| |
| |||||||
Log-Analyse und Auswertung: Diverse Maleware, ngnix Probleme, viele ProzesseWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.06.2013, 09:32
| #1 |
 |  Diverse Maleware, ngnix Probleme, viele Prozesse Hallo Team, nach gestriger Recherche im Netz bin ich auf euch gestoßen und hoffe das ihr mir weiterhelfen könnt mit meinen diversen Problemen. Ich denke mal das ihr alle Programme in den Logs ersehen könnt aber ich zähle sie trotzdem nochmals auf. Antivirus : AVAST Maleware : Spybot Malewarebytes Spyhunter und was von McAffee ist auch noch drauf. Ich bin eigentlich ein Amateur was sowas hier betrifft, habe aber nach gestrigen Problemen jeweils ein Scan mit oben genannten Programmen gemacht und feststellen müssen, das Malewarebytes nichts gefunden hatte, Spybot fand wiederum ein paar Einträge und Spyhunter wiederum über 100! Infekte ( komisch das die anderen 2 nichts davon fanden ) hier mal ein bild vom Spyhunter im Anhang... Desweiteren plagt mich dieser ngnix krempel, mal mit einer 502'er oder einer 404'er Fehlermeldung beim ansteuern von Seiten im Netz. Zu guter letzt, sind mit die über 100 laufenden Prozesse nicht ganz koscher, aber beim nachschauen im Taskmanager stehen viele Namen womit ich halt Null anfangen kann... Ich hoffe sehr das ihr mir helfen könnt, da ich derzeit im Ausland tätig bin und KEINE recovery CD mit mir führe um das System neu aufzusetzen ( als Endlösung ). Ich hoffe ich habe alles richtig reingestellt, ist nicht ganz einfach für ein Laien. Und ich bedanke mich schon einmal im Vorraus für eure Hilfe!!! ps: beim ersten "erstellen" versuche bin ich dazu agehalten worden die Logs als Archive anzuhängen, hoffe das ist korrekt so. |
|
19.06.2013, 09:39
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Diverse Maleware, ngnix Probleme, viele Prozesse Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
19.06.2013, 09:42
| #3 |
| | Diverse Maleware, ngnix Probleme, viele Prozesse ähm wenn du mir noch sagst wo ich die logs der bereits gefundenen infekte finden kann in den jeweiligen programmen, werd ich sie dir gerne schicken!
__________________ |
|
19.06.2013, 09:44
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Diverse Maleware, ngnix Probleme, viele Prozesse Es wurde extra eine Anleitung verlinkt
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.06.2013, 10:19
| #5 |
| | Diverse Maleware, ngnix Probleme, viele Prozesse ok habs, aber der spybot log ist mit 404853 Zeichen zu groß,werd ihn als .zip anhängen müssen hier der Malewarebytes log : Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.18.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Könich :: RECHENKNECHT [Administrator] 18.06.2013 21:18:40 mbam-log-2013-06-18 (21-18-40).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 563000 Laufzeit: 1 Stunde(n), 31 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) den SpyHunter ( von dem das angehängte Bild ist ) kann ich komischerweise nicht auffinden... ich muss auch anmerken das ich z zt mit dem 2. useracc eingeloggt bin (gerade im büro) der 1. useracc ist mein privater, macht das ein unterschied? so,jetzt auch mit SpyHunter4 Log im Anhang... Geändert von Pers (19.06.2013 um 11:03 Uhr) |
|
19.06.2013, 11:07
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Diverse Maleware, ngnix Probleme, viele Prozesse Die Datei trägt zwar den Namen "spybot-log" enhält aber ein Log von GMER. Gab es nun jemals Funde oder noch nie?
__________________ --> Diverse Maleware, ngnix Probleme, viele Prozesse |
|
19.06.2013, 11:09
| #7 |
| | Diverse Maleware, ngnix Probleme, viele Prozesse also, spybot hatte funde gehabt und die konnten behoben werden. malwarebytes hat null funde gehabt! spyhunter4 ganze 132 funde...nur die löscht er ja nicht in der freeversion... welche informationen kann ich dir noch bereit stellen damit deine hilfe fruchten kann? |
|
19.06.2013, 11:18
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Diverse Maleware, ngnix Probleme, viele Prozesse MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.06.2013, 11:39
| #9 |
| | Diverse Maleware, ngnix Probleme, viele Prozesse ähm als ich mbar gestartet habe kam gleich das hier, siehe anhang. soll ich da yes oder no klicken? |
|
19.06.2013, 12:10
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Diverse Maleware, ngnix Probleme, viele Prozesse bitte auf nein klicken
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.06.2013, 12:25
| #11 |
| | Diverse Maleware, ngnix Probleme, viele Prozesse so hier der erste log von mbar : Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org
Database version: v2013.06.19.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
WORK :: RECHENKNECHT [administrator]
19.06.2013 12:52:32
mbar-log-2013-06-19 (12-52-32).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 329455
Time elapsed: 27 minute(s), 5 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
und hier der Log vom aswMBR : Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-19 13:28:22
-----------------------------
13:28:22.885 OS Version: Windows x64 6.1.7601 Service Pack 1
13:28:22.885 Number of processors: 4 586 0x3A09
13:28:22.885 ComputerName: RECHENKNECHT UserName: WORK
13:28:24.379 Initialize success
13:28:26.016 AVAST engine defs: 13061803
13:29:28.122 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:29:28.124 Disk 0 Vendor: ST950032 0001 Size: 476940MB BusType: 3
13:29:28.231 Disk 0 MBR read successfully
13:29:28.232 Disk 0 MBR scan
13:29:28.234 Disk 0 Windows 7 default MBR code
13:29:28.241 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15872 MB offset 2048
13:29:28.251 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 32507904
13:29:28.259 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 460966 MB offset 32712704
13:29:28.302 Disk 0 scanning C:\Windows\system32\drivers
13:29:41.939 Service scanning
13:30:06.098 Modules scanning
13:30:06.103 Disk 0 trace - called modules:
13:30:06.119 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
13:30:06.167 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007611060]
13:30:06.171 3 CLASSPNP.SYS[fffff88001cf843f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004d5f050]
13:30:06.961 AVAST engine scan C:\Windows
13:30:10.802 AVAST engine scan C:\Windows\system32
13:32:38.485 AVAST engine scan C:\Windows\system32\drivers
13:32:51.955 AVAST engine scan C:\Users\WORK
13:35:23.389 AVAST engine scan C:\ProgramData
13:37:03.199 Scan finished successfully
13:37:20.216 Disk 0 MBR has been saved successfully to "C:\Users\WORK\Desktop\MBR.dat"
13:37:20.219 The log file has been saved successfully to "C:\Users\WORK\Desktop\aswMBR.txt"
|
|
19.06.2013, 12:59
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Diverse Maleware, ngnix Probleme, viele Prozesse Alles ziemlich unauffällig bislang.... Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.06.2013, 13:13
| #13 |
| | Diverse Maleware, ngnix Probleme, viele Prozesse beim starten von tdsskiller.exe erscheint folgende fehlermeldung : siehe anhang was nun? sorry falsche datei geklickt...scanne gleich und poste dann! tdsskiller log : im anhang als zip da zu groß... Geändert von Pers (19.06.2013 um 13:26 Uhr) |
|
19.06.2013, 13:31
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Diverse Maleware, ngnix Probleme, viele Prozesse JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.06.2013, 13:53
| #15 |
| | Diverse Maleware, ngnix Probleme, viele Prozesse JRT Log : Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by WORK on 19.06.2013 at 14:39:29,45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\tbhelper.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mf
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\iminent_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\iminent_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\iminentsetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\iminentsetup_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\quickshare_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\quickshare_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetim_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetim_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetpacksupdatemanager_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetpacksupdatemanager_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
~~~ Files
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
Successfully deleted: [File] C:\Windows\syswow64\sho214A.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho2E9A.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho42B0.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho592F.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6100.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho757.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB00B.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB832.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB93E.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoBE6D.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC14D.tmp
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Program Files (x86)\iminent"
Successfully deleted: [Empty Folder] C:\Users\WORK\appdata\local\{1ACFF5A1-AA18-458B-AD1C-8A9998AD0343}
Successfully deleted: [Empty Folder] C:\Users\WORK\appdata\local\{3F9DD1B5-286A-464B-BF14-489FBD359322}
Successfully deleted: [Empty Folder] C:\Users\WORK\appdata\local\{B41801EF-5BF3-47F4-BBD7-0C76350AF1BB}
Successfully deleted: [Empty Folder] C:\Users\WORK\appdata\local\{FB21A3C9-ABF6-46F2-9AC8-7C4F48B9650D}
Successfully deleted: [Empty Folder] C:\Users\WORK\appdata\local\{FCCFA0D1-E875-48CB-AF83-8A479AEFC5A7}
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.06.2013 at 14:43:23,24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.303 - Datei am 19/06/2013 um 14:54:01 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : WORK - RECHENKNECHT
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\WORK\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla FireFox\searchplugins\qvo6.xml
Datei Gelöscht : C:\Users\Könich\Desktop\HDVidCodec.lnk
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Ordner Gelöscht : C:\Program Files (x86)\Gophoto.it
Ordner Gelöscht : C:\Program Files (x86)\HDvidCodec.com
Ordner Gelöscht : C:\Program Files (x86)\Movie2KDownloader.com
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Ordner Gelöscht : C:\Users\Könich\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\Könich\AppData\Local\SwvUpdater
Ordner Gelöscht : C:\Users\Könich\AppData\Local\Temp\Desk365
Ordner Gelöscht : C:\Users\Könich\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Könich\AppData\Roaming\eIntaller
Ordner Gelöscht : C:\Users\Könich\AppData\Roaming\Media Finder
Ordner Gelöscht : C:\Users\Könich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDvidCodec.com
Ordner Gelöscht : C:\Users\Könich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movie2KDownloader.com
Ordner Gelöscht : C:\Users\Könich\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Ordner Gelöscht : C:\Users\WORK\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Ordner Gelöscht : C:\Users\WORK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Ordner Gelöscht : C:\Users\WORK\Desktop\Delta
***** [Registrierungsdatenbank] *****
Daten Gelöscht : HKLM\...\StartMenuInternet\FIREFOX.EXE [(Default)] = C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=ST9500325AS_S2WJ2QNXXXXXS2WJ2QNX&ts=1368009792
Daten Gelöscht : HKLM\...\StartMenuInternet\IEXPLORE.EXE [(Default)] = C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=ST9500325AS_S2WJ2QNXXXXXS2WJ2QNX&ts=1368009792
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Movie2KDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\Software\qvo6Software
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5c53ddd8e169ef49
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16483
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=ST9500325AS_S2WJ2QNXXXXXS2WJ2QNX&ts=1368009792 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=ST9500325AS_S2WJ2QNXXXXXS2WJ2QNX&ts=1368009792 --> hxxp://www.google.com
-\\ Google Chrome v27.0.1453.110
Datei : C:\Users\Könich\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
Datei : C:\Users\WORK\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [13912 octets] - [19/06/2013 14:54:01]
########## EOF - C:\AdwCleaner[S1].txt - [13973 octets] ##########
OTL Log : Code:
ATTFilter OTL logfile created on: 19.06.2013 15:06:15 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\WORK\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,84 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 52,82% Memory free 7,68 Gb Paging File | 5,57 Gb Available in Paging File | 72,50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450,16 Gb Total Space | 122,05 Gb Free Space | 27,11% Space Free | Partition Type: NTFS Computer Name: RECHENKNECHT | User Name: WORK | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\WORK\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\SaferSurf\SaferSurfTray.exe (Nutzwerk) PRC - C:\Program Files (x86)\SaferSurf\SaferSurfServices.exe (Nutzwerk) PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe () PRC - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe () PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe (Atheros) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated) PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation) PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe (Razer USA Ltd) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Users\WORK\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\571b85634abf2fba6bab80c21a347081\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe () MOD - C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe () MOD - C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (SaferSurfServices) -- C:\Program Files (x86)\SaferSurf\SaferSurfServices.exe (Nutzwerk) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations) SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (ZAtheros Wlan Agent) -- C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe (Atheros) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (DCDhcpService) -- C:\Program Files (x86)\Acer\WDAgent\DCDhcpService.exe (Atheros Communication Inc.) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (Live Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated) SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (Hilti PROFIS AutoUpdate Service) -- C:\Program Files (x86)\Hilti\PROFIS AutoUpdate\Hilti.AutoUpdate.Service.exe (Agito d.o.o.) SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.) SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. ) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (BioWare) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys () DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys () DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros) DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros) DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros) DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros) DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros) DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros) DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Atheros) DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (esgiguard) -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3674554449-1984864590-2042964124-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = about:blank IE - HKU\S-1-5-21-3674554449-1984864590-2042964124-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank IE - HKU\S-1-5-21-3674554449-1984864590-2042964124-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-3674554449-1984864590-2042964124-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=acc91649-6ca3-4a1d-9aad-4a2e1fa792e7&searchtype=ds&q={searchTerms}&installDate=08/05/2013 IE - HKU\S-1-5-21-3674554449-1984864590-2042964124-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank IE - HKU\S-1-5-21-3674554449-1984864590-2042964124-1004\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3674554449-1984864590-2042964124-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKU\S-1-5-21-3674554449-1984864590-2042964124-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3674554449-1984864590-2042964124-1005\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3674554449-1984864590-2042964124-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.06.19 00:21:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.27 16:51:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.27 11:46:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.27 16:51:49 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.09 09:22:35 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - Extension: Google Docs = C:\Users\WORK\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\WORK\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\WORK\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\WORK\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: avast! Online Security = C:\Users\WORK\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\ CHR - Extension: Google Mail = C:\Users\WORK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013.06.16 19:36:41 | 000,447,825 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15376 more lines... O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [InstantUpdate] C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe () O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe (Microsoft) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe (Microsoft) O4 - HKLM..\Run: [Razer Mamba Elite Driver] C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe (Razer USA Ltd) O4 - HKLM..\Run: [SaferSurf Tray] C:\Program Files (x86)\SaferSurf\SaferSurfTray.exe (Nutzwerk) O4 - HKLM..\Run: [SpybotSnD] C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited) O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-21-3674554449-1984864590-2042964124-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3674554449-1984864590-2042964124-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3674554449-1984864590-2042964124-1004..\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\SaferSurf\bin64\wslsp.dll (alpha 2000 GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\SaferSurf\bin64\wslsp.dll (alpha 2000 GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\SaferSurf\bin64\wslsp.dll (alpha 2000 GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\SaferSurf\bin64\wslsp.dll (alpha 2000 GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\SaferSurf\bin64\wslsp.dll (alpha 2000 GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\SaferSurf\bin64\wslsp.dll (alpha 2000 GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\SaferSurf\bin64\wslsp.dll (alpha 2000 GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\SaferSurf\bin64\wslsp.dll (alpha 2000 GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files (x86)\SaferSurf\bin64\wslsp.dll (alpha 2000 GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files (x86)\SaferSurf\bin64\wslsp.dll (alpha 2000 GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\SaferSurf\bin64\wslsp.dll (alpha 2000 GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000023 - C:\Program Files (x86)\SaferSurf\bin64\wslsp.dll (alpha 2000 GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\SaferSurf\wslsp.dll (alpha 2000 GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\SaferSurf\wslsp.dll (alpha 2000 GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\SaferSurf\wslsp.dll (alpha 2000 GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\SaferSurf\wslsp.dll (alpha 2000 GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\SaferSurf\wslsp.dll (alpha 2000 GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\SaferSurf\wslsp.dll (alpha 2000 GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\SaferSurf\wslsp.dll (alpha 2000 GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\SaferSurf\wslsp.dll (alpha 2000 GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\SaferSurf\wslsp.dll (alpha 2000 GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\SaferSurf\wslsp.dll (alpha 2000 GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\SaferSurf\wslsp.dll (alpha 2000 GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files (x86)\SaferSurf\wslsp.dll (alpha 2000 GmbH) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.200.190.166 212.200.191.166 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{699C7D74-E2E2-413C-86A3-CF263FDE8C64}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86616CD5-F397-41C9-99E4-5CD2D75BE296}: DhcpNameServer = 212.200.190.166 212.200.191.166 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA1ED79B-B401-4B13-BCFF-7432465469E3}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.05.22 11:17:42 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.19 15:06:57 | 000,000,000 | ---D | C] -- C:\Users\WORK\Desktop\OTL Log's [2013.06.19 14:39:24 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.06.19 14:39:19 | 000,000,000 | ---D | C] -- C:\JRT [2013.06.19 14:36:14 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\WORK\Desktop\JRT.exe [2013.06.19 12:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable) [2013.06.19 12:40:02 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\WORK\Desktop\aswMBR.exe [2013.06.19 12:33:57 | 000,000,000 | ---D | C] -- C:\Users\WORK\Desktop\Neuer Ordner [2013.06.19 10:47:01 | 000,000,000 | ---D | C] -- C:\Users\WORK\AppData\Roaming\Malwarebytes [2013.06.19 10:26:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013.06.19 10:26:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2013.06.19 00:00:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SaferSurf [2013.06.19 00:00:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Nutzwerk [2013.06.18 10:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tinypic [2013.06.18 10:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tinypic [2013.06.17 07:31:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.06.16 20:00:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.06.16 20:00:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.06.16 20:00:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.06.16 20:00:13 | 000,000,000 | --SD | C] -- C:\ComboFix [2013.06.16 19:59:26 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.06.16 19:59:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.06.15 14:48:23 | 000,000,000 | ---D | C] -- C:\Users\WORK\AppData\Roaming\Windows Live Writer [2013.06.15 14:48:23 | 000,000,000 | ---D | C] -- C:\Users\WORK\AppData\Local\Windows Live Writer [2013.06.15 13:33:38 | 000,000,000 | ---D | C] -- C:\Users\WORK\AppData\Roaming\Skype [2013.06.14 15:22:41 | 000,000,000 | R--D | C] -- C:\Users\WORK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2013.06.14 15:22:41 | 000,000,000 | ---D | C] -- C:\Users\WORK\AppData\Local\BMExplorer [2013.06.14 15:22:41 | 000,000,000 | ---D | C] -- C:\Users\WORK\Documents\Bluetooth Folder [2013.06.10 07:29:09 | 000,000,000 | ---D | C] -- C:\Users\WORK\Documents\MyHeritage [2013.06.08 10:57:36 | 000,000,000 | ---D | C] -- C:\Users\WORK\AppData\Roaming\OpenOffice.org [2013.06.06 15:23:45 | 000,000,000 | ---D | C] -- C:\Users\WORK\AppData\Local\CrashDumps [2013.06.06 13:56:32 | 000,000,000 | ---D | C] -- C:\Users\WORK\AppData\Local\Diagnostics [2013.06.06 10:48:27 | 000,000,000 | ---D | C] -- C:\Users\WORK\AppData\Roaming\HpUpdate [2013.06.06 10:47:59 | 000,750,440 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPM4812.dll [2013.06.06 10:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2013.06.06 10:47:34 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2013.06.06 10:47:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP [2013.06.06 10:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2013.06.06 10:46:01 | 000,000,000 | ---D | C] -- C:\Users\WORK\AppData\Local\HP [2013.06.06 09:40:47 | 000,000,000 | ---D | C] -- C:\Users\WORK\AppData\Roaming\WinRAR [2013.06.06 09:40:30 | 000,000,000 | ---D | C] -- C:\Users\WORK\Desktop\GL [2013.06.06 08:28:57 | 000,000,000 | ---D | C] -- C:\Users\WORK\Desktop\Aktueller Stand [2013.06.06 08:23:04 | 000,000,000 | ---D | C] -- C:\Users\WORK\AppData\Roaming\vlc [2013.06.06 08:19:12 | 000,000,000 | ---D | C] -- C:\Users\WORK\AppData\Local\Microsoft Help [2013.06.06 08:19:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2013.06.06 07:53:23 | 000,000,000 | ---D | C] -- C:\Users\WORK\Desktop\OGP - OLAP [2013.06.06 07:44:45 | 000,000,000 | ---D | C] -- C:\Users\WORK\AppData\Local\SoftGrid Client [2013.06.06 07:44:40 | 000,000,000 | ---D | C] -- C:\Users\WORK\AppData\Roaming\SoftGrid Client [2013.06.05 19:33:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.06.05 15:40:59 | 000,000,000 | ---D | C] -- C:\Users\WORK\AppData\Local\EgisTec IPS [2013.06.05 15:39:44 | 000,000,000 | ---D | C] -- C:\Users\WORK\AppData\Local\Adobe [2013.06.05 15:38:58 | 000,000,000 | ---D | C] -- C:\Users\WORK\Desktop\Unterlagen zur Fertigungsüberwachung [2013.06.05 15:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.06.05 15:37:18 | 000,000,000 | ---D | C] -- C:\Users\WORK\Desktop\Info zur Fertigungsüberwachung [2013.06.05 15:36:35 | 000,000,000 | ---D | C] -- C:\Users\WORK\AppData\Roaming\MyHeritage [2013.06.05 15:35:42 | 000,000,000 | ---D | C] -- C:\Users\WORK\AppData\Local\Google [2013.06.05 15:35:10 | 000,000,000 | ---D | C] -- C:\Users\WORK\AppData\Local\Apps [2013.06.05 15:35:09 | 000,000,000 | ---D | C] -- C:\Users\WORK\AppData\Local\Deployment [2013.06.05 15:31:33 | 000,000,000 | ---D | C] -- C:\Users\WORK\AppData\Roaming\Adobe [2013.06.05 15:31:31 | 000,000,000 | ---D | C] -- C:\Users\WORK\AppData\Roaming\Screensaver [2013.06.05 15:31:31 | 000,000,000 | ---D | C] -- C:\Users\WORK\AppData\Roaming\Atheros [2013.06.05 15:31:16 | 000,000,000 | R--D | C] -- C:\Users\WORK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.06.05 15:31:15 | 000,000,000 | R--D | C] -- C:\Users\WORK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.06.05 15:31:15 | 000,000,000 | R--D | C] -- C:\Users\WORK\Searches [2013.06.05 15:31:06 | 000,000,000 | ---D | C] -- C:\Users\WORK\AppData\Roaming\Identities [2013.06.05 15:31:04 | 000,000,000 | R--D | C] -- C:\Users\WORK\Contacts [2013.06.05 15:31:03 | 000,000,000 | ---D | C] -- C:\Users\WORK\AppData\Local\VirtualStore [2013.06.05 15:30:55 | 000,000,000 | -HSD | C] -- C:\Users\WORK\Vorlagen [2013.06.05 15:30:55 | 000,000,000 | -HSD | C] -- C:\Users\WORK\AppData\Local\Verlauf [2013.06.05 15:30:55 | 000,000,000 | -HSD | C] -- C:\Users\WORK\AppData\Local\Temporary Internet Files [2013.06.05 15:30:55 | 000,000,000 | -HSD | C] -- C:\Users\WORK\Startmenü [2013.06.05 15:30:55 | 000,000,000 | -HSD | C] -- C:\Users\WORK\SendTo [2013.06.05 15:30:55 | 000,000,000 | -HSD | C] -- C:\Users\WORK\Recent [2013.06.05 15:30:55 | 000,000,000 | -HSD | C] -- C:\Users\WORK\Netzwerkumgebung [2013.06.05 15:30:55 | 000,000,000 | -HSD | C] -- C:\Users\WORK\Lokale Einstellungen [2013.06.05 15:30:55 | 000,000,000 | -HSD | C] -- C:\Users\WORK\Documents\Eigene Videos [2013.06.05 15:30:55 | 000,000,000 | -HSD | C] -- C:\Users\WORK\Documents\Eigene Musik [2013.06.05 15:30:55 | 000,000,000 | -HSD | C] -- C:\Users\WORK\Eigene Dateien [2013.06.05 15:30:55 | 000,000,000 | -HSD | C] -- C:\Users\WORK\Documents\Eigene Bilder [2013.06.05 15:30:55 | 000,000,000 | -HSD | C] -- C:\Users\WORK\Druckumgebung [2013.06.05 15:30:55 | 000,000,000 | -HSD | C] -- C:\Users\WORK\Cookies [2013.06.05 15:30:55 | 000,000,000 | -HSD | C] -- C:\Users\WORK\AppData\Local\Anwendungsdaten [2013.06.05 15:30:55 | 000,000,000 | -HSD | C] -- C:\Users\WORK\Anwendungsdaten [2013.06.05 15:30:55 | 000,000,000 | ---D | C] -- C:\Users\WORK\AppData\Local\Temp [2013.06.05 15:30:55 | 000,000,000 | ---D | C] -- C:\Users\WORK\AppData\Local\Microsoft [2013.06.05 15:30:55 | 000,000,000 | ---D | C] -- C:\Users\WORK\AppData\Roaming\Media Center Programs [2013.06.05 15:30:55 | 000,000,000 | ---D | C] -- C:\Users\WORK\AppData\Roaming\Macromedia [2013.06.05 15:30:54 | 000,000,000 | --SD | C] -- C:\Users\WORK\AppData\Roaming\Microsoft [2013.06.05 15:30:54 | 000,000,000 | R--D | C] -- C:\Users\WORK\Videos [2013.06.05 15:30:54 | 000,000,000 | R--D | C] -- C:\Users\WORK\Saved Games [2013.06.05 15:30:54 | 000,000,000 | R--D | C] -- C:\Users\WORK\Pictures [2013.06.05 15:30:54 | 000,000,000 | R--D | C] -- C:\Users\WORK\Music [2013.06.05 15:30:54 | 000,000,000 | R--D | C] -- C:\Users\WORK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.06.05 15:30:54 | 000,000,000 | R--D | C] -- C:\Users\WORK\Links [2013.06.05 15:30:54 | 000,000,000 | R--D | C] -- C:\Users\WORK\Favorites [2013.06.05 15:30:54 | 000,000,000 | R--D | C] -- C:\Users\WORK\Downloads [2013.06.05 15:30:54 | 000,000,000 | R--D | C] -- C:\Users\WORK\Documents [2013.06.05 15:30:54 | 000,000,000 | R--D | C] -- C:\Users\WORK\Desktop [2013.06.05 15:30:54 | 000,000,000 | R--D | C] -- C:\Users\WORK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.06.05 15:30:54 | 000,000,000 | -H-D | C] -- C:\Users\WORK\AppData [2013.06.01 10:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\MyHeritage [2013.06.01 10:29:09 | 002,029,056 | ---- | C] (Bytescout) -- C:\Windows\SysWow64\PDFDocScout.DLL [2013.06.01 10:29:09 | 000,372,736 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\ijl15.dll [2013.06.01 10:29:09 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSSTDFMT.DLL [2013.06.01 10:29:08 | 000,608,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comctl32.ocx [2013.06.01 10:29:08 | 000,606,208 | ---- | C] (Lorenzi Davide) -- C:\Windows\SysWow64\HexUniRTFBox.ocx [2013.06.01 10:29:08 | 000,258,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unicows.dll [2013.06.01 10:29:08 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmapi32.ocx [2013.06.01 10:28:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyHeritage [2013.06.01 09:23:54 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.05.22 16:01:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame For Audacity [2013.05.22 15:54:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity [2013.05.22 11:11:10 | 000,000,000 | ---D | C] -- C:\sh4ldr [2013.05.22 11:11:10 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.05.21 15:25:42 | 000,927,776 | ---- | C] (MyHeritage) -- C:\Windows\SysWow64\FTBSaver.scr [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.19 15:03:45 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.19 15:03:45 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.19 14:56:29 | 000,000,440 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2013.06.19 14:56:12 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.19 14:55:42 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat [2013.06.19 14:55:37 | 3094,102,016 | -HS- | M] () -- C:\hiberfil.sys [2013.06.19 14:51:35 | 000,648,201 | ---- | M] () -- C:\Users\WORK\Desktop\adwcleaner.exe [2013.06.19 14:40:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.19 14:38:01 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\WORK\Desktop\JRT.exe [2013.06.19 14:29:39 | 000,001,284 | ---- | M] () -- C:\Users\WORK\Desktop\Spybot - Search & Destroy.lnk [2013.06.19 14:24:47 | 000,054,118 | ---- | M] () -- C:\Users\WORK\Desktop\TDSSKiller.2.8.16.0_19.06.2013_14.14.01_log.zip [2013.06.19 14:09:32 | 000,037,909 | ---- | M] () -- C:\Users\WORK\Desktop\tdsskiller.PNG [2013.06.19 13:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.19 13:37:20 | 000,000,512 | ---- | M] () -- C:\Users\WORK\Desktop\MBR.dat [2013.06.19 12:44:26 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\WORK\Desktop\aswMBR.exe [2013.06.19 11:58:24 | 000,034,708 | ---- | M] () -- C:\Users\WORK\Desktop\SpyHunter4 Log.zip [2013.06.19 11:48:01 | 001,500,034 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.19 11:48:01 | 000,654,792 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.19 11:48:01 | 000,616,634 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.19 11:48:01 | 000,130,374 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.19 11:48:01 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.19 11:18:31 | 000,018,715 | ---- | M] () -- C:\Users\WORK\Desktop\spybot log.zip [2013.06.19 10:32:07 | 000,062,327 | ---- | M] () -- C:\Users\WORK\Desktop\Logfiles.zip [2013.06.19 09:43:05 | 601,075,307 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.06.19 09:27:54 | 000,003,443 | ---- | M] () -- C:\Users\WORK\Desktop\502 BAD GATEWAY.PNG [2013.06.19 08:16:09 | 000,000,000 | ---- | M] () -- C:\Users\WORK\defogger_reenable [2013.06.19 08:14:01 | 000,449,028 | ---- | M] () -- C:\Users\WORK\Desktop\gmer_2.1.19163.exe [2013.06.19 08:12:02 | 000,673,284 | ---- | M] () -- C:\Users\WORK\Desktop\OTL.exe [2013.06.19 08:11:13 | 000,121,649 | ---- | M] () -- C:\Users\WORK\Desktop\Defogger.exe [2013.06.19 00:21:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013.06.18 23:41:09 | 000,231,342 | ---- | M] () -- C:\Users\WORK\Desktop\infections tot.jpg [2013.06.18 20:08:49 | 000,011,145 | ---- | M] () -- C:\Windows\wininit.ini [2013.06.18 10:17:29 | 000,000,999 | ---- | M] () -- C:\Users\WORK\Desktop\TinyPic.lnk [2013.06.18 10:10:15 | 000,002,481 | ---- | M] () -- C:\Users\WORK\Desktop\Microsoft Office Picture Manager.lnk [2013.06.16 19:36:41 | 000,447,825 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.06.16 18:51:47 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.15 14:05:32 | 000,002,465 | ---- | M] () -- C:\Users\WORK\Desktop\Microsoft Word Starter 2010.lnk [2013.06.15 14:05:29 | 000,002,467 | ---- | M] () -- C:\Users\WORK\Desktop\Microsoft Excel Starter 2010.lnk [2013.06.14 09:51:37 | 041,806,107 | ---- | M] () -- C:\Users\WORK\Documents\Anhang zum Wochenbericht 02 -KW 24 -2013.odt [2013.06.12 09:46:22 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.06.12 09:46:22 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.06.10 20:51:12 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.06.08 12:45:52 | 000,278,406 | ---- | M] () -- C:\Users\WORK\Documents\Wochenbericht 01-KW 23-2013.odt [2013.06.08 12:31:21 | 001,109,521 | ---- | M] () -- C:\Users\WORK\Documents\Unterschrift.jpg [2013.06.06 09:03:37 | 000,001,973 | ---- | M] () -- C:\Users\WORK\Desktop\Skype.lnk [2013.05.24 21:36:37 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI [2013.05.24 19:56:05 | 000,281,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.05.24 19:56:05 | 000,281,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.05.24 19:55:10 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.05.22 11:17:42 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2013.05.21 15:25:42 | 000,927,776 | ---- | M] (MyHeritage) -- C:\Windows\SysWow64\FTBSaver.scr [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.19 14:50:36 | 000,648,201 | ---- | C] () -- C:\Users\WORK\Desktop\adwcleaner.exe [2013.06.19 14:29:39 | 000,001,284 | ---- | C] () -- C:\Users\WORK\Desktop\Spybot - Search & Destroy.lnk [2013.06.19 14:24:47 | 000,054,118 | ---- | C] () -- C:\Users\WORK\Desktop\TDSSKiller.2.8.16.0_19.06.2013_14.14.01_log.zip [2013.06.19 14:09:31 | 000,037,909 | ---- | C] () -- C:\Users\WORK\Desktop\tdsskiller.PNG [2013.06.19 13:37:20 | 000,000,512 | ---- | C] () -- C:\Users\WORK\Desktop\MBR.dat [2013.06.19 11:58:24 | 000,034,708 | ---- | C] () -- C:\Users\WORK\Desktop\SpyHunter4 Log.zip [2013.06.19 11:18:31 | 000,018,715 | ---- | C] () -- C:\Users\WORK\Desktop\spybot log.zip [2013.06.19 10:32:07 | 000,062,327 | ---- | C] () -- C:\Users\WORK\Desktop\Logfiles.zip [2013.06.19 09:27:53 | 000,003,443 | ---- | C] () -- C:\Users\WORK\Desktop\502 BAD GATEWAY.PNG [2013.06.19 09:27:04 | 000,231,342 | ---- | C] () -- C:\Users\WORK\Desktop\infections tot.jpg [2013.06.19 08:16:09 | 000,000,000 | ---- | C] () -- C:\Users\WORK\defogger_reenable [2013.06.19 08:13:57 | 000,449,028 | ---- | C] () -- C:\Users\WORK\Desktop\gmer_2.1.19163.exe [2013.06.19 08:11:59 | 000,673,284 | ---- | C] () -- C:\Users\WORK\Desktop\OTL.exe [2013.06.19 08:11:10 | 000,121,649 | ---- | C] () -- C:\Users\WORK\Desktop\Defogger.exe [2013.06.18 10:17:29 | 000,000,999 | ---- | C] () -- C:\Users\WORK\Desktop\TinyPic.lnk [2013.06.18 10:10:15 | 000,002,481 | ---- | C] () -- C:\Users\WORK\Desktop\Microsoft Office Picture Manager.lnk [2013.06.16 20:00:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.06.16 20:00:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.06.16 20:00:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.06.16 20:00:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.06.16 20:00:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.06.16 18:51:47 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.15 14:05:32 | 000,002,465 | ---- | C] () -- C:\Users\WORK\Desktop\Microsoft Word Starter 2010.lnk [2013.06.15 14:05:29 | 000,002,467 | ---- | C] () -- C:\Users\WORK\Desktop\Microsoft Excel Starter 2010.lnk [2013.06.14 09:51:23 | 041,806,107 | ---- | C] () -- C:\Users\WORK\Documents\Anhang zum Wochenbericht 02 -KW 24 -2013.odt [2013.06.08 12:31:20 | 001,109,521 | ---- | C] () -- C:\Users\WORK\Documents\Unterschrift.jpg [2013.06.08 12:02:29 | 000,278,406 | ---- | C] () -- C:\Users\WORK\Documents\Wochenbericht 01-KW 23-2013.odt [2013.06.06 10:48:34 | 000,000,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk [2013.06.06 09:03:37 | 000,001,973 | ---- | C] () -- C:\Users\WORK\Desktop\Skype.lnk [2013.06.05 15:35:56 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.05 15:35:55 | 000,001,102 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.05 15:31:22 | 000,001,413 | ---- | C] () -- C:\Users\WORK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2013.06.05 15:31:17 | 000,001,447 | ---- | C] () -- C:\Users\WORK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.06.01 10:29:09 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll [2013.06.01 09:23:49 | 601,075,307 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.05.24 21:36:37 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2013.05.22 15:54:14 | 000,001,027 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2013.05.22 11:17:42 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2013.03.19 22:30:09 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.02.21 14:26:08 | 000,000,747 | ---- | C] () -- C:\Windows\CAD-Symbols_Technobox.ini [2013.01.31 11:47:11 | 000,721,397 | ---- | C] () -- C:\Windows\unins000.exe [2013.01.31 11:47:11 | 000,069,075 | ---- | C] () -- C:\Windows\unins000.dat [2013.01.04 22:01:39 | 000,778,752 | ---- | C] () -- C:\Windows\SysWow64\RGSS102E.dll [2013.01.04 22:01:39 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\RGSS104J.dll [2013.01.04 22:01:39 | 000,758,272 | ---- | C] () -- C:\Windows\SysWow64\RGSS104E.dll [2013.01.04 22:01:38 | 000,781,312 | ---- | C] () -- C:\Windows\SysWow64\RGSS102J.dll [2013.01.04 22:01:38 | 000,685,056 | ---- | C] () -- C:\Windows\SysWow64\RGSS103J.dll [2013.01.04 22:01:37 | 000,771,584 | ---- | C] () -- C:\Windows\SysWow64\RGSS100J.dll [2013.01.04 20:04:37 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\GkSui18.EXE [2012.11.25 13:18:39 | 000,011,145 | ---- | C] () -- C:\Windows\wininit.ini [2012.11.09 19:09:43 | 000,281,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.11.09 19:09:34 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.11.09 19:09:29 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2012.10.05 21:18:02 | 000,000,040 | ---- | C] () -- C:\Windows\SIERRA.INI [2012.04.20 12:40:15 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.04.20 12:40:03 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.04.20 12:40:01 | 013,020,160 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll [2012.04.20 12:40:01 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.12.08 16:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
|
| Themen zu Diverse Maleware, ngnix Probleme, viele Prozesse |
| archive, bild, diverse, einfach, einträge, fehlermeldung, hilfe!, maleware, namen, neu, nichts, probleme, programme, prozess, prozesse, recovery, recovery cd, scan, seite, seiten, spybot, system, system neu, taskmanager, viele prozesse |
Linear-Darstellung
