS Drive D: | 14,65 Gb Total Space | 6,28 Gb Free Space | 42,84% Space Free | Partition Type: NTFS Computer Name: CHRISTOPHER-PC | User Name: Christopher | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Christopher\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Christopher\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Users\Christopher\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Users\Christopher\AppData\Roaming\Mala\kyofy.exe (Sysinternals) PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe () PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks) PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation) PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) PRC - C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) ========== Modules (No Company Name) ========== MOD - C:\Users\Christopher\AppData\Roaming\Dropbox\bin\libcef.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll () MOD - C:\Users\Christopher\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll () ========== Services (SafeList) ========== SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe (IDT, Inc.) SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe (Andrea Electronics Corporation) SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.) SRV:64bit: - (msvsmon90) -- c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll () SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe () SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe () SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (sprtsvc_DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (BrSerIb) -- C:\Windows\SysNative\DRIVERS\BrSerIb.sys (Brother Industries Ltd.) DRV:64bit: - (BrUsbSIb) -- C:\Windows\SysNative\DRIVERS\BrUsbSIb.sys (Brother Industries Ltd.) DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys (Creative Technology Ltd.) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (OA008Vid) -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys (Creative Technology Ltd.) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.) DRV:64bit: - (OA008Ufd) -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys (Creative Technology Ltd.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\DRIVERS\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (NETw5v64) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation) DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys (REDC) DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys (REDC) DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys (REDC) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys (Microsoft Corporation) DRV:64bit: - (e1express) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {fc600575-3013-4e8e-941c-4b00dafce730} - C:\Program Files (x86)\myBabylon_English4\tbmyBa.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a2eba07e-17d8-4e21-a405-c252ff8e940c&searchtype=ds&q={searchTerms}&installDate={installDate} IE - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a2eba07e-17d8-4e21-a405-c252ff8e940c&searchtype=ds&q={searchTerms}&installDate={installDate} IE - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a2eba07e-17d8-4e21-a405-c252ff8e940c&searchtype=hp&installDate={installDate} IE - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a2eba07e-17d8-4e21-a405-c252ff8e940c&searchtype=ds&q={searchTerms}&installDate={installDate} IE - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a2eba07e-17d8-4e21-a405-c252ff8e940c&searchtype=ds&q={searchTerms}&installDate={installDate} IE - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\..\URLSearchHook: {fc600575-3013-4e8e-941c-4b00dafce730} - C:\Program Files (x86)\myBabylon_English4\tbmyBa.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a2eba07e-17d8-4e21-a405-c252ff8e940c&searchtype=ds&q={searchTerms}&installDate={installDate} IE - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox IE - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://isearch.babylon.com/web/{searchTerms}?babsrc=browsersearch IE - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_de IE - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-flv IE - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local> ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Web Search" FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledAddons: FF_AddOn%40viewtubes.de:3.2.0 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.10 FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8 FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3.4 FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.4.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a2eba07e-17d8-4e21-a405-c252ff8e940c&searchtype=ds&installDate={installDate}&q=" FF - prefs.js..network.proxy.autoconfig_url: "chrome://viewtubes/content/viewtubes_false.pac" FF - prefs.js..network.proxy.type: 2 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@graphisoft.com/GDL Web Plug-in: C:\Program Files (x86)\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll (Graphisoft SE) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Christopher\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.01.20 17:34:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.11.20 20:09:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.25 00:25:50 | 000,000,000 | ---D | M] [2010.08.20 12:24:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christopher\AppData\Roaming\mozilla\Extensions [2013.06.01 13:45:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christopher\AppData\Roaming\mozilla\Firefox\Profiles\v2ag0v2z.default\extensions [2012.08.29 19:42:01 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Christopher\AppData\Roaming\mozilla\Firefox\Profiles\v2ag0v2z.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}(171) [2013.04.06 17:05:02 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Christopher\AppData\Roaming\mozilla\Firefox\Profiles\v2ag0v2z.default\extensions\ich@maltegoetz.de [2012.10.11 21:33:09 | 000,012,042 | ---- | M] () (No name found) -- C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\v2ag0v2z.default\extensions\FF_AddOn@viewtubes.de.xpi [2013.04.23 22:59:34 | 000,050,424 | ---- | M] () (No name found) -- C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\v2ag0v2z.default\extensions\groovesharkUnlocker@overlord1337.xpi [2013.06.01 13:45:55 | 000,004,503 | ---- | M] () (No name found) -- C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\v2ag0v2z.default\extensions\youtubeunblocker@unblocker.yt.xpi [2012.04.22 11:43:09 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\v2ag0v2z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012.12.24 02:52:12 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\v2ag0v2z.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.05.13 01:12:47 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\v2ag0v2z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.04.22 11:47:21 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\v2ag0v2z.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2010.09.29 16:34:10 | 000,000,873 | ---- | M] () -- C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\v2ag0v2z.default\searchplugins\conduit.xml [2013.03.07 23:44:01 | 000,021,695 | ---- | M] () -- C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\v2ag0v2z.default\searchplugins\Web Search.xml [2013.05.25 00:25:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.05.25 00:25:49 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.05.25 00:25:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.25 00:25:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010.03.27 19:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll [2012.02.23 01:43:06 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll ========== Chrome ========== CHR - default_search_provider: Live Search () CHR - default_search_provider: search_url = hxxp://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?} CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.google.com/ O1 HOSTS File: ([2013.05.08 14:32:50 | 000,001,367 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 adobe.activate.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 130.83.168.11 zeus-1 O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O2 - BHO: (myBabylon English4 Toolbar) - {fc600575-3013-4e8e-941c-4b00dafce730} - C:\Program Files (x86)\myBabylon_English4\tbmyBa.dll (Conduit Ltd.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (myBabylon English4 Toolbar) - {fc600575-3013-4e8e-941c-4b00dafce730} - C:\Program Files (x86)\myBabylon_English4\tbmyBa.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\..\Toolbar\WebBrowser: (no name) - {22E03916-85C5-44B0-8DC9-1830C11238D9} - No CLSID value found. O3 - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O3 - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-3245422325-1982515113-604505586-1000\..\Toolbar\WebBrowser: (myBabylon English4 Toolbar) - {FC600575-3013-4E8E-941C-4B00DAFCE730} - C:\Program Files (x86)\myBabylon_English4\tbmyBa.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" File not found O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3245422325-1982515113-604505586-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-3245422325-1982515113-604505586-1000..\Run: [brah] C:\Users\Christopher\AppData\Roaming\brah\sit.bat () O4 - HKU\S-1-5-21-3245422325-1982515113-604505586-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-3245422325-1982515113-604505586-1000..\Run: [GameShadow] C:\Program Files (x86)\GameShadow\GameShadow.exe /q File not found O4 - HKU\S-1-5-21-3245422325-1982515113-604505586-1000..\Run: [goze.exe] C:\Users\Christopher\AppData\Roaming\Weiny\goze.exe File not found O4 - HKU\S-1-5-21-3245422325-1982515113-604505586-1000..\Run: [ICQ] "C:\Program Files (x86)\ICQ6.5\ICQ.exe" silent File not found O4 - HKU\S-1-5-21-3245422325-1982515113-604505586-1000..\Run: [Qilocyebo] C:\Users\Christopher\AppData\Roaming\Mala\kyofy.exe (Sysinternals) O4 - HKU\S-1-5-21-3245422325-1982515113-604505586-1000..\Run: [Spotify Web Helper] C:\Users\Christopher\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKU\S-1-5-21-3245422325-1982515113-604505586-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks) O4 - Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found O4 - Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Christopher\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk = C:\Users\Christopher\AppData\Roaming\WindowsFiless\usft_ext.exe.vbs () O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Christopher\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Christopher\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Christopher\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Christopher\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F80C0622-229D-4773-9137-4F421C7402EA}: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.05.18 21:34:37 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - Unable to obtain root file information for disk D:\ O33 - MountPoints2\{591147f0-0f6a-11e1-80b2-a7d187efc6e1}\Shell - "" = AutoRun O33 - MountPoints2\{591147f0-0f6a-11e1-80b2-a7d187efc6e1}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6921D607-0F40-02DD-9F85-A6712BCDF973} - Themes Setup ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {94E886D0-D7C1-F1B9-F680-976461F589C3} - ActiveX:64bit: {C42B2696-2496-4676-5DE7-5FFC2F24D96E} - Microsoft Windows Media Player ActiveX:64bit: {C82A66B2-51BB-E161-8B12-57F75AE95A62} - Microsoft Windows Media Player 11.0 ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX:64bit: {D32B94F3-4AE7-8706-749F-C9E79E20E54A} - Microsoft Windows Media Player ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6C3804DB-4145-B885-C8CA-784C8732A1F3} - Internet Explorer ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {733CF723-9022-65DA-195F-37C97E321EB7} - Themes Setup ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {8A21B43C-8D7D-B32F-6744-8655E8984D21} - Internet Explorer ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94DE1266-E783-ED83-0DD7-4A26C076E50D} - Microsoft Windows Media Player ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - - File not found MsConfig:64bit - StartUpFolder: C:^Users^Christopher^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^runctf.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation) MsConfig:64bit - StartUpReg: Akamai NetSession Interface - hkey= - key= - C:\Users\Christopher\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) MsConfig:64bit - StartUpReg: BrMfcWnd - hkey= - key= - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) MsConfig:64bit - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) MsConfig:64bit - StartUpReg: Dell DataSafe Online - hkey= - key= - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () MsConfig:64bit - StartUpReg: IJNetworkScanUtility - hkey= - key= - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) MsConfig:64bit - StartUpReg: IndexSearch - hkey= - key= - C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) MsConfig:64bit - StartUpReg: PaperPort PTD - hkey= - key= - C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) MsConfig:64bit - StartUpReg: PPort11reminder - hkey= - key= - C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) MsConfig:64bit - StartUpReg: SightSpeed - hkey= - key= - C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.) MsConfig:64bit - StartUpReg: SSBkgdUpdate - hkey= - key= - C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) MsConfig:64bit - StartUpReg: Windows Defender - hkey= - key= - C:\Program Files\Windows Defender\MSASCui.exe () MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.06.04 00:24:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christopher\Desktop\OTL.exe [2013.06.03 23:36:00 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Roaming\Avira [2013.06.03 23:30:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.06.03 23:29:57 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.06.03 23:29:57 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.06.03 23:29:57 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.06.03 23:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.06.03 23:29:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.06.02 18:44:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dropbox [2013.06.02 18:37:31 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Roaming\WindowsFiless [2013.06.02 18:33:24 | 000,000,000 | RHSD | C] -- C:\Users\Christopher\AppData\Roaming\-1036471146 [2013.06.02 18:33:19 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Roaming\brah [2013.05.29 09:34:21 | 000,000,000 | ---D | C] -- C:\Users\Christopher\Desktop\Studie [2013.05.27 21:06:38 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Roaming\Ykowem [2013.05.27 21:06:37 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Roaming\Waqa [2013.05.27 21:06:37 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Roaming\Mala [2013.05.25 00:25:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.18 21:38:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared [2013.05.14 14:50:55 | 000,000,000 | ---D | C] -- C:\Users\Christopher\Desktop\Bilder Ausstellung [2013.05.07 15:42:12 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Roaming\OpenOffice.org [2013.05.07 15:41:36 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2013.05.07 15:39:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3 [2013.05.07 15:37:35 | 000,000,000 | ---D | C] -- C:\Users\Christopher\Desktop\OpenOffice.org 3.4.1 (de) Installation Files [2013.05.07 15:02:55 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2013.05.07 14:41:50 | 000,000,000 | ---D | C] -- C:\Users\Christopher\Desktop\Pavillon Fellbach [1 C:\Users\Christopher\Desktop\*.tmp files -> C:\Users\Christopher\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.04 01:21:06 | 000,000,962 | ---- | M] () -- C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk [2013.06.04 01:19:08 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.04 01:19:08 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.04 01:19:07 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job [2013.06.04 01:18:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.04 01:18:53 | 4258,115,584 | -HS- | M] () -- C:\hiberfil.sys [2013.06.04 01:17:43 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.06.04 00:24:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christopher\Desktop\OTL.exe [2013.06.03 23:30:12 | 000,001,903 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.06.03 23:25:32 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.06.03 22:56:27 | 009,084,416 | ---- | M] () -- C:\Users\Christopher\Desktop\Lageplan2.pln [2013.06.03 22:44:22 | 009,084,416 | ---- | M] () -- C:\Users\Christopher\Desktop\Lageplan2.bpn [2013.06.03 21:54:41 | 000,315,242 | ---- | M] () -- C:\Users\Christopher\Desktop\Lageplan2.pdf [2013.06.02 18:45:07 | 000,000,959 | ---- | M] () -- C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.05.31 17:55:19 | 000,675,222 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.31 17:55:19 | 000,635,306 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.31 17:55:19 | 000,119,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.31 17:55:18 | 001,568,904 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.31 17:55:18 | 000,145,858 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.30 16:52:19 | 000,274,884 | ---- | M] () -- C:\Users\Christopher\Desktop\ideepodest.skp [2013.05.30 12:29:07 | 004,702,277 | ---- | M] () -- C:\Users\Christopher\Desktop\bamboo.dwg [2013.05.30 12:23:42 | 002,556,038 | ---- | M] () -- C:\Users\Christopher\Desktop\bamboo3.dxf [2013.05.30 12:17:57 | 002,229,687 | ---- | M] () -- C:\Users\Christopher\Desktop\bamboo2.dxf [2013.05.30 12:12:57 | 000,088,141 | ---- | M] () -- C:\Users\Christopher\Desktop\bamboo.dxf [2013.05.21 20:40:51 | 000,025,278 | ---- | M] () -- C:\Users\Christopher\Desktop\schrank.jpg [2013.05.21 10:34:56 | 000,141,608 | ---- | M] () -- C:\Users\Christopher\Desktop\Stuttgart.wea [2013.05.21 10:32:41 | 000,243,613 | ---- | M] () -- C:\Users\Christopher\Desktop\DEU_Stuttgart.107380_IWEC(1).zip [2013.05.18 21:36:46 | 000,001,059 | ---- | M] () -- C:\Users\Christopher\Desktop\Ecotect Analysis 2011.lnk [2013.05.18 21:34:23 | 053,035,316 | ---- | M] () -- C:\Users\Christopher\Desktop\Autodesk_Ecotect_Analysis_2011_English_Win_32bit_r2.exe [2013.05.16 23:41:37 | 000,000,680 | ---- | M] () -- C:\Users\Christopher\AppData\Local\d3d9caps.dat [2013.05.16 03:40:15 | 004,976,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.08 15:47:54 | 002,508,964 | ---- | M] () -- C:\Users\Christopher\Desktop\Unbenanntes_Panorama5.jpg [2013.05.08 15:43:34 | 002,703,584 | ---- | M] () -- C:\Users\Christopher\Desktop\Unbenanntes_Panorama4.jpg [2013.05.08 15:39:04 | 002,711,193 | ---- | M] () -- C:\Users\Christopher\Desktop\Unbenanntes_Panorama2.jpg [2013.05.08 15:36:58 | 002,435,373 | ---- | M] () -- C:\Users\Christopher\Desktop\Unbenanntes_Panorama3.jpg [2013.05.08 15:10:48 | 000,112,128 | ---- | M] () -- C:\Users\Christopher\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.05.08 14:34:17 | 000,001,422 | ---- | M] () -- C:\Users\Christopher\Desktop\Fachgebiet - Verknüpfung.lnk [2013.05.08 08:54:38 | 004,528,412 | ---- | M] () -- C:\Users\Christopher\Desktop\KELLER_TechnProspekt_mw_2013.pdf [2013.05.08 08:50:37 | 000,765,816 | ---- | M] () -- C:\Users\Christopher\Desktop\Technisches_Datenblatt_MW4__De.pdf [2013.05.08 08:50:30 | 001,264,640 | ---- | M] () -- C:\Users\Christopher\Desktop\Technisches_Datenblatt_MW_De_01.pdf [2013.05.08 08:46:48 | 000,652,997 | ---- | M] () -- C:\Users\Christopher\Desktop\Minimal Window 3.jpg [2013.05.08 08:45:32 | 000,561,859 | ---- | M] () -- C:\Users\Christopher\Desktop\Minimal Window 2.jpg [2013.05.08 08:43:59 | 000,746,393 | ---- | M] () -- C:\Users\Christopher\Desktop\Minimal Window 1.jpg [2013.05.08 08:42:17 | 000,605,896 | ---- | M] () -- C:\Users\Christopher\Desktop\Minimal Window 4.jpg [2013.05.07 17:13:57 | 000,001,850 | ---- | M] () -- C:\Users\Christopher\Desktop\P258_PaF_Pavillon Fellbach - Verknüpfung.lnk [2013.05.07 15:42:44 | 000,001,072 | ---- | M] () -- C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.05.07 15:41:37 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2013.05.07 15:37:17 | 152,249,762 | ---- | M] () -- C:\Users\Christopher\Desktop\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe [2013.05.07 15:16:18 | 000,000,500 | ---- | M] () -- C:\Users\Christopher\Desktop\TUD_FB15 - Verknüpfung.lnk [1 C:\Users\Christopher\Desktop\*.tmp files -> C:\Users\Christopher\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.03 23:30:12 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.06.03 21:54:33 | 000,315,242 | ---- | C] () -- C:\Users\Christopher\Desktop\Lageplan2.pdf [2013.06.02 18:37:44 | 000,000,962 | ---- | C] () -- C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk [2013.05.30 16:52:18 | 000,274,884 | ---- | C] () -- C:\Users\Christopher\Desktop\ideepodest.skp [2013.05.30 12:28:03 | 004,702,277 | ---- | C] () -- C:\Users\Christopher\Desktop\bamboo.dwg [2013.05.30 12:23:42 | 002,556,038 | ---- | C] () -- C:\Users\Christopher\Desktop\bamboo3.dxf [2013.05.30 12:17:57 | 002,229,687 | ---- | C] () -- C:\Users\Christopher\Desktop\bamboo2.dxf [2013.05.30 12:12:57 | 000,088,141 | ---- | C] () -- C:\Users\Christopher\Desktop\bamboo.dxf [2013.05.22 20:11:47 | 009,084,416 | ---- | C] () -- C:\Users\Christopher\Desktop\Lageplan2.pln [2013.05.22 20:11:47 | 009,084,416 | ---- | C] () -- C:\Users\Christopher\Desktop\Lageplan2.bpn [2013.05.21 20:41:06 | 000,025,278 | ---- | C] () -- C:\Users\Christopher\Desktop\schrank.jpg [2013.05.21 10:34:56 | 000,141,608 | ---- | C] () -- C:\Users\Christopher\Desktop\Stuttgart.wea [2013.05.21 10:32:41 | 000,243,613 | ---- | C] () -- C:\Users\Christopher\Desktop\DEU_Stuttgart.107380_IWEC(1).zip [2013.05.18 21:36:46 | 000,001,059 | ---- | C] () -- C:\Users\Christopher\Desktop\Ecotect Analysis 2011.lnk [2013.05.18 21:34:22 | 053,035,316 | ---- | C] () -- C:\Users\Christopher\Desktop\Autodesk_Ecotect_Analysis_2011_English_Win_32bit_r2.exe [2013.05.08 15:46:57 | 002,508,964 | ---- | C] () -- C:\Users\Christopher\Desktop\Unbenanntes_Panorama5.jpg [2013.05.08 15:42:51 | 002,703,584 | ---- | C] () -- C:\Users\Christopher\Desktop\Unbenanntes_Panorama4.jpg [2013.05.08 15:37:38 | 002,711,193 | ---- | C] () -- C:\Users\Christopher\Desktop\Unbenanntes_Panorama2.jpg [2013.05.08 15:32:50 | 002,435,373 | ---- | C] () -- C:\Users\Christopher\Desktop\Unbenanntes_Panorama3.jpg [2013.05.08 14:34:17 | 000,001,422 | ---- | C] () -- C:\Users\Christopher\Desktop\Fachgebiet - Verknüpfung.lnk [2013.05.08 08:54:35 | 004,528,412 | ---- | C] () -- C:\Users\Christopher\Desktop\KELLER_TechnProspekt_mw_2013.pdf [2013.05.08 08:50:36 | 000,765,816 | ---- | C] () -- C:\Users\Christopher\Desktop\Technisches_Datenblatt_MW4__De.pdf [2013.05.08 08:50:29 | 001,264,640 | ---- | C] () -- C:\Users\Christopher\Desktop\Technisches_Datenblatt_MW_De_01.pdf [2013.05.08 08:48:40 | 000,605,896 | ---- | C] () -- C:\Users\Christopher\Desktop\Minimal Window 4.jpg [2013.05.08 08:46:57 | 000,652,997 | ---- | C] () -- C:\Users\Christopher\Desktop\Minimal Window 3.jpg [2013.05.08 08:45:53 | 000,561,859 | ---- | C] () -- C:\Users\Christopher\Desktop\Minimal Window 2.jpg [2013.05.08 08:45:22 | 000,746,393 | ---- | C] () -- C:\Users\Christopher\Desktop\Minimal Window 1.jpg [2013.05.07 17:13:56 | 000,001,850 | ---- | C] () -- C:\Users\Christopher\Desktop\P258_PaF_Pavillon Fellbach - Verknüpfung.lnk [2013.05.07 15:42:44 | 000,001,072 | ---- | C] () -- C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.05.07 15:41:37 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2013.05.07 15:37:13 | 152,249,762 | ---- | C] () -- C:\Users\Christopher\Desktop\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe [2013.05.07 15:16:18 | 000,000,500 | ---- | C] () -- C:\Users\Christopher\Desktop\TUD_FB15 - Verknüpfung.lnk [2013.05.07 14:48:41 | 000,001,815 | ---- | C] () -- C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2013.01.20 20:16:31 | 000,126,056 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2012.12.06 18:25:05 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.10.23 23:04:35 | 000,001,456 | ---- | C] () -- C:\Users\Christopher\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2012.10.17 01:54:01 | 083,023,306 | ---- | C] () -- C:\ProgramData\nogolniw.pad [2012.10.04 06:55:18 | 000,000,379 | ---- | C] () -- C:\Users\Christopher\Dokumente - Verknüpfung.lnk [2012.05.15 02:45:00 | 000,000,256 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2012.05.15 02:45:00 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2012.05.15 02:44:11 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.05.15 02:44:11 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2012.05.15 02:39:41 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll [2012.05.15 02:39:40 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2012.05.15 02:39:39 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2012.05.15 02:35:27 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini [2012.01.14 21:08:09 | 000,059,232 | ---- | C] () -- C:\Windows\SysWow64\CNC8100W.DAT [2011.10.27 00:29:59 | 000,000,148 | ---- | C] () -- C:\Users\Christopher\.xconvrc [2011.01.24 22:57:51 | 000,003,332 | ---- | C] () -- C:\Users\Christopher\.recently-used.xbel [2010.11.10 03:08:34 | 000,015,893 | ---- | C] () -- C:\Users\Christopher\Layout3.2010_11_10_02_08_34.0.svg [2010.09.18 16:56:31 | 000,000,000 | ---- | C] () -- C:\Users\Christopher\AppData\Local\PCD650.L!C [2010.08.13 21:09:27 | 002,696,192 | ---- | C] () -- C:\Users\Christopher\softonic-Deutsch.exe [2010.08.13 21:09:05 | 000,260,384 | ---- | C] () -- C:\Users\Christopher\SoftonicDownloader11503.exe [2010.07.26 02:14:22 | 000,000,612 | ---- | C] () -- C:\Users\Christopher\smartkey.inf [2010.01.21 14:46:00 | 000,004,096 | -H-- | C] () -- C:\Users\Christopher\AppData\Local\keyfile3.drm [2009.12.03 19:32:46 | 000,016,384 | ---- | C] () -- C:\Users\Christopher\AppData\Roaming\DataSafeDotNet.exe [2009.10.16 10:45:44 | 000,008,663 | ---- | C] () -- C:\Users\Christopher\gsview32.ini [2009.10.11 20:44:28 | 000,000,732 | ---- | C] () -- C:\Users\Christopher\AppData\Local\d3d9caps64.dat [2009.10.09 12:12:51 | 000,011,776 | ---- | C] () -- C:\Users\Christopher\setx.exe [2009.10.01 23:48:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.09.17 15:27:09 | 000,000,680 | ---- | C] () -- C:\Users\Christopher\AppData\Local\d3d9caps.dat [2009.09.17 14:23:58 | 000,000,000 | ---- | C] () -- C:\Users\Christopher\AppData\Roaming\wklnhst.dat [2009.09.10 17:11:42 | 000,112,128 | ---- | C] () -- C:\Users\Christopher\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.06.03 23:41:13 | 000,000,000 | RHSD | M] -- C:\Users\Christopher\AppData\Roaming\-1036471146 [2010.11.22 20:35:29 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Autodesk [2010.07.07 16:32:50 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Azureus [2010.08.16 15:46:57 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Babylon [2013.06.02 18:33:19 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\brah [2012.02.24 17:38:26 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Canon [2012.01.14 21:36:02 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\CD-LabelPrint [2011.02.07 23:46:31 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2013.03.07 23:51:44 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\DAEMON Tools Lite [2013.06.04 01:22:34 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Dropbox [2011.06.08 01:38:06 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\DVDVideoSoftIEHelpers [2010.08.16 15:48:50 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\FinalTorrent [2010.11.12 22:30:46 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\FpSpellCheck [2010.09.29 16:33:50 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\GrabPro [2012.07.18 16:00:10 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Graphisoft [2010.12.01 03:31:51 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\gtk-2.0 [2010.08.16 16:15:20 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\inkscape [2013.05.27 21:06:37 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Mala [2013.03.07 23:35:57 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\OpenCandy [2013.05.07 15:42:12 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\OpenOffice.org [2010.12.31 02:36:48 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Orbit [2010.09.29 16:33:53 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\ProgSense [2013.04.23 22:44:38 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Ritycy [2012.03.31 12:38:36 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Samsung [2013.06.04 01:37:15 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\SlimBrowser [2013.05.30 17:34:04 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Spotify [2011.01.29 14:11:14 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2009.09.17 14:24:42 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Template [2013.03.07 23:37:34 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\TuneUp Software [2013.06.04 00:25:29 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Waqa [2013.06.03 23:42:35 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\WindowsFiless [2012.12.13 01:40:14 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\WindSolutions [2013.05.27 21:06:38 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Ykowem ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.11.16 01:27:18 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.09.01 17:51:59 | 000,000,000 | ---D | M] -- C:\1033 [2013.05.18 21:34:37 | 000,000,000 | ---D | M] -- C:\Autodesk [2009.12.07 00:37:11 | 000,000,000 | -HSD | M] -- C:\boot [2011.05.08 14:47:08 | 000,000,000 | -H-D | M] -- C:\CanoScan [2012.10.21 19:48:19 | 000,000,000 | ---D | M] -- C:\DELL [2009.09.10 16:43:57 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.01.08 22:15:21 | 000,000,000 | ---D | M] -- C:\downloads [2009.07.30 09:30:45 | 000,000,000 | ---D | M] -- C:\Drivers [2011.08.12 17:17:37 | 000,000,000 | ---D | M] -- C:\e4d0642fea7bbb6f28693a5b00 [2009.07.30 05:39:45 | 000,000,000 | ---D | M] -- C:\EFI [2009.09.01 18:12:30 | 000,000,000 | RH-D | M] -- C:\MSOCache [2012.01.08 22:16:23 | 000,000,000 | ---D | M] -- C:\Output [2008.01.21 05:04:13 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.05.07 15:02:55 | 000,000,000 | R--D | M] -- C:\Program Files [2013.06.03 23:29:56 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.06.03 23:29:56 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.09.10 16:43:57 | 000,000,000 | -HSD | M] -- C:\Programme [2009.09.10 16:50:12 | 000,000,000 | -HSD | M] -- C:\System Recovery [2013.06.04 01:42:01 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.12.23 22:42:45 | 000,000,000 | R--D | M] -- C:\Users [2013.05.07 15:12:39 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2006.11.02 11:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2006.11.02 11:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2006.11.02 11:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2006.11.02 11:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2009.04.11 08:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2006.11.02 17:42:03 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2006.11.02 17:42:03 | 000,032,516 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.08.16 15:46:38 | 000,000,440 | ---- | C] () -- C:\Windows\Tasks\PCConfidential.job < MD5 for: AGP440.SYS > [2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys [2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys [2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys < MD5 for: ATAPI.SYS > [2008.01.21 04:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys [2009.04.30 12:21:29 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=5EB9EF6EEC5D873E94992095A1719BF6 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_39c3f1ccf31998cb\atapi.sys [2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys [2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys [2009.04.30 12:21:29 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_393a5501d9fbf901\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll [2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.04.30 12:48:37 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe [2009.04.30 12:48:36 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe [2009.04.30 12:48:37 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe [2009.04.30 12:48:36 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe [2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe [2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe [2009.04.30 12:48:36 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe [2009.04.30 12:48:36 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe [2009.04.30 12:48:35 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe [2009.04.30 12:48:36 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe [2008.01.21 04:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe [2008.01.21 04:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys [2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008.01.21 04:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll [2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll [2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll [2008.01.21 04:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll < MD5 for: NVSTOR.SYS > [2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys [2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll [2008.01.21 04:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll [2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll [2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 04:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll [2008.01.21 04:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll [2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll [2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll [2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll [2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe [2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe [2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe [2008.01.21 04:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2008.01.21 04:50:16 | 000,403,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll [2013.04.05 00:09:30 | 009,738,752 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll < %USERPROFILE%\*.* > [2011.01.24 22:57:51 | 000,003,332 | ---- | M] () -- C:\Users\Christopher\.recently-used.xbel [2011.10.27 00:29:59 | 000,000,148 | ---- | M] () -- C:\Users\Christopher\.xconvrc [2012.10.04 06:55:18 | 000,000,379 | ---- | M] () -- C:\Users\Christopher\Dokumente - Verknüpfung.lnk [2010.08.25 13:05:48 | 000,008,663 | ---- | M] () -- C:\Users\Christopher\gsview32.ini [2010.11.10 03:08:34 | 000,015,893 | ---- | M] () -- C:\Users\Christopher\Layout3.2010_11_10_02_08_34.0.svg [2013.06.04 02:07:09 | 006,291,456 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat [2013.06.04 02:07:09 | 000,262,144 | -H-- | M] () -- C:\Users\Christopher\ntuser.dat.LOG1 [2013.04.29 23:53:11 | 000,262,144 | -H-- | M] () -- C:\Users\Christopher\ntuser.dat.LOG2 [2013.02.13 06:03:25 | 000,065,536 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat{290c7cb0-f2d7-11e1-a28b-a96fd8646e27}.TM.blf [2013.02.13 06:03:25 | 000,524,288 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat{290c7cb0-f2d7-11e1-a28b-a96fd8646e27}.TMContainer00000000000000000001.regtrans-ms [2012.08.30 21:18:48 | 000,524,288 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat{290c7cb0-f2d7-11e1-a28b-a96fd8646e27}.TMContainer00000000000000000002.regtrans-ms [2012.01.10 02:43:18 | 000,065,536 | -HS- | M] () -- C:\Users\Christopher\NTUSER.DAT{31cdf0b4-4ce0-11e0-8be3-eb5321e98110}.TM.blf [2012.01.10 02:43:18 | 000,524,288 | -HS- | M] () -- C:\Users\Christopher\NTUSER.DAT{31cdf0b4-4ce0-11e0-8be3-eb5321e98110}.TMContainer00000000000000000001.regtrans-ms [2011.03.13 03:19:17 | 000,524,288 | -HS- | M] () -- C:\Users\Christopher\NTUSER.DAT{31cdf0b4-4ce0-11e0-8be3-eb5321e98110}.TMContainer00000000000000000002.regtrans-ms [2013.04.30 03:57:29 | 000,065,536 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat{3e24fe57-b139-11e2-a194-f6c4a8aa2510}.TM.blf [2013.04.30 03:57:29 | 000,524,288 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat{3e24fe57-b139-11e2-a194-f6c4a8aa2510}.TMContainer00000000000000000001.regtrans-ms [2013.04.30 03:57:29 | 000,524,288 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat{3e24fe57-b139-11e2-a194-f6c4a8aa2510}.TMContainer00000000000000000002.regtrans-ms [2012.08.30 19:58:50 | 000,065,536 | -HS- | M] () -- C:\Users\Christopher\NTUSER.DAT{981eeae5-3bf3-11e1-a038-a0a33fba2728}.TM.blf [2012.08.30 19:58:50 | 000,524,288 | -HS- | M] () -- C:\Users\Christopher\NTUSER.DAT{981eeae5-3bf3-11e1-a038-a0a33fba2728}.TMContainer00000000000000000001.regtrans-ms [2012.01.11 04:38:04 | 000,524,288 | -HS- | M] () -- C:\Users\Christopher\NTUSER.DAT{981eeae5-3bf3-11e1-a038-a0a33fba2728}.TMContainer00000000000000000002.regtrans-ms [2010.06.12 20:18:45 | 000,065,536 | -HS- | M] () -- C:\Users\Christopher\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf [2010.06.12 20:18:45 | 000,524,288 | -HS- | M] () -- C:\Users\Christopher\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms [2009.09.10 17:23:46 | 000,524,288 | -HS- | M] () -- C:\Users\Christopher\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms [2011.03.10 01:48:04 | 000,065,536 | -HS- | M] () -- C:\Users\Christopher\NTUSER.DAT{d29554f8-776b-11df-a867-f1fa54239015}.TM.blf [2011.03.10 01:48:04 | 000,524,288 | -HS- | M] () -- C:\Users\Christopher\NTUSER.DAT{d29554f8-776b-11df-a867-f1fa54239015}.TMContainer00000000000000000001.regtrans-ms [2010.06.14 06:28:54 | 000,524,288 | -HS- | M] () -- C:\Users\Christopher\NTUSER.DAT{d29554f8-776b-11df-a867-f1fa54239015}.TMContainer00000000000000000002.regtrans-ms [2013.06.04 01:17:34 | 000,065,536 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat{d6cdff6b-b14b-11e2-8c3b-892b3e606052}.TM.blf [2013.06.04 01:17:34 | 000,524,288 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat{d6cdff6b-b14b-11e2-8c3b-892b3e606052}.TMContainer00000000000000000001.regtrans-ms [2013.04.30 07:28:06 | 000,524,288 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat{d6cdff6b-b14b-11e2-8c3b-892b3e606052}.TMContainer00000000000000000002.regtrans-ms [2013.04.29 23:53:12 | 001,048,576 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat{f84d4c77-7701-11e2-9041-eea3ab361b8b}.TxR.0.regtrans-ms [2013.04.29 23:53:12 | 001,048,576 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat{f84d4c77-7701-11e2-9041-eea3ab361b8b}.TxR.1.regtrans-ms [2013.04.29 23:53:12 | 001,048,576 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat{f84d4c77-7701-11e2-9041-eea3ab361b8b}.TxR.2.regtrans-ms [2013.04.29 23:53:12 | 000,065,536 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat{f84d4c77-7701-11e2-9041-eea3ab361b8b}.TxR.blf [2013.04.29 02:21:17 | 000,065,536 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat{f84d4c78-7701-11e2-9041-eea3ab361b8b}.TM.blf [2013.04.29 02:21:17 | 000,524,288 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat{f84d4c78-7701-11e2-9041-eea3ab361b8b}.TMContainer00000000000000000001.regtrans-ms [2013.02.15 04:59:03 | 000,524,288 | -HS- | M] () -- C:\Users\Christopher\ntuser.dat{f84d4c78-7701-11e2-9041-eea3ab361b8b}.TMContainer00000000000000000002.regtrans-ms [2009.09.10 16:47:41 | 000,000,020 | -HS- | M] () -- C:\Users\Christopher\ntuser.ini [2009.10.09 12:12:51 | 000,011,776 | ---- | M] () -- C:\Users\Christopher\setx.exe [2010.10.18 02:38:06 | 000,000,612 | ---- | M] () -- C:\Users\Christopher\smartkey.inf [2010.08.13 21:10:09 | 002,696,192 | ---- | M] () -- C:\Users\Christopher\softonic-Deutsch.exe [2010.08.13 21:09:20 | 000,260,384 | ---- | M] () -- C:\Users\Christopher\SoftonicDownloader11503.exe [2013.05.22 10:46:01 | 000,000,000 | ---- | M] () -- C:\Users\Christopher\Sti_Trace.log < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < End of report > |
| Themen zu TR/Crypt.XPACK.Gen auf Laptop gefunden. Wie entfernen? |
| .html, absoluter, anwendung, bds/androm.tzg, canon, durchgeführt, entfernen, fehlermeldung, gestartet, hiddenfile.multi.generic, hijacker.application, komponente, laptop, markusg, neuinstallation, otl scan, plug-in, popen, problem, pup.bitcoinminer, required, scan, sekunden, spotify web helper, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/crypt.xpack.gen', tr/ransom.blocker.bgtk, troja, trojan.zbot.fv, trojanerboard, visual studio, wie entfernen, wie entfernen? |
Baum-Darstellung