| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan-Downloader.Win32MultiDL.c lässt sich nicht entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.07.2013, 05:47
| #1 |
 |  Trojan-Downloader.Win32MultiDL.c lässt sich nicht entfernen Hallo zusammen, ich hoffe ich finde hier Hilfe. Mein Sohn hat auf unserem Computer irgendwie diesen Trojaner Downloader heruntergeladen. Wir haben Kaspersy Pure auf dem Rechner und der schlägt jetzt immer an. Auch das Löschen über Pure funktioniert nicht, bei jedem Neustart wird er mir jetzt wieder angezeigt. Kaspersky sagt mir er ist in: C:/Windows/syswow64/macromed/flash/flashplayerupdateservice.exe Ich habe auch schon versucht die Datei manuell zu löschen, aber da bekomme ich nur die Meldung das ich keine Berechtigung dazu habe. Bei Google habe ich mir dann die Anleitung geholt um mir die Berechtigung zu geben, aber auch das lässt die Datei nicht zu. Ich habe ausserdem versucht sie über einen Trojan Remover zu löschen, aber der findet sie gar nicht  Jetzt bin ich auf dieses Forum gestossen und hoffe hier kann mir jemand helfen. Die erforderlichen Programme habe ich heruntergeladen und stelle sie hier mit ein. defogger: defogger_disable by jpshortstuff (23.02.10.1) Log created at 20:49 on 11/07/2013 (Elke) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.07.2013 20:50:09 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Elke\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 46,64% Memory free 8,17 Gb Paging File | 5,86 Gb Available in Paging File | 71,78% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 244,14 Gb Total Space | 6,21 Gb Free Space | 2,54% Space Free | Partition Type: NTFS Drive D: | 454,49 Gb Total Space | 347,40 Gb Free Space | 76,44% Space Free | Partition Type: NTFS Drive K: | 3,71 Gb Total Space | 3,52 Gb Free Space | 94,92% Space Free | Partition Type: FAT32 Computer Name: AFFENKISTE | User Name: Elke | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.11 20:44:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Elke\Desktop\OTL.exe PRC - [2013.06.28 14:02:06 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2013.05.28 15:05:16 | 000,163,328 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.01.16 16:49:44 | 000,322,032 | ---- | M] (AVM Berlin) -- C:\Users\Elke\AppData\Local\Apps\2.0\BZAJMQRM.4KO\5HK34L7E.4NE\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe PRC - [2013.01.11 19:10:36 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2010.10.01 22:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe PRC - [2010.09.13 15:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe PRC - [2010.08.03 09:43:02 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe PRC - [2010.07.08 11:23:12 | 001,638,400 | ---- | M] (TP-LINK TECHNOLOGIES CO., LTD. ) -- C:\Program Files (x86)\TP-LINK\COMMON\TWCU.exe PRC - [2010.07.07 11:50:52 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry.exe PRC - [2010.06.28 09:20:30 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2009.12.21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe PRC - [2009.06.25 09:22:22 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe PRC - [2008.12.03 15:51:30 | 002,181,672 | ---- | M] (Gainward Co.) -- C:\Program Files (x86)\EXPERTool\TBPANEL.exe PRC - [2008.05.02 05:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ========== Modules (No Company Name) ========== MOD - [2013.05.20 22:35:15 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll MOD - [2013.05.20 22:33:06 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll MOD - [2013.05.20 22:31:09 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll MOD - [2013.05.20 22:30:29 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll MOD - [2013.05.20 22:29:11 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll MOD - [2013.04.02 18:42:56 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll MOD - [2013.04.02 13:35:17 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll MOD - [2013.04.02 13:35:16 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll MOD - [2013.04.02 13:27:12 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll MOD - [2013.04.02 13:26:20 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll MOD - [2013.04.02 13:26:00 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.10.01 22:05:46 | 008,972,888 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\QtGui4.dll MOD - [2010.10.01 22:05:42 | 002,456,152 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\QtCore4.dll MOD - [2010.10.01 21:07:46 | 000,733,184 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\localization_manager.dll MOD - [2010.07.07 11:50:44 | 000,909,312 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\COMMON\RaWLAPI.dll MOD - [2009.10.30 20:32:30 | 000,410,496 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\dblite.dll MOD - [2008.05.02 05:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe MOD - [2006.12.10 21:51:08 | 000,077,824 | R--- | M] () -- C:\Program Files (x86)\HP\Digital Imaging\bin\crm\xmltok.dll MOD - [2006.12.10 21:51:08 | 000,065,536 | R--- | M] () -- C:\Program Files (x86)\HP\Digital Imaging\bin\crm\xmlparse.dll MOD - [1998.10.31 11:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\EXPERTool\TBManage.dll ========== Services (SafeList) ========== SRV - [2013.06.28 14:02:04 | 002,470,736 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.06.03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.05.28 15:05:16 | 000,163,328 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.01.11 19:10:36 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.09.18 17:22:54 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2010.10.01 22:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe -- (AVP) SRV - [2010.07.07 11:50:52 | 000,212,256 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry64.exe -- (RalinkRegistryWriter64) SRV - [2010.07.07 11:50:52 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry.exe -- (RalinkRegistryWriter) SRV - [2010.06.28 09:20:30 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv) SRV - [2009.06.25 09:22:22 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4) SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.05.02 03:49:54 | 000,160,272 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.19 07:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.09.15 15:53:11 | 000,353,296 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\klif.sys -- (KLIF) DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.03.05 19:32:26 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avmaudio.sys -- (avmaudio) DRV:64bit: - [2010.07.07 11:50:42 | 001,034,080 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netr28ux.sys -- (netr28ux) DRV:64bit: - [2009.12.14 12:44:24 | 000,085,048 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\CSCrySec.sys -- (CSCrySec) DRV:64bit: - [2009.12.14 12:44:24 | 000,066,104 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv) DRV:64bit: - [2009.11.23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.10.14 21:18:38 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\klbg.sys -- (KLBG) DRV:64bit: - [2009.10.02 19:39:32 | 000,021,008 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.09.14 14:46:42 | 000,027,152 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\klim6.sys -- (KLIM6) DRV:64bit: - [2009.09.01 15:29:56 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\kl1.sys -- (kl1) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi) DRV:64bit: - [2008.02.29 04:17:00 | 000,112,144 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LMouKE.Sys -- (LMouKE) DRV:64bit: - [2008.02.29 04:16:52 | 000,057,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2008.02.29 04:16:44 | 000,054,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2008.02.29 04:16:28 | 000,113,680 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\L8042mou.Sys -- (L8042mou) DRV:64bit: - [2008.02.29 04:16:20 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys -- (L8042Kbd) DRV:64bit: - [2008.02.14 08:56:14 | 000,160,768 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV - [2009.07.16 16:24:13 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\CdaC15BA.SYS -- (CdaC15BA) DRV - [2008.12.14 12:05:22 | 000,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2007.03.16 11:11:20 | 000,015,648 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\TBPanelx64.sys -- (Cardex) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=Somoto&dpid=Somoto&co=DE&userid=7053c437-386c-452e-a7fa-96b3557eaed3&searchtype=ds&q={searchTerms}&installDate=09/06/2013 IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=7053c437-386c-452e-a7fa-96b3557eaed3&searchtype=ds&q={searchTerms}&installDate=09/06/2013 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=7053c437-386c-452e-a7fa-96b3557eaed3&searchtype=ds&q={searchTerms}&installDate=09/06/2013 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=7053c437-386c-452e-a7fa-96b3557eaed3&searchtype=hp&installDate=09/06/2013 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=7053c437-386c-452e-a7fa-96b3557eaed3&searchtype=ds&q={searchTerms}&installDate=09/06/2013 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=7053c437-386c-452e-a7fa-96b3557eaed3&searchtype=ds&q={searchTerms}&installDate=09/06/2013 IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=7053c437-386c-452e-a7fa-96b3557eaed3&searchtype=ds&q={searchTerms}&installDate=09/06/2013 IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www2.delta-search.com/?q={searchTerms}&affID=121631&tt=gc_&babsrc=SP_ss&mntrId=968D001FD08D15BF IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost; 127.0.0.1; <local> ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0 FF - prefs.js..extensions.enabledAddons: ffxtlbr@delta.com:1.5.0 FF - prefs.js..extensions.enabledAddons: {7053c437-386c-452e-a7fa-96b3557eaed3}:1.1 FF - prefs.js..browser.startup.homepage: FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre1.6.0_13\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Elke\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Elke\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Elke\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Elke\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Elke\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.18 17:22:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\THBExt [2011.09.15 15:54:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.18 17:22:57 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.26 11:54:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elke\AppData\Roaming\mozilla\Extensions [2013.07.11 18:51:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elke\AppData\Roaming\mozilla\Firefox\Profiles\w3ni35zv.default\extensions [2013.04.23 19:39:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Elke\AppData\Roaming\mozilla\Firefox\Profiles\w3ni35zv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.04.23 19:39:09 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\Elke\AppData\Roaming\mozilla\firefox\profiles\w3ni35zv.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2013.05.04 00:30:02 | 000,006,506 | ---- | M] () -- C:\Users\Elke\AppData\Roaming\mozilla\firefox\profiles\w3ni35zv.default\searchplugins\babylon.xml [2013.07.08 17:39:40 | 000,002,424 | ---- | M] () -- C:\Users\Elke\AppData\Roaming\mozilla\firefox\profiles\w3ni35zv.default\searchplugins\Web Search.xml [2012.08.05 20:27:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.11.03 01:02:27 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.09.15 15:57:34 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru File not found (No name found) -- C:\USERS\ELKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3NI35ZV.DEFAULT\EXTENSIONS\{7053C437-386C-452E-A7FA-96B3557EAED3} File not found (No name found) -- C:\USERS\ELKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3NI35ZV.DEFAULT\EXTENSIONS\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} File not found (No name found) -- C:\USERS\ELKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3NI35ZV.DEFAULT\EXTENSIONS\FFXTLBR@DELTA.COM [2012.09.18 17:22:56 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.05.04 00:28:26 | 000,006,503 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.09.18 17:22:44 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml ========== Chrome ========== CHR - default_search_provider: Web (Enabled) CHR - default_search_provider: search_url = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=7053c437-386c-452e-a7fa-96b3557eaed3&searchtype=ds&q={searchTerms}&installDate=09/06/2013 CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=7053c437-386c-452e-a7fa-96b3557eaed3&searchtype=hp&installDate=09/06/2013 CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Elke\AppData\Local\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Elke\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Elke\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files (x86)\Java\jre1.6.0_13\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Elke\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Elke\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Elke\AppData\Roaming\Mozilla\plugins\npo1d.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Zylom Plugin (Enabled) = C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll CHR - plugin: Google Update (Enabled) = C:\Users\Elke\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll CHR - Extension: DealPly = C:\Users\Elke\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\ CHR - Extension: Skype Click to Call = C:\Users\Elke\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\ O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,736 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: ::1 localhost O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\ievkbd.dll (Kaspersky Lab) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll (Kaspersky Lab) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_13\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_13\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\Elke\AppData\Local\Apps\2.0\BZAJMQRM.4KO\5HK34L7E.4NE\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe (AVM Berlin) O4 - HKCU..\Run: [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co.) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll (Kaspersky Lab) O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game02.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9693A45B-1965-4F76-B0F6-E961D0CEBCBF}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll (Kaspersky Lab) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll (Kaspersky Lab) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab) O24 - Desktop WallPaper: C:\Users\Elke\Pictures\desktop\P1240354.JPG O24 - Desktop BackupWallPaper: C:\Users\Elke\Pictures\desktop\P1240354.JPG O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.07.11 20:44:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Elke\Desktop\OTL.exe [2013.07.11 20:27:54 | 000,000,000 | ---D | C] -- C:\Users\Elke\Documents\Simply Super Software [2013.07.11 20:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2013.07.11 20:27:19 | 000,605,968 | ---- | C] (Igor Pavlov) -- C:\Windows\SysWow64\ztv7z.dll [2013.07.11 20:27:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover [2013.07.11 20:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2013.07.09 20:57:43 | 000,000,000 | ---D | C] -- C:\Users\Elke\AppData\Roaming\Minecraft Version Changer [2013.07.09 20:57:39 | 000,000,000 | ---D | C] -- C:\Users\Elke\AppData\Local\Craften_Dev_Team [2013.07.09 20:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Craften Terminal [2013.07.09 20:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Craften Terminal [2013.07.05 17:34:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2013.07.05 17:34:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2013.06.17 20:13:25 | 000,000,000 | ---D | C] -- C:\Users\Elke\AppData\Roaming\File Scout [2013.06.16 16:42:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2013.06.14 18:37:04 | 000,000,000 | ---D | C] -- C:\Users\Elke\Documents\Aktivierung [5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Users\Elke\*.tmp files -> C:\Users\Elke\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.11 20:53:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1203581777-2479668924-669779983-1000UA.job [2013.07.11 20:53:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1203581777-2479668924-669779983-1000Core.job [2013.07.11 20:48:55 | 001,589,024 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.11 20:48:55 | 000,681,908 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.11 20:48:55 | 000,640,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.11 20:48:55 | 000,149,372 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.11 20:48:55 | 000,122,822 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.11 20:47:17 | 000,000,000 | ---- | M] () -- C:\Users\Elke\defogger_reenable [2013.07.11 20:45:14 | 000,377,856 | ---- | M] () -- C:\Users\Elke\Desktop\gmer_2.1.19163.exe [2013.07.11 20:44:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Elke\Desktop\OTL.exe [2013.07.11 20:44:18 | 000,050,477 | ---- | M] () -- C:\Users\Elke\Desktop\Defogger.exe [2013.07.11 20:39:25 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.11 20:39:25 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.11 20:39:23 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.11 20:39:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.11 20:27:22 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2013.07.11 17:34:46 | 000,002,655 | ---- | M] () -- C:\Users\Elke\Desktop\Microsoft Office Word 2007.lnk [2013.07.09 11:52:21 | 000,002,032 | ---- | M] () -- C:\Users\Elke\AppData\Local\d3d9caps.dat [2013.07.06 22:03:47 | 000,228,352 | ---- | M] () -- C:\Users\Elke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.07.06 11:50:41 | 000,291,342 | ---- | M] () -- C:\Users\Elke\Desktop\MagicLauncher_1.0.0.zip [2013.07.05 17:43:20 | 000,000,931 | ---- | M] () -- C:\Users\Elke\Desktop\Minecraft.exe.lnk [2013.06.21 14:41:07 | 000,002,049 | ---- | M] () -- C:\Users\Elke\Desktop\Google Chrome.lnk [2013.06.16 19:37:04 | 001,568,094 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.06.15 20:10:13 | 000,001,100 | ---- | M] () -- C:\Users\Elke\AppData\Local\d3d8caps.dat [5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Users\Elke\*.tmp files -> C:\Users\Elke\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.11 20:47:17 | 000,000,000 | ---- | C] () -- C:\Users\Elke\defogger_reenable [2013.07.11 20:45:12 | 000,377,856 | ---- | C] () -- C:\Users\Elke\Desktop\gmer_2.1.19163.exe [2013.07.11 20:44:16 | 000,050,477 | ---- | C] () -- C:\Users\Elke\Desktop\Defogger.exe [2013.07.11 20:27:22 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2013.07.11 20:27:19 | 000,185,616 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar39.dll [2013.07.11 20:27:19 | 000,169,744 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll [2013.07.11 20:27:19 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll [2013.07.11 20:27:19 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll [2013.07.11 20:27:19 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll [2013.07.06 11:50:40 | 000,291,342 | ---- | C] () -- C:\Users\Elke\Desktop\MagicLauncher_1.0.0.zip [2013.07.05 17:43:20 | 000,000,931 | ---- | C] () -- C:\Users\Elke\Desktop\Minecraft.exe.lnk [2013.05.05 11:06:38 | 000,792,192 | ---- | C] () -- C:\Users\Elke\OperaSicherung.adr [2013.04.30 14:25:54 | 000,001,100 | ---- | C] () -- C:\Users\Elke\AppData\Local\d3d8caps.dat [2013.01.25 16:20:29 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2013.01.11 19:10:44 | 000,282,512 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.01.11 19:10:36 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.02.04 10:39:35 | 000,002,032 | ---- | C] () -- C:\Users\Elke\AppData\Local\d3d9caps.dat [2010.09.27 07:49:42 | 000,000,092 | ---- | C] () -- C:\Users\Elke\AppData\Local\fusioncache.dat [2009.10.21 09:15:42 | 002,588,480 | ---- | C] () -- C:\Users\Elke\historischeDarstellung.pdf [2009.01.12 20:27:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.12.21 22:24:41 | 000,228,352 | ---- | C] () -- C:\Users\Elke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.13 17:09:47 | 000,607,164 | ---- | C] () -- C:\Program Files (x86)\cpuz_149.zip [2008.12.13 14:59:21 | 000,001,460 | ---- | C] () -- C:\Users\Elke\AppData\Local\d3d9caps64.dat ========== ZeroAccess Check ========== [2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.07.10 16:28:33 | 000,000,000 | ---D | M] -- C:\Users\Elke\AppData\Roaming\.minecraft [2011.04.29 08:02:33 | 000,000,000 | ---D | M] -- C:\Users\Elke\AppData\Roaming\Acreon [2009.06.12 12:41:26 | 000,000,000 | ---D | M] -- C:\Users\Elke\AppData\Roaming\Anabel [2013.05.04 00:27:42 | 000,000,000 | ---D | M] -- C:\Users\Elke\AppData\Roaming\Babylon [2009.11.05 11:21:36 | 000,000,000 | ---D | M] -- C:\Users\Elke\AppData\Roaming\BloodTies [2013.01.05 19:17:13 | 000,000,000 | ---D | M] -- C:\Users\Elke\AppData\Roaming\Carbon [2013.02.10 17:37:25 | 000,000,000 | ---D | M] -- C:\Users\Elke\AppData\Roaming\DealPly [2009.11.05 16:52:07 | 000,000,000 | ---D | M] -- C:\Users\Elke\AppData\Roaming\everlight [2013.06.17 20:13:28 | 000,000,000 | ---D | M] -- C:\Users\Elke\AppData\Roaming\File Scout [2012.05.13 14:27:16 | 000,000,000 | ---D | M] -- C:\Users\Elke\AppData\Roaming\FileZilla [2009.10.14 16:59:25 | 000,000,000 | ---D | M] -- C:\Users\Elke\AppData\Roaming\Friday's games [2010.05.12 16:14:10 | 000,000,000 | ---D | M] -- C:\Users\Elke\AppData\Roaming\Gogii Games [2012.12.11 07:40:33 | 000,000,000 | ---D | M] -- C:\Users\Elke\AppData\Roaming\Image Zone Express [2009.03.09 20:52:16 | 000,000,000 | ---D | M] -- C:\Users\Elke\AppData\Roaming\Intenium [2011.05.25 15:35:35 | 000,000,000 | ---D | M] -- C:\Users\Elke\AppData\Roaming\LolClient [2011.02.16 17:44:54 | 000,000,000 | ---D | M] -- C:\Users\Elke\AppData\Roaming\MastersOfMystery2 [2009.07.16 15:42:21 | 000,000,000 | ---D | M] -- C:\Users\Elke\AppData\Roaming\Merscom [2013.07.09 21:05:43 | 000,000,000 | ---D | M] -- C:\Users\Elke\AppData\Roaming\Minecraft Version Changer [2009.04.08 14:14:22 | 000,000,000 | ---D | M] -- C:\Users\Elke\AppData\Roaming\MobMapUpdater [2009.07.18 19:55:31 | 000,000,000 | ---D | M] -- C:\Users\Elke\AppData\Roaming\OpenOffice.org [2011.09.13 17:30:39 | 000,000,000 | ---D | M] -- C:\Users\Elke\AppData\Roaming\Opera [2009.12.09 12:10:14 | 000,000,000 | ---D | M] -- C:\Users\Elke\AppData\Roaming\Peace Craft [2010.12.26 22:03:13 | 000,000,000 | ---D | M] -- C:\Users\Elke\AppData\Roaming\PlayFirst [2009.09.09 10:58:25 | 000,000,000 | ---D | M] -- C:\Users\Elke\AppData\Roaming\Playrix Entertainment [2009.04.27 11:14:56 | 000,000,000 | ---D | M] -- C:\Users\Elke\AppData\Roaming\PoBros [2009.08.22 14:51:01 | 000,000,000 | ---D | M] -- C:\Users\Elke\AppData\Roaming\Printer Info Cache [2012.02.29 22:23:49 | 000,000,000 | ---D | M] -- C:\Users\Elke\AppData\Roaming\redsn0w [2012.10.21 18:18:31 | 000,000,000 | ---D | M] -- C:\Users\Elke\AppData\Roaming\RotMG.Production [2009.06.15 12:57:53 | 000,000,000 | ---D | M] -- C:\Users\Elke\AppData\Roaming\ScreenSeven [2010.12.26 23:19:03 | 000,000,000 | ---D | M] -- C:\Users\Elke\AppData\Roaming\SpinTop Games [2009.07.13 21:15:45 | 000,000,000 | ---D | M] -- C:\Users\Elke\AppData\Roaming\TeamViewer [2009.01.01 15:43:03 | 000,000,000 | ---D | M] -- C:\Users\Elke\AppData\Roaming\TheScruffs [2009.05.11 10:16:12 | 000,000,000 | ---D | M] -- C:\Users\Elke\AppData\Roaming\Total Eclipse [2013.07.10 21:08:49 | 000,000,000 | ---D | M] -- C:\Users\Elke\AppData\Roaming\TS3Client [2010.09.27 07:52:53 | 000,000,000 | ---D | M] -- C:\Users\Elke\AppData\Roaming\Turbine [2011.02.16 17:42:06 | 000,000,000 | ---D | M] -- C:\Users\Elke\AppData\Roaming\Zylom [2009.09.23 13:53:29 | 000,000,000 | ---D | M] -- C:\Users\Elke\AppData\Roaming\Zylom 3 Days Zoo Mystery ========== Purity Check ========== ========== Files - Unicode (All) ========== [2013.07.11 17:05:50 | 000,000,000 | ---D | M](C:\ProgramData\?E?E3-40C5-AD09-953C574F14BCÄE?E) -- C:\ProgramData\䖸Ė䉘Ė3-40C5-AD09-953C574F14BCÄĖ㭸Ė [2013.07.11 17:05:50 | 000,000,000 | ---D | M](C:\ProgramData\?E?E3-40C5-AD09-953C574F14BCÄE?E) -- C:\ProgramData\䖸Ė䉘Ė3-40C5-AD09-953C574F14BCÄĖ㭸Ė [2013.07.11 17:05:50 | 000,000,000 | ---D | C](C:\ProgramData\?E?E3-40C5-AD09-953C574F14BCÄE?E) -- C:\ProgramData\䖸Ė䉘Ė3-40C5-AD09-953C574F14BCÄĖ㭸Ė [2013.07.11 16:53:50 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\䖸˧䉘˧3-40C5-AD09-953C574F14BCÄ˧㭸˧ [2013.07.11 16:53:50 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\䖸˧䉘˧3-40C5-AD09-953C574F14BCÄ˧㭸˧ [2013.07.11 16:53:50 | 000,000,000 | ---D | C](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\䖸˧䉘˧3-40C5-AD09-953C574F14BCÄ˧㭸˧ [2013.07.11 16:44:40 | 000,000,000 | ---D | M](C:\ProgramData\?2?23-40C5-AD09-953C574F14BCÄ2?2) -- C:\ProgramData\䖸2䉘23-40C5-AD09-953C574F14BCÄ2㭸2 [2013.07.11 16:44:40 | 000,000,000 | ---D | M](C:\ProgramData\?2?23-40C5-AD09-953C574F14BCÄ2?2) -- C:\ProgramData\䖸2䉘23-40C5-AD09-953C574F14BCÄ2㭸2 [2013.07.11 16:44:40 | 000,000,000 | ---D | C](C:\ProgramData\?2?23-40C5-AD09-953C574F14BCÄ2?2) -- C:\ProgramData\䖸2䉘23-40C5-AD09-953C574F14BCÄ2㭸2 [2013.07.10 15:26:35 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\䖸ɿ䉘ɿ3-40C5-AD09-953C574F14BCÄɿ㭸ɿ [2013.07.10 15:26:35 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\䖸ɿ䉘ɿ3-40C5-AD09-953C574F14BCÄɿ㭸ɿ [2013.07.10 15:26:35 | 000,000,000 | ---D | C](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\䖸ɿ䉘ɿ3-40C5-AD09-953C574F14BCÄɿ㭸ɿ [2013.07.09 11:50:51 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\䖸ʰ䉘ʰ3-40C5-AD09-953C574F14BCÄʰ㭸ʰ [2013.07.09 11:50:51 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\䖸ʰ䉘ʰ3-40C5-AD09-953C574F14BCÄʰ㭸ʰ [2013.07.09 11:50:51 | 000,000,000 | ---D | C](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\䖸ʰ䉘ʰ3-40C5-AD09-953C574F14BCÄʰ㭸ʰ [2013.07.08 16:58:31 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\䖸ʔ䉘ʔ3-40C5-AD09-953C574F14BCÄʔ㭸ʔ [2013.07.08 16:58:31 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\䖸ʔ䉘ʔ3-40C5-AD09-953C574F14BCÄʔ㭸ʔ [2013.07.08 16:58:31 | 000,000,000 | ---D | C](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\䖸ʔ䉘ʔ3-40C5-AD09-953C574F14BCÄʔ㭸ʔ [2013.07.07 18:34:07 | 000,000,000 | ---D | M](C:\ProgramData\?ê?ê3-40C5-AD09-953C574F14BCÄê?ê) -- C:\ProgramData\䖸ê䉘ê3-40C5-AD09-953C574F14BCÄê㭸ê [2013.07.07 18:34:07 | 000,000,000 | ---D | M](C:\ProgramData\?ê?ê3-40C5-AD09-953C574F14BCÄê?ê) -- C:\ProgramData\䖸ê䉘ê3-40C5-AD09-953C574F14BCÄê㭸ê [2013.07.07 18:34:07 | 000,000,000 | ---D | C](C:\ProgramData\?ê?ê3-40C5-AD09-953C574F14BCÄê?ê) -- C:\ProgramData\䖸ê䉘ê3-40C5-AD09-953C574F14BCÄê㭸ê [2013.07.07 17:27:08 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\䖸ɝ䉘ɝ3-40C5-AD09-953C574F14BCÄɝ㭸ɝ [2013.07.07 17:27:08 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\䖸ɝ䉘ɝ3-40C5-AD09-953C574F14BCÄɝ㭸ɝ [2013.07.07 17:27:08 | 000,000,000 | ---D | C](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\䖸ɝ䉘ɝ3-40C5-AD09-953C574F14BCÄɝ㭸ɝ [2013.07.05 17:36:47 | 000,000,000 | ---D | M](C:\ProgramData\?ˆ?ˆ3-40C5-AD09-953C574F14BCĈ?ˆ) -- C:\ProgramData\䖸ˆ䉘ˆ3-40C5-AD09-953C574F14BCĈ㭸ˆ [2013.07.05 17:36:47 | 000,000,000 | ---D | M](C:\ProgramData\?ˆ?ˆ3-40C5-AD09-953C574F14BCĈ?ˆ) -- C:\ProgramData\䖸ˆ䉘ˆ3-40C5-AD09-953C574F14BCĈ㭸ˆ [2013.07.05 17:36:47 | 000,000,000 | ---D | C](C:\ProgramData\?ˆ?ˆ3-40C5-AD09-953C574F14BCĈ?ˆ) -- C:\ProgramData\䖸ˆ䉘ˆ3-40C5-AD09-953C574F14BCĈ㭸ˆ [2013.06.29 21:06:19 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\䖸ʅ䉘ʅ3-40C5-AD09-953C574F14BCÄʅ㭸ʅ [2013.06.29 21:06:19 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\䖸ʅ䉘ʅ3-40C5-AD09-953C574F14BCÄʅ㭸ʅ [2013.06.29 21:06:19 | 000,000,000 | ---D | C](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\䖸ʅ䉘ʅ3-40C5-AD09-953C574F14BCÄʅ㭸ʅ [2013.06.28 13:35:24 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\䖸ʙ䉘ʙ3-40C5-AD09-953C574F14BCÄʙ㭸ʙ [2013.06.28 13:35:24 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\䖸ʙ䉘ʙ3-40C5-AD09-953C574F14BCÄʙ㭸ʙ [2013.06.28 13:35:24 | 000,000,000 | ---D | C](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\䖸ʙ䉘ʙ3-40C5-AD09-953C574F14BCÄʙ㭸ʙ [2013.06.26 19:14:07 | 000,000,000 | ---D | M](C:\ProgramData\?B?B3-40C5-AD09-953C574F14BCÄB?B) -- C:\ProgramData\䖸B䉘B3-40C5-AD09-953C574F14BCÄB㭸B [2013.06.26 19:14:07 | 000,000,000 | ---D | M](C:\ProgramData\?B?B3-40C5-AD09-953C574F14BCÄB?B) -- C:\ProgramData\䖸B䉘B3-40C5-AD09-953C574F14BCÄB㭸B [2013.06.26 19:14:07 | 000,000,000 | ---D | C](C:\ProgramData\?B?B3-40C5-AD09-953C574F14BCÄB?B) -- C:\ProgramData\䖸B䉘B3-40C5-AD09-953C574F14BCÄB㭸B [2013.06.24 20:06:39 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\䖸ʪ䉘ʪ3-40C5-AD09-953C574F14BCÄʪ㭸ʪ [2013.06.24 20:06:39 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\䖸ʪ䉘ʪ3-40C5-AD09-953C574F14BCÄʪ㭸ʪ [2013.06.24 20:06:39 | 000,000,000 | ---D | C](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\䖸ʪ䉘ʪ3-40C5-AD09-953C574F14BCÄʪ㭸ʪ [2013.06.23 14:10:04 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\䖸˗䉘˗3-40C5-AD09-953C574F14BCÄ˗㭸˗ [2013.06.23 14:10:04 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\䖸˗䉘˗3-40C5-AD09-953C574F14BCÄ˗㭸˗ [2013.06.23 14:10:04 | 000,000,000 | ---D | C](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\䖸˗䉘˗3-40C5-AD09-953C574F14BCÄ˗㭸˗ [2013.06.22 12:01:11 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\䖸ʩ䉘ʩ3-40C5-AD09-953C574F14BCÄʩ㭸ʩ [2013.06.22 12:01:11 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\䖸ʩ䉘ʩ3-40C5-AD09-953C574F14BCÄʩ㭸ʩ [2013.06.22 12:01:11 | 000,000,000 | ---D | C](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\䖸ʩ䉘ʩ3-40C5-AD09-953C574F14BCÄʩ㭸ʩ [2013.06.16 10:31:30 | 000,000,000 | ---D | M](C:\ProgramData\?_?_3-40C5-AD09-953C574F14BCÄ_?_) -- C:\ProgramData\䖸ˍ䉘ˍ3-40C5-AD09-953C574F14BCÄˍ㭸ˍ [2013.06.16 10:31:30 | 000,000,000 | ---D | M](C:\ProgramData\?_?_3-40C5-AD09-953C574F14BCÄ_?_) -- C:\ProgramData\䖸ˍ䉘ˍ3-40C5-AD09-953C574F14BCÄˍ㭸ˍ [2013.06.16 10:31:30 | 000,000,000 | ---D | C](C:\ProgramData\?_?_3-40C5-AD09-953C574F14BCÄ_?_) -- C:\ProgramData\䖸ˍ䉘ˍ3-40C5-AD09-953C574F14BCÄˍ㭸ˍ [2013.06.14 18:00:21 | 000,000,000 | ---D | M](C:\ProgramData\?!?!3-40C5-AD09-953C574F14BCÄ!?!) -- C:\ProgramData\䖸!䉘!3-40C5-AD09-953C574F14BCÄ!㭸! [2013.06.14 18:00:21 | 000,000,000 | ---D | M](C:\ProgramData\?!?!3-40C5-AD09-953C574F14BCÄ!?!) -- C:\ProgramData\䖸!䉘!3-40C5-AD09-953C574F14BCÄ!㭸! [2013.06.14 18:00:21 | 000,000,000 | ---D | C](C:\ProgramData\?!?!3-40C5-AD09-953C574F14BCÄ!?!) -- C:\ProgramData\䖸!䉘!3-40C5-AD09-953C574F14BCÄ!㭸! [2013.06.11 16:41:39 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\䖸ʾ䉘ʾ3-40C5-AD09-953C574F14BCÄʾ㭸ʾ [2013.06.11 16:41:39 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\䖸ʾ䉘ʾ3-40C5-AD09-953C574F14BCÄʾ㭸ʾ [2013.06.11 15:07:49 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\䖸ɾ䉘ɾ3-40C5-AD09-953C574F14BCÄɾ㭸ɾ [2013.06.11 15:07:49 | 000,000,000 | ---D | M](C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\䖸ɾ䉘ɾ3-40C5-AD09-953C574F14BCÄɾ㭸ɾ [2013.06.07 15:26:11 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʇ䇠ʇcurity Scan [2013.06.07 15:26:11 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʇ䇠ʇcurity Scan [2013.06.06 14:38:54 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʿ䇠ʿcurity Scan [2013.06.06 14:38:54 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʿ䇠ʿcurity Scan [2013.06.05 21:33:35 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʵ䇠ʵcurity Scan [2013.06.05 21:33:35 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʵ䇠ʵcurity Scan [2013.06.05 19:23:25 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʌ䇠ʌcurity Scan [2013.06.05 19:23:25 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʌ䇠ʌcurity Scan [2013.06.05 08:11:21 | 000,000,000 | ---D | M](C:\ProgramData\?9?9curity Scan) -- C:\ProgramData\㩠9䇠9curity Scan [2013.06.05 08:11:21 | 000,000,000 | ---D | M](C:\ProgramData\?9?9curity Scan) -- C:\ProgramData\㩠9䇠9curity Scan [2013.06.02 18:48:12 | 000,000,000 | ---D | M](C:\ProgramData\?I?Icurity Scan) -- C:\ProgramData\㩠I䇠Icurity Scan [2013.06.02 18:48:12 | 000,000,000 | ---D | M](C:\ProgramData\?I?Icurity Scan) -- C:\ProgramData\㩠I䇠Icurity Scan [2013.06.02 15:41:08 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠˓䇠˓curity Scan [2013.06.02 15:41:08 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠˓䇠˓curity Scan [2013.05.30 21:06:00 | 000,000,000 | ---D | M](C:\ProgramData\?^?^curity Scan) -- C:\ProgramData\㩠˄䇠˄curity Scan [2013.05.30 21:06:00 | 000,000,000 | ---D | M](C:\ProgramData\?^?^curity Scan) -- C:\ProgramData\㩠˄䇠˄curity Scan [2013.05.29 17:19:14 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʾ䇠ʾcurity Scan [2013.05.29 17:19:14 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʾ䇠ʾcurity Scan [2013.05.27 16:17:25 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʳ䇠ʳcurity Scan [2013.05.27 16:17:25 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʳ䇠ʳcurity Scan [2013.05.26 16:35:15 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʉ䇠ʉcurity Scan [2013.05.26 16:35:15 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʉ䇠ʉcurity Scan [2013.05.25 19:09:31 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʫ䇠ʫcurity Scan [2013.05.25 19:09:31 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʫ䇠ʫcurity Scan [2013.05.21 12:09:20 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʭ䇠ʭcurity Scan [2013.05.21 12:09:20 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʭ䇠ʭcurity Scan [2013.05.18 13:49:55 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠˟䇠˟curity Scan [2013.05.18 13:49:55 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠˟䇠˟curity Scan [2013.05.17 19:05:42 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠˅䇠˅curity Scan [2013.05.17 19:05:42 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠˅䇠˅curity Scan [2013.05.16 20:06:10 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠˃䇠˃curity Scan [2013.05.16 20:06:10 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠˃䇠˃curity Scan [2013.05.15 19:32:35 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʸ䇠ʸcurity Scan [2013.05.15 19:32:35 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʸ䇠ʸcurity Scan [2013.05.13 08:13:56 | 000,000,000 | ---D | M](C:\ProgramData\? ? curity Scan) -- C:\ProgramData\㩠 䇠 curity Scan [2013.05.13 08:13:56 | 000,000,000 | ---D | M](C:\ProgramData\? ? curity Scan) -- C:\ProgramData\㩠 䇠 curity Scan [2013.05.12 08:06:48 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʏ䇠ʏcurity Scan [2013.05.12 08:06:48 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʏ䇠ʏcurity Scan [2013.05.11 20:08:58 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ˀ䇠ˀcurity Scan [2013.05.11 20:08:58 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ˀ䇠ˀcurity Scan [2013.05.10 17:21:15 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʱ䇠ʱcurity Scan [2013.05.10 17:21:15 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʱ䇠ʱcurity Scan [2013.05.09 18:50:19 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠˛䇠˛curity Scan [2013.05.09 18:50:19 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠˛䇠˛curity Scan [2013.05.08 16:50:19 | 000,000,000 | ---D | M](C:\ProgramData\?Q?Qcurity Scan) -- C:\ProgramData\㩠Q䇠Qcurity Scan [2013.05.08 16:50:19 | 000,000,000 | ---D | M](C:\ProgramData\?Q?Qcurity Scan) -- C:\ProgramData\㩠Q䇠Qcurity Scan [2013.05.05 11:31:05 | 000,000,000 | ---D | M](C:\ProgramData\?í?ícurity Scan) -- C:\ProgramData\㩠í䇠ícurity Scan [2013.05.05 11:31:05 | 000,000,000 | ---D | M](C:\ProgramData\?í?ícurity Scan) -- C:\ProgramData\㩠í䇠ícurity Scan [2013.05.05 11:11:27 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʍ䇠ʍcurity Scan [2013.05.05 11:11:27 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʍ䇠ʍcurity Scan [2013.05.05 10:28:20 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʻ䇠ʻcurity Scan [2013.05.05 10:28:20 | 000,000,000 | ---D | M](C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʻ䇠ʻcurity Scan (C:\ProgramData\?Q?Qcurity Scan) -- C:\ProgramData\㩠Q䇠Qcurity Scan (C:\ProgramData\?í?ícurity Scan) -- C:\ProgramData\㩠í䇠ícurity Scan (C:\ProgramData\?I?Icurity Scan) -- C:\ProgramData\㩠I䇠Icurity Scan (C:\ProgramData\?9?9curity Scan) -- C:\ProgramData\㩠9䇠9curity Scan (C:\ProgramData\?^?^curity Scan) -- C:\ProgramData\㩠˄䇠˄curity Scan (C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠˓䇠˓curity Scan (C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠˅䇠˅curity Scan (C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠˃䇠˃curity Scan (C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʿ䇠ʿcurity Scan (C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʾ䇠ʾcurity Scan (C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʻ䇠ʻcurity Scan (C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ˀ䇠ˀcurity Scan (C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠˟䇠˟curity Scan (C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʭ䇠ʭcurity Scan (C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʸ䇠ʸcurity Scan (C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʏ䇠ʏcurity Scan (C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʍ䇠ʍcurity Scan (C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʌ䇠ʌcurity Scan (C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʉ䇠ʉcurity Scan (C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʇ䇠ʇcurity Scan (C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʵ䇠ʵcurity Scan (C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʳ䇠ʳcurity Scan (C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʫ䇠ʫcurity Scan (C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠ʱ䇠ʱcurity Scan (C:\ProgramData\????curity Scan) -- C:\ProgramData\㩠˛䇠˛curity Scan (C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\䖸ʾ䉘ʾ3-40C5-AD09-953C574F14BCÄʾ㭸ʾ (C:\ProgramData\????3-40C5-AD09-953C574F14BCÄ???) -- C:\ProgramData\䖸ɾ䉘ɾ3-40C5-AD09-953C574F14BCÄɾ㭸ɾ (C:\ProgramData\? ? curity Scan) -- C:\ProgramData\㩠 䇠 curity Scan < End of report > Extras von OTL:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.07.2013 20:50:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Elke\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 46,64% Memory free
8,17 Gb Paging File | 5,86 Gb Available in Paging File | 71,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244,14 Gb Total Space | 6,21 Gb Free Space | 2,54% Space Free | Partition Type: NTFS
Drive D: | 454,49 Gb Total Space | 347,40 Gb Free Space | 76,44% Space Free | Partition Type: NTFS
Drive K: | 3,71 Gb Total Space | 3,52 Gb Free Space | 94,92% Space Free | Partition Type: FAT32
Computer Name: AFFENKISTE | User Name: Elke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\Elke\AppData\Roaming\File Scout\filescout.exe" /open "%1" ()
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\Elke\AppData\Roaming\File Scout\filescout.exe" /open "%1" ()
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = AF D1 BA 48 20 74 CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BDB9632B-8B84-4885-BABA-44D55E227851}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D645CBD-10C4-4306-90A5-AE7285494219}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{10C3848C-61A9-4C2C-A55E-E8A547807F3B}" = protocol=6 | dir=in | app=c:\users\elke\appdata\local\apps\2.0\bzajmqrm.4ko\5hk34l7e.4ne\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe |
"{15C281D6-E242-49B3-B4ED-5BB7641747B5}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{1BA84DD3-37DA-4016-A204-CF7AF65D7661}" = protocol=17 | dir=in | app=d:\skyrim\steamapps\common\terraria\terraria.exe |
"{230D9E6D-1336-460E-A4EB-8D1EE7E25EDA}" = protocol=17 | dir=in | app=d:\skyrim\steamapps\common\age2hd\launcher.exe |
"{25FF3E24-49C7-402B-B0FD-7FD6DA18FC55}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{2EA729C5-1D2E-4873-AECA-67FDA27227FA}" = protocol=17 | dir=in | app=c:\users\elke\appdata\local\apps\2.0\bzajmqrm.4ko\5hk34l7e.4ne\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{36D0BC0E-E1F1-44DA-96BE-58A3572D1C41}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{3A135CAF-5FA0-48FD-88A1-2943B6DDF9D4}" = protocol=6 | dir=in | app=c:\users\elke\appdata\local\apps\2.0\bzajmqrm.4ko\5hk34l7e.4ne\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{4710CC28-7424-419F-AC93-FEA6E15FBC44}" = protocol=17 | dir=in | app=c:\users\elke\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{49073988-A476-4493-8F75-6F45CF72505A}" = protocol=6 | dir=in | app=d:\skyrim\steamapps\ninodelvani\garrysmod\hl2.exe |
"{4AD925BB-1BF4-4B88-8D5E-339A7A4487A9}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{581388BE-6DD1-48AD-94CC-5D08B9EF05AC}" = protocol=6 | dir=in | app=c:\users\elke\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{5B8FA554-CBE4-4501-8343-77D629D19690}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{675CDABC-B494-46EF-98ED-2AB53B8067C4}" = protocol=6 | dir=in | app=c:\users\elke\appdata\local\apps\2.0\bzajmqrm.4ko\5hk34l7e.4ne\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{70165C22-7362-4380-A001-0E2775F9D191}" = protocol=17 | dir=in | app=d:\skyrim\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{8B853787-C28C-469C-9E9E-D01A7499CBAC}" = protocol=17 | dir=in | app=d:\skyrim\steamapps\ninodelvani\garrysmod\hl2.exe |
"{9100FCFD-9931-40C3-8B3B-43DDF18D8BA1}" = protocol=6 | dir=in | app=d:\skyrim\steamapps\common\aceofspades\aos.exe |
"{970AF63D-B5DA-4D6E-8B29-5125D71BA5D8}" = protocol=17 | dir=in | app=d:\skyrim\steamapps\common\realm of the mad god\realm of the mad god.exe |
"{A06C3616-3A1C-4872-A712-D4DB6ED0597C}" = protocol=17 | dir=in | app=c:\users\elke\appdata\local\apps\2.0\bzajmqrm.4ko\5hk34l7e.4ne\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe |
"{A11A8CA4-A629-4007-BD03-5A12A80BCEC2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B87279AE-EEAE-455E-9740-D1F8E0063F1E}" = protocol=6 | dir=in | app=d:\skyrim\steamapps\common\realm of the mad god\realm of the mad god.exe |
"{B99A0B24-F0FA-45C7-A944-F0D336FCE0D0}" = protocol=6 | dir=in | app=d:\skyrim\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{BAA6BDB0-6A93-43D2-A4F8-F63D27BCEC47}" = protocol=6 | dir=in | app=d:\skyrim\steamapps\common\terraria\terraria.exe |
"{C39F959C-BE01-48CF-8DD6-13DBCE169A18}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C61A7167-3F11-4BEA-8533-0586FEEE55E7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D9010EC4-2405-4935-B382-AA7D234900AB}" = protocol=17 | dir=in | app=d:\skyrim\steamapps\common\aceofspades\aos.exe |
"{DCAE2F1F-8FB4-4552-B517-D82EE60EB87A}" = protocol=17 | dir=in | app=c:\users\elke\appdata\local\apps\2.0\bzajmqrm.4ko\5hk34l7e.4ne\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{E1F6D16C-3E01-424E-B447-6631EF1EFA9A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{EED6D93C-4832-4EC0-A3E2-AD93209FB18C}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{F4EB4299-2670-4198-B7A3-5B744B124783}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{F8C056AB-0166-4B79-BE6C-96B1FFE58D6E}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{FBAFFC2D-92FA-43C7-A201-6CE600FBC637}" = protocol=6 | dir=in | app=d:\skyrim\steamapps\common\age2hd\launcher.exe |
"TCP Query User{49B7A0C9-9572-49FA-A261-A087EBC6A8EB}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{578E5B87-B80B-44CE-BAA3-2F788D5E84BD}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{98AB2B2A-79B0-48AC-9BB7-39022B8EB4B6}C:\program files (x86)\java\jre1.6.0_13\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.6.0_13\bin\javaw.exe |
"UDP Query User{6CA390F6-512E-4F5C-90C5-3775EBF24D94}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{9C1EC777-FFBC-4804-91B7-0E8B03823E44}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{B2833FD2-0834-42DA-B969-88F61918D4F5}C:\program files (x86)\java\jre1.6.0_13\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.6.0_13\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{17E02F38-FF2D-4c3d-83DF-ECE2A1D20A5E}" = AIO_CDB_ToolboxIni64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Adobe Flash Player Plugin 64" = Adobe Flash Player 10 Plugin 64-bit
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{09F25F86-F957-4051-8AB2-0E0D948BBB5D}" = 1310
"{0ACC2993-2058-4BE7-9A92-9DCDAA9B3412}" = LogMeIn Hamachi
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216013F0}" = Java(TM) 6 Update 13
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{4e7c3936-7c06-4ef0-928b-c5d92f372578}_is1" = Craften Terminal 3.3.4897.28268
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6D2A900D-EB39-3386-8D9F-3B8F069C57A5}" = Google Talk Plugin
"{6D4553DF-2095-4D10-92C0-17934733B51D}" = 1310_Help
"{6D7E031C-4C05-4265-854A-FE9FDEA9984D}" = 1310Trb
"{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FFEF5E1-F7B0-40DD-838D-557BD7EE4301}" = TP-LINK Drahtlos Tool
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"0408a92bd64830bbba0477bd54a12436" = Deep Blue Sea 2 - The Amulet of Light
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"Atlantica – Wunder der Tiefe (VOLLVERSION)" = Atlantica – Wunder der Tiefe (VOLLVERSION)
"Audacity_is1" = Audacity 1.2.6
"Chuzzle Deluxe" = Chuzzle Deluxe
"Deponia" = Deponia
"Die Mode-Designerin" = Die Mode-Designerin
"Digital Editions" = Adobe Digital Editions
"dm-Fotowelt" = dm-Fotowelt
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"Easy CD and DVD Cover Creator" = Easy CD and DVD Cover Creator 4.13
"EXPERTool_is1" = EXPERTool 7.0
"Feeding Frenzy Deluxe" = Feeding Frenzy Deluxe
"Hühner-Attacke Deluxe" = Hühner-Attacke Deluxe
"InstallWIX_{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"JadeRousseauS01E01" = JadeRousseauS01E01
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"Opera 12.15.1748" = Opera 12.15
"oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.5.0
"PROPLUS" = Microsoft Office Professional Plus 2007
"Punch'n'Crunch" = Punch'n'Crunch 1.0
"PunkBusterSvc" = PunkBuster Services
"Steam App 105600" = Terraria
"Steam App 200170" = Worms Revolution
"Steam App 200210" = Realm of the Mad God
"Steam App 206500" = AirMech
"Steam App 221380" = Age of Empires II: HD Edition
"Steam App 224540" = Ace of Spades
"Steam App 4000" = Garry's Mod
"Steam App 65800" = Dungeon Defenders
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 4" = TeamViewer 4
"TeamViewer 5" = TeamViewer 5
"Trojan Remover_is1" = Trojan Remover 6.8.7
"VLC media player" = VLC media player 0.9.8a
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Babel Deluxe" = Babel Deluxe
"Blood Ties Deluxe" = Blood Ties Deluxe
"Book of Legends Deluxe" = Book of Legends Deluxe
"Cradle of Persia Deluxe" = Cradle of Persia Deluxe
"Dream Sleuth Deluxe" = Dream Sleuth Deluxe
"f018cf21c0452c64" = FRITZ!Box USB-Fernanschluss
"FileZilla Client" = FileZilla Client 3.5.3
"G.H.O.S.T. Hunters Deluxe" = G.H.O.S.T. Hunters Deluxe
"Gold Rush - Treasure Hunt Deluxe" = Gold Rush - Treasure Hunt Deluxe
"Gold Rush Deluxe" = Gold Rush Deluxe
"Google Chrome" = Google Chrome
"Jewel Quest Heritage Deluxe" = Jewel Quest Heritage Deluxe
"Kuros Deluxe" = Kuros Deluxe
"Little Shop of Treasures Deluxe" = Little Shop of Treasures Deluxe
"Masters of Mystery Deluxe" = Masters of Mystery Deluxe
"Mushroom Age Deluxe" = Mushroom Age Deluxe
"Mystery P.I. - Stolen in San Francisco Deluxe" = Mystery P.I. - Stolen in San Francisco Deluxe
"Proxy Me!" = Proxy Me!
"Puzzle Hero Deluxe" = Puzzle Hero Deluxe
"Saqqarah" = Saqqarah
"Super Collapse! Puzzle Gallery 4" = Super Collapse! Puzzle Gallery 4
"The Enchanted Kingdom - Elisa's Adventure Deluxe" = The Enchanted Kingdom - Elisa's Adventure Deluxe
"The Hidden Object Show Deluxe" = The Hidden Object Show Deluxe
"The legend of El Dorado Deluxe" = The legend of El Dorado Deluxe
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.07.2013 11:18:05 | Computer Name = Affenkiste | Source = WinMgmt | ID = 10
Description =
Error - 11.07.2013 11:27:13 | Computer Name = Affenkiste | Source = WinMgmt | ID = 10
Description =
Error - 11.07.2013 11:42:46 | Computer Name = Affenkiste | Source = WinMgmt | ID = 10
Description =
Error - 11.07.2013 11:53:01 | Computer Name = Affenkiste | Source = WinMgmt | ID = 10
Description =
Error - 11.07.2013 13:09:42 | Computer Name = Affenkiste | Source = WinMgmt | ID = 10
Description =
Error - 11.07.2013 13:20:43 | Computer Name = Affenkiste | Source = Windows Search Service | ID = 3013
Description =
Error - 11.07.2013 13:20:56 | Computer Name = Affenkiste | Source = Windows Search Service | ID = 3013
Description =
Error - 11.07.2013 13:25:35 | Computer Name = Affenkiste | Source = WinMgmt | ID = 10
Description =
Error - 11.07.2013 14:02:38 | Computer Name = Affenkiste | Source = WinMgmt | ID = 10
Description =
Error - 11.07.2013 14:40:14 | Computer Name = Affenkiste | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 24.08.2009 17:34:43 | Computer Name = Affenkiste | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 88
seconds with 60 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 11.07.2013 14:02:38 | Computer Name = Affenkiste | Source = Service Control Manager | ID = 7000
Description =
Error - 11.07.2013 14:02:38 | Computer Name = Affenkiste | Source = Service Control Manager | ID = 7000
Description =
Error - 11.07.2013 14:05:53 | Computer Name = Affenkiste | Source = Service Control Manager | ID = 7038
Description =
Error - 11.07.2013 14:05:53 | Computer Name = Affenkiste | Source = Service Control Manager | ID = 7000
Description =
Error - 11.07.2013 14:39:33 | Computer Name = Affenkiste | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\CdaC15BA.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 11.07.2013 14:40:14 | Computer Name = Affenkiste | Source = Service Control Manager | ID = 7000
Description =
Error - 11.07.2013 14:40:14 | Computer Name = Affenkiste | Source = Service Control Manager | ID = 7000
Description =
Error - 11.07.2013 14:43:49 | Computer Name = Affenkiste | Source = Service Control Manager | ID = 7038
Description =
Error - 11.07.2013 14:43:49 | Computer Name = Affenkiste | Source = Service Control Manager | ID = 7000
Description =
Error - 11.07.2013 15:00:08 | Computer Name = Affenkiste | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Den GMER Report kann ich leider nicht einfügen, da ich gestern abend den Scan gestartet habe und da es so lange gedauert hat ihn über Nacht weiterlaufen lies. Jetzt ist es allerdings so, dass der Rechner immer noch arbeitet der Bildschirm aber vom Standby nicht mehr raus geht. Er erzählt mir "No Signal, going to sleep". Soll ich den Rechner neustarten? An dem Lämpchen sieht man das er arbeitet. Vielen Dank für die Mühe Elke Geändert von Misama (12.07.2013 um 05:52 Uhr) |
|
12.07.2013, 06:06
| #2 |
| /// the machine /// TB-Ausbilder    | Trojan-Downloader.Win32MultiDL.c lässt sich nicht entfernen Hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
12.07.2013, 06:09
| #3 |
| | Trojan-Downloader.Win32MultiDL.c lässt sich nicht entfernen Danke für die schnelle Antwort.
__________________Darf ich den Rechner neustarten? Nicht das ich etwas unterbreche? Lg Elke |
|
12.07.2013, 08:41
| #4 |
| /// the machine /// TB-Ausbilder | Trojan-Downloader.Win32MultiDL.c lässt sich nicht entfernen Während dem FRST Scan nicht 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.07.2013, 21:02
| #5 |
| | Trojan-Downloader.Win32MultiDL.c lässt sich nicht entfernen Vielen Dank für die promten Antworten, anbei die beiden Dateien: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-07-2013 01
Ran by Elke (administrator) on 12-07-2013 20:06:43
Running from C:\Users\Elke\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry64.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Gainward Co.) C:\Program Files (x86)\EXPERTool\TBPANEL.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(TP-LINK TECHNOLOGIES CO., LTD. ) C:\Program Files (x86)\TP-LINK\COMMON\TWCU.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(AVM Berlin) C:\Users\Elke\AppData\Local\Apps\2.0\BZAJMQRM.4KO\5HK34L7E.4NE\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1584184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - RAVCpl64.exe [x]
HKLM\...\Run: [Skytel] - Skytel.exe [x]
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - KHALMNPR.EXE [x]
HKLM\...\Run: [Launch LgDeviceAgent] - "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" [415816 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] - "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE [4725320 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] - "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2412616 2010-08-03] (Logitech Inc.)
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab)
HKCU\...\Run: [GAINWARD] - C:\Program Files (x86)\EXPERTool\TBPanel.exe /A [2181672 2008-12-03] (Gainward Co.)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [AVMUSBFernanschluss] - "C:\Users\Elke\AppData\Local\Apps\2.0\BZAJMQRM.4KO\5HK34L7E.4NE\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe" [139264 2013-01-16] (AVM Berlin)
HKCU\...\Run: [Google Update] - "C:\Users\Elke\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-09-12] (Google Inc.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM-x32\...\Run: [AVP] - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe" [348760 2010-10-01] (Kaspersky Lab)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255184 2013-06-28] (LogMeIn Inc.)
HKLM-x32\...\Run: [TrojanScanner] - "C:\Program Files (x86)\Trojan Remover\Trjscan.exe" /boot [1653008 2013-06-17] (Simply Super Software)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll,C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll [15448 2010-10-01] (Kaspersky Lab)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\TP-LINK Drahtlos Tool.lnk
ShortcutTarget: TP-LINK Drahtlos Tool.lnk -> C:\Program Files (x86)\TP-LINK\COMMON\TWCU.exe (TP-LINK TECHNOLOGIES CO., LTD. )
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=7053c437-386c-452e-a7fa-96b3557eaed3&searchtype=hp&installDate=09/06/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=7053c437-386c-452e-a7fa-96b3557eaed3&searchtype=ds&q={searchTerms}&installDate=09/06/2013
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
HKLM-x32 SearchScopes: DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=Somoto&dpid=Somoto&co=DE&userid=7053c437-386c-452e-a7fa-96b3557eaed3&searchtype=ds&q={searchTerms}&installDate=09/06/2013
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=Somoto&dpid=Somoto&co=DE&userid=7053c437-386c-452e-a7fa-96b3557eaed3&searchtype=ds&q={searchTerms}&installDate=09/06/2013
HKCU SearchScopes: DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=7053c437-386c-452e-a7fa-96b3557eaed3&searchtype=ds&q={searchTerms}&installDate=09/06/2013
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=7053c437-386c-452e-a7fa-96b3557eaed3&searchtype=ds&q={searchTerms}&installDate=09/06/2013
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&affID=121631&tt=gc_&babsrc=SP_ss&mntrId=968D001FD08D15BF
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\ievkbd.dll (Kaspersky Lab)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll (Kaspersky Lab)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_13\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_13\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game02.zylom.com/activex/zylomgamesplayer.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\Elke\AppData\Roaming\Mozilla\Firefox\Profiles\w3ni35zv.default
FF user.js: detected! => C:\Users\Elke\AppData\Roaming\Mozilla\Firefox\Profiles\w3ni35zv.default\user.js
FF Homepage: user_pref("browser.startup.homepage", );
FF NewTab: about:blank
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre1.6.0_13\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Elke\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Elke\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Elke\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Elke\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Elke\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Elke\AppData\Roaming\Mozilla\Firefox\Profiles\w3ni35zv.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Elke\AppData\Roaming\Mozilla\Firefox\Profiles\w3ni35zv.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF Extension: DownloadHelper - C:\Users\Elke\AppData\Roaming\Mozilla\Firefox\Profiles\w3ni35zv.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: No Name - C:\Users\Elke\AppData\Roaming\Mozilla\Firefox\Profiles\w3ni35zv.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Thunderbird\Extensions: [{eea12ec4-729d-4703-bc37-106ce9879ce2}] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\THBExt
FF Extension: Kaspersky Anti-Spam Extension - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\THBExt
Chrome:
=======
CHR HomePage: hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=7053c437-386c-452e-a7fa-96b3557eaed3&searchtype=hp&installDate=09/06/2013
CHR RestoreOnStartup: "hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=7053c437-386c-452e-a7fa-96b3557eaed3&searchtype=hp&installDate=09/06/2013"
CHR DefaultSearchURL: (Web) - hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=7053c437-386c-452e-a7fa-96b3557eaed3&searchtype=ds&q={searchTerms}&installDate=09/06/2013
CHR DefaultSuggestURL: (Web) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Users\Elke\AppData\Local\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Elke\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Elke\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U13) - C:\Program Files (x86)\Java\jre1.6.0_13\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\Elke\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Elke\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Elke\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Zylom Plugin) - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
CHR Plugin: (Google Update) - C:\Users\Elke\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
==================== Services (Whitelisted) =================
S2 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [163328 2013-05-28] ()
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe [348760 2010-10-01] (Kaspersky Lab)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [743992 2009-12-21] (Infowatch)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-01-11] ()
R2 RalinkRegistryWriter; C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry.exe [185632 2010-07-07] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry64.exe [212256 2010-07-07] (Ralink Technology, Corp.)
==================== Drivers (Whitelisted) ====================
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [116096 2011-03-05] (AVM Berlin)
R3 Cardex; C:\Windows\SysWOW64\drivers\TBPANELX64.SYS [15648 2007-03-16] (Windows (R) Server 2003 DDK provider)
R3 Cardex; C:\Windows\SysWOW64\drivers\TBPANELX64.SYS [15648 2007-03-16] (Windows (R) Server 2003 DDK provider)
S2 CdaC15BA; C:\Windows\SysWow64\drivers\CdaC15BA.SYS [12464 2009-07-16] (Macrovision Europe Ltd)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [85048 2009-12-14] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66104 2009-12-14] (Infowatch)
S3 gdrv; C:\Windows\gdrv.sys [20544 2008-12-14] (Windows (R) Server 2003 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [20544 2008-12-14] (Windows (R) Server 2003 DDK provider)
R1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [157712 2009-09-01] (Kaspersky Lab)
R0 KLBG; C:\Windows\System32\DRIVERS\klbg.sys [40464 2009-10-14] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [353296 2011-09-15] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [27152 2009-09-14] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [21008 2009-10-02] (Kaspersky Lab)
S2 CdaC15BA; \??\C:\Windows\system32\drivers\CdaC15BA.SYS [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S2 TBPanel; No ImagePath
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-12 20:06 - 2013-07-12 20:06 - 00000000 ____D C:\FRST
2013-07-12 20:05 - 2013-07-12 07:15 - 01778143 _____ (Farbar) C:\Users\Elke\Desktop\FRST64.exe
2013-07-11 21:06 - 2013-07-11 21:06 - 00065832 _____ C:\Users\Elke\Desktop\Extras.Txt
2013-07-11 21:04 - 2013-07-11 21:04 - 00130204 _____ C:\Users\Elke\Desktop\OTL.Txt
2013-07-11 20:49 - 2013-07-11 20:49 - 00000470 _____ C:\Users\Elke\Desktop\defogger_disable.log
2013-07-11 20:47 - 2013-07-11 20:47 - 00000000 _____ C:\Users\Elke\defogger_reenable
2013-07-11 20:45 - 2013-07-11 20:45 - 00377856 _____ C:\Users\Elke\Desktop\gmer_2.1.19163.exe
2013-07-11 20:44 - 2013-07-11 20:44 - 00602112 _____ (OldTimer Tools) C:\Users\Elke\Desktop\OTL.exe
2013-07-11 20:44 - 2013-07-11 20:44 - 00050477 _____ C:\Users\Elke\Desktop\Defogger.exe
2013-07-11 20:27 - 2013-07-11 20:27 - 00000990 _____ C:\Users\Public\Desktop\Trojan Remover.lnk
2013-07-11 20:27 - 2013-07-11 20:27 - 00000000 ____D C:\Users\Elke\Documents\Simply Super Software
2013-07-11 20:27 - 2013-07-11 20:27 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-07-11 20:27 - 2013-07-11 20:27 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2013-07-11 20:27 - 2012-06-15 16:39 - 00169744 _____ C:\Windows\SysWOW64\ztvunrar36.dll
2013-07-11 20:27 - 2012-06-15 16:35 - 00185616 _____ C:\Windows\SysWOW64\ztvunrar39.dll
2013-07-11 20:27 - 2012-06-15 16:33 - 00605968 _____ (Igor Pavlov) C:\Windows\SysWOW64\ztv7z.dll
2013-07-11 20:27 - 2012-06-15 16:33 - 00077072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ztvcabinet.dll
2013-07-11 20:27 - 2005-08-26 01:50 - 00077312 _____ C:\Windows\SysWOW64\ztvunace26.dll
2013-07-11 20:27 - 2003-02-02 20:06 - 00153088 _____ C:\Windows\SysWOW64\UNRAR3.dll
2013-07-11 20:27 - 2002-03-06 01:00 - 00075264 _____ C:\Windows\SysWOW64\unacev2.dll
2013-07-11 20:26 - 2013-07-11 20:26 - 20553576 _____ (Simply Super Software ) C:\Users\Elke\Downloads\trjsetup687.exe
2013-07-11 17:05 - 2013-07-11 17:05 - 00000000 ____D C:\ProgramData\䖸Ė䉘Ė3-40C5-AD09-953C574F14BCÄĖ㭸Ė
2013-07-11 16:53 - 2013-07-11 16:53 - 00000000 ____D C:\ProgramData\䖸˧䉘˧3-40C5-AD09-953C574F14BCÄ˧㭸˧
2013-07-11 16:44 - 2013-07-11 16:44 - 00000000 ____D C:\ProgramData\䖸2䉘23-40C5-AD09-953C574F14BCÄ2㭸2
2013-07-10 15:26 - 2013-07-10 15:26 - 00000000 ____D C:\ProgramData\䖸ɿ䉘ɿ3-40C5-AD09-953C574F14BCÄɿ㭸ɿ
2013-07-09 20:57 - 2013-07-09 21:05 - 00000000 ____D C:\Users\Elke\AppData\Roaming\Minecraft Version Changer
2013-07-09 20:57 - 2013-07-09 20:57 - 00000000 ____D C:\Users\Elke\AppData\Local\Craften_Dev_Team
2013-07-09 20:56 - 2013-07-09 20:56 - 00000000 ____D C:\Program Files (x86)\Craften Terminal
2013-07-09 20:55 - 2013-07-09 20:55 - 02484499 _____ (Craften Dev Team ) C:\Users\Elke\Downloads\craftenterminal.exe
2013-07-09 11:50 - 2013-07-09 11:50 - 00000000 ____D C:\ProgramData\䖸ʰ䉘ʰ3-40C5-AD09-953C574F14BCÄʰ㭸ʰ
2013-07-08 16:58 - 2013-07-08 16:58 - 00000000 ____D C:\ProgramData\䖸ʔ䉘ʔ3-40C5-AD09-953C574F14BCÄʔ㭸ʔ
2013-07-07 18:34 - 2013-07-07 18:34 - 00000000 ____D C:\ProgramData\䖸ê䉘ê3-40C5-AD09-953C574F14BCÄê㭸ê
2013-07-07 17:27 - 2013-07-07 17:27 - 00000000 ____D C:\ProgramData\䖸ɝ䉘ɝ3-40C5-AD09-953C574F14BCÄɝ㭸ɝ
2013-07-06 11:50 - 2013-07-06 11:50 - 00291342 _____ C:\Users\Elke\Desktop\MagicLauncher_1.0.0.zip
2013-07-05 17:43 - 2013-07-05 17:43 - 00000931 _____ C:\Users\Elke\Desktop\Minecraft.exe.lnk
2013-07-05 17:36 - 2013-07-05 17:36 - 00000000 ____D C:\ProgramData\䖸ˆ䉘ˆ3-40C5-AD09-953C574F14BCĈ㭸ˆ
2013-07-05 17:34 - 2013-07-05 17:34 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-06-29 21:06 - 2013-06-29 21:06 - 00000000 ____D C:\ProgramData\䖸ʅ䉘ʅ3-40C5-AD09-953C574F14BCÄʅ㭸ʅ
2013-06-28 13:35 - 2013-06-28 13:35 - 00000000 ____D C:\ProgramData\䖸ʙ䉘ʙ3-40C5-AD09-953C574F14BCÄʙ㭸ʙ
2013-06-26 19:14 - 2013-06-26 19:14 - 00000000 ____D C:\ProgramData\䖸B䉘B3-40C5-AD09-953C574F14BCÄB㭸B
2013-06-24 20:06 - 2013-06-24 20:06 - 00000000 ____D C:\ProgramData\䖸ʪ䉘ʪ3-40C5-AD09-953C574F14BCÄʪ㭸ʪ
2013-06-23 14:10 - 2013-06-23 14:10 - 00000000 ____D C:\ProgramData\䖸˗䉘˗3-40C5-AD09-953C574F14BCÄ˗㭸˗
2013-06-22 12:01 - 2013-06-22 12:01 - 00000000 ____D C:\ProgramData\䖸ʩ䉘ʩ3-40C5-AD09-953C574F14BCÄʩ㭸ʩ
2013-06-17 20:14 - 2013-06-17 20:14 - 00003354 _____ C:\Windows\System32\Tasks\AdobeFlashPlayerUpdate
2013-06-17 20:14 - 2013-06-17 20:14 - 00003094 _____ C:\Windows\System32\Tasks\AdobeFlashPlayerUpdate 2
2013-06-17 20:14 - 2013-05-28 15:05 - 00163328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
2013-06-17 20:13 - 2013-06-17 20:13 - 00000000 ____D C:\Users\Elke\AppData\Roaming\File Scout
2013-06-16 19:17 - 2013-05-17 05:09 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-06-16 19:17 - 2013-05-17 05:02 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-06-16 19:17 - 2013-05-17 05:02 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-06-16 19:17 - 2013-05-17 05:01 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-06-16 19:17 - 2013-05-17 05:00 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-06-16 19:17 - 2013-05-17 04:58 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-06-16 19:17 - 2013-05-17 04:56 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-06-16 19:17 - 2013-05-17 04:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-06-16 19:17 - 2013-05-17 04:55 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-06-16 19:17 - 2013-05-17 04:54 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-06-16 19:17 - 2013-05-17 04:53 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-06-16 19:17 - 2013-05-17 04:51 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-06-16 19:17 - 2013-05-17 04:51 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-06-16 19:17 - 2013-05-17 04:46 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-06-16 19:17 - 2013-05-17 01:08 - 12329984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-16 19:17 - 2013-05-17 00:39 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-16 19:17 - 2013-05-17 00:28 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-16 19:17 - 2013-05-17 00:28 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-16 19:17 - 2013-05-17 00:27 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-16 19:17 - 2013-05-17 00:26 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-16 19:17 - 2013-05-17 00:23 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-16 19:17 - 2013-05-17 00:21 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-16 19:17 - 2013-05-17 00:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-16 19:17 - 2013-05-17 00:20 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-16 19:17 - 2013-05-17 00:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-16 19:17 - 2013-05-17 00:17 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-16 19:17 - 2013-05-17 00:17 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-16 19:17 - 2013-05-17 00:16 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-16 19:17 - 2013-05-17 00:12 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-16 19:16 - 2013-05-17 06:05 - 17824768 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-06-16 19:16 - 2013-05-17 05:27 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-06-16 19:16 - 2013-05-17 00:49 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-16 16:42 - 2013-06-16 16:48 - 00000000 ____D C:\ProgramData\Package Cache
2013-06-16 10:31 - 2013-06-16 10:31 - 00000000 ____D C:\ProgramData\䖸ˍ䉘ˍ3-40C5-AD09-953C574F14BCÄˍ㭸ˍ
2013-06-14 18:37 - 2013-06-14 18:37 - 00000000 ____D C:\Users\Elke\Documents\Aktivierung
2013-06-14 18:00 - 2013-06-14 18:00 - 00000000 ____D C:\ProgramData\䖸!䉘!3-40C5-AD09-953C574F14BCÄ!㭸!
2013-06-12 19:34 - 2013-04-24 06:09 - 01269248 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-06-12 19:34 - 2013-04-24 06:09 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-06-12 19:34 - 2013-04-24 06:09 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-06-12 19:34 - 2013-04-24 06:09 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-06-12 19:34 - 2013-04-24 06:00 - 00985600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 19:34 - 2013-04-24 06:00 - 00133120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 19:34 - 2013-04-24 06:00 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 19:34 - 2013-04-24 06:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 19:34 - 2013-04-24 04:10 - 01078272 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-06-12 19:34 - 2013-04-24 03:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 19:33 - 2013-05-08 06:50 - 01423720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-06-12 19:33 - 2013-05-02 06:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-06-12 19:33 - 2013-05-02 06:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 19:33 - 2013-05-02 06:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printcom.dll
2013-06-12 19:33 - 2013-04-17 15:04 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-06-12 19:33 - 2013-04-17 14:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
==================== One Month Modified Files and Folders =======
2013-07-12 20:06 - 2013-07-12 20:06 - 00000000 ____D C:\FRST
2013-07-12 20:00 - 2006-11-02 17:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-12 20:00 - 2006-11-02 17:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-12 19:55 - 2011-09-12 14:54 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1203581777-2479668924-669779983-1000UA.job
2013-07-12 19:27 - 2012-09-08 20:45 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-12 18:45 - 2011-03-05 19:33 - 00185721 _____ C:\Windows\avmacc.log
2013-07-12 18:45 - 2008-01-21 03:53 - 01638110 _____ C:\Windows\WindowsUpdate.log
2013-07-12 18:44 - 2012-09-15 14:07 - 00000000 ____D C:\Users\Elke\AppData\Local\LogMeIn Hamachi
2013-07-12 18:44 - 2010-09-27 07:47 - 01619370 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-07-12 18:44 - 2008-12-13 15:56 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-12 18:44 - 2008-01-21 13:09 - 00685456 _____ C:\Windows\system32\perfh007.dat
2013-07-12 18:44 - 2008-01-21 13:09 - 00150420 _____ C:\Windows\system32\perfc007.dat
2013-07-12 18:40 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-12 07:15 - 2013-07-12 20:05 - 01778143 _____ (Farbar) C:\Users\Elke\Desktop\FRST64.exe
2013-07-11 21:07 - 2006-11-02 17:42 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-11 21:06 - 2013-07-11 21:06 - 00065832 _____ C:\Users\Elke\Desktop\Extras.Txt
2013-07-11 21:04 - 2013-07-11 21:04 - 00130204 _____ C:\Users\Elke\Desktop\OTL.Txt
2013-07-11 20:53 - 2011-09-12 14:54 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1203581777-2479668924-669779983-1000Core.job
2013-07-11 20:49 - 2013-07-11 20:49 - 00000470 _____ C:\Users\Elke\Desktop\defogger_disable.log
2013-07-11 20:48 - 2008-01-21 13:10 - 01589024 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-11 20:47 - 2013-07-11 20:47 - 00000000 _____ C:\Users\Elke\defogger_reenable
2013-07-11 20:47 - 2008-12-13 14:59 - 00000000 ____D C:\Users\Elke
2013-07-11 20:45 - 2013-07-11 20:45 - 00377856 _____ C:\Users\Elke\Desktop\gmer_2.1.19163.exe
2013-07-11 20:44 - 2013-07-11 20:44 - 00602112 _____ (OldTimer Tools) C:\Users\Elke\Desktop\OTL.exe
2013-07-11 20:44 - 2013-07-11 20:44 - 00050477 _____ C:\Users\Elke\Desktop\Defogger.exe
2013-07-11 20:39 - 2008-01-21 05:26 - 00114466 _____ C:\Windows\PFRO.log
2013-07-11 20:27 - 2013-07-11 20:27 - 00000990 _____ C:\Users\Public\Desktop\Trojan Remover.lnk
2013-07-11 20:27 - 2013-07-11 20:27 - 00000000 ____D C:\Users\Elke\Documents\Simply Super Software
2013-07-11 20:27 - 2013-07-11 20:27 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-07-11 20:27 - 2013-07-11 20:27 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2013-07-11 20:26 - 2013-07-11 20:26 - 20553576 _____ (Simply Super Software ) C:\Users\Elke\Downloads\trjsetup687.exe
2013-07-11 18:51 - 2012-07-16 19:37 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-07-11 18:12 - 2008-12-20 21:58 - 00000000 ____D C:\Program Files (x86)\MobMapUpdater
2013-07-11 17:59 - 2009-08-26 11:06 - 00000000 ____D C:\Users\Elke\Desktop\Spiele
2013-07-11 17:56 - 2009-06-24 13:46 - 00000000 ____D C:\Users\Elke\AppData\Roaming\Mozilla
2013-07-11 17:34 - 2012-02-08 11:03 - 00002655 _____ C:\Users\Elke\Desktop\Microsoft Office Word 2007.lnk
2013-07-11 17:06 - 2013-01-26 22:03 - 00000000 ____D C:\Users\Elke\Desktop\Mama
2013-07-11 17:05 - 2013-07-11 17:05 - 00000000 ____D C:\ProgramData\䖸Ė䉘Ė3-40C5-AD09-953C574F14BCÄĖ㭸Ė
2013-07-11 16:53 - 2013-07-11 16:53 - 00000000 ____D C:\ProgramData\䖸˧䉘˧3-40C5-AD09-953C574F14BCÄ˧㭸˧
2013-07-11 16:44 - 2013-07-11 16:44 - 00000000 ____D C:\ProgramData\䖸2䉘23-40C5-AD09-953C574F14BCÄ2㭸2
2013-07-11 16:23 - 2008-12-21 22:29 - 00000000 ____D C:\Program Files (x86)\Opera
2013-07-10 21:08 - 2010-05-21 16:07 - 00000000 ____D C:\Users\Elke\AppData\Roaming\TS3Client
2013-07-10 20:53 - 2010-07-31 22:19 - 00000000 ____D C:\Users\Elke\AppData\Roaming\Skype
2013-07-10 20:48 - 2011-09-12 14:54 - 00003998 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1203581777-2479668924-669779983-1000UA
2013-07-10 20:48 - 2011-09-12 14:54 - 00003602 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1203581777-2479668924-669779983-1000Core
2013-07-10 16:28 - 2011-07-17 13:16 - 00000000 ____D C:\Users\Elke\AppData\Roaming\.minecraft
2013-07-10 15:26 - 2013-07-10 15:26 - 00000000 ____D C:\ProgramData\䖸ɿ䉘ɿ3-40C5-AD09-953C574F14BCÄɿ㭸ɿ
2013-07-09 21:05 - 2013-07-09 20:57 - 00000000 ____D C:\Users\Elke\AppData\Roaming\Minecraft Version Changer
2013-07-09 20:57 - 2013-07-09 20:57 - 00000000 ____D C:\Users\Elke\AppData\Local\Craften_Dev_Team
2013-07-09 20:56 - 2013-07-09 20:56 - 00000000 ____D C:\Program Files (x86)\Craften Terminal
2013-07-09 20:55 - 2013-07-09 20:55 - 02484499 _____ (Craften Dev Team ) C:\Users\Elke\Downloads\craftenterminal.exe
2013-07-09 11:52 - 2011-02-04 10:39 - 00002032 _____ C:\Users\Elke\AppData\Local\d3d9caps.dat
2013-07-09 11:50 - 2013-07-09 11:50 - 00000000 ____D C:\ProgramData\䖸ʰ䉘ʰ3-40C5-AD09-953C574F14BCÄʰ㭸ʰ
2013-07-08 16:58 - 2013-07-08 16:58 - 00000000 ____D C:\ProgramData\䖸ʔ䉘ʔ3-40C5-AD09-953C574F14BCÄʔ㭸ʔ
2013-07-07 18:34 - 2013-07-07 18:34 - 00000000 ____D C:\ProgramData\䖸ê䉘ê3-40C5-AD09-953C574F14BCÄê㭸ê
2013-07-07 17:27 - 2013-07-07 17:27 - 00000000 ____D C:\ProgramData\䖸ɝ䉘ɝ3-40C5-AD09-953C574F14BCÄɝ㭸ɝ
2013-07-06 22:03 - 2008-12-21 22:24 - 00228352 _____ C:\Users\Elke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-06 11:50 - 2013-07-06 11:50 - 00291342 _____ C:\Users\Elke\Desktop\MagicLauncher_1.0.0.zip
2013-07-05 17:43 - 2013-07-05 17:43 - 00000931 _____ C:\Users\Elke\Desktop\Minecraft.exe.lnk
2013-07-05 17:36 - 2013-07-05 17:36 - 00000000 ____D C:\ProgramData\䖸ˆ䉘ˆ3-40C5-AD09-953C574F14BCĈ㭸ˆ
2013-07-05 17:34 - 2013-07-05 17:34 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-06-29 21:06 - 2013-06-29 21:06 - 00000000 ____D C:\ProgramData\䖸ʅ䉘ʅ3-40C5-AD09-953C574F14BCÄʅ㭸ʅ
2013-06-28 13:35 - 2013-06-28 13:35 - 00000000 ____D C:\ProgramData\䖸ʙ䉘ʙ3-40C5-AD09-953C574F14BCÄʙ㭸ʙ
2013-06-26 19:14 - 2013-06-26 19:14 - 00000000 ____D C:\ProgramData\䖸B䉘B3-40C5-AD09-953C574F14BCÄB㭸B
2013-06-24 20:06 - 2013-06-24 20:06 - 00000000 ____D C:\ProgramData\䖸ʪ䉘ʪ3-40C5-AD09-953C574F14BCÄʪ㭸ʪ
2013-06-23 14:10 - 2013-06-23 14:10 - 00000000 ____D C:\ProgramData\䖸˗䉘˗3-40C5-AD09-953C574F14BCÄ˗㭸˗
2013-06-22 12:01 - 2013-06-22 12:01 - 00000000 ____D C:\ProgramData\䖸ʩ䉘ʩ3-40C5-AD09-953C574F14BCÄʩ㭸ʩ
2013-06-21 14:41 - 2011-09-13 17:41 - 00002049 _____ C:\Users\Elke\Desktop\Google Chrome.lnk
2013-06-20 15:00 - 2012-12-16 18:14 - 00000000 ____D C:\Users\Elke\Documents\Nicolas Word
2013-06-17 20:53 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\rescache
2013-06-17 20:14 - 2013-06-17 20:14 - 00003354 _____ C:\Windows\System32\Tasks\AdobeFlashPlayerUpdate
2013-06-17 20:14 - 2013-06-17 20:14 - 00003094 _____ C:\Windows\System32\Tasks\AdobeFlashPlayerUpdate 2
2013-06-17 20:13 - 2013-06-17 20:13 - 00000000 ____D C:\Users\Elke\AppData\Roaming\File Scout
2013-06-17 20:12 - 2012-10-21 18:17 - 00000000 ____D C:\Users\Elke\Desktop\Steam
2013-06-16 19:57 - 2008-12-13 16:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-16 19:38 - 2006-11-02 14:35 - 75825640 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-06-16 16:55 - 2009-03-09 20:51 - 00323566 _____ C:\Windows\DirectX.log
2013-06-16 16:48 - 2013-06-16 16:42 - 00000000 ____D C:\ProgramData\Package Cache
2013-06-16 10:31 - 2013-06-16 10:31 - 00000000 ____D C:\ProgramData\䖸ˍ䉘ˍ3-40C5-AD09-953C574F14BCÄˍ㭸ˍ
2013-06-15 20:10 - 2013-04-30 14:25 - 00001100 _____ C:\Users\Elke\AppData\Local\d3d8caps.dat
2013-06-14 18:41 - 2010-10-30 23:51 - 00000000 ____D C:\Users\Elke\Documents\VanessaWord
2013-06-14 18:37 - 2013-06-14 18:37 - 00000000 ____D C:\Users\Elke\Documents\Aktivierung
2013-06-14 18:29 - 2012-09-08 20:45 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-14 18:29 - 2011-06-02 10:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-14 18:00 - 2013-06-14 18:00 - 00000000 ____D C:\ProgramData\䖸!䉘!3-40C5-AD09-953C574F14BCÄ!㭸!
2013-06-13 20:43 - 2010-07-31 22:19 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-13 20:43 - 2009-01-12 20:24 - 00000000 ____D C:\ProgramData\Skype
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-12 18:48
==================== End Of Log ============================
--- --- --- Und noch die Additon:FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-07-2013 01
Ran by Elke at 2013-07-12 20:09:42
Running from C:\Users\Elke\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
Update for Microsoft Office 2007 (KB2508958) (x32)
1310 (x32 Version: 82.0.242.000)
1310_Help (x32 Version: 82.0.58.000)
1310Trb (x32 Version: 82.0.242.000)
64 Bit HP CIO Components Installer (Version: 7.2.8)
7-Zip 4.65 (x64 edition) (Version: 4.65.00.0)
Ace of Spades (x32)
Adobe Digital Editions (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Photoshop 6.0 (x32 Version: 6.0)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Adobe SVG Viewer (x32 Version: 1.0)
Age of Empires II: HD Edition (x32)
AIO_CDB_ProductContext (x32 Version: 82.0.242.000)
AIO_CDB_Software (x32 Version: 82.0.242.000)
AIO_CDB_ToolboxIni64 (Version: 82.0.242.000)
AIO_Scan (x32 Version: 82.0.173.000)
AirMech (x32)
Apple Application Support (x32 Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (x32 Version: 2.1.3.127)
Atlantica – Wunder der Tiefe (VOLLVERSION) (x32)
Audacity 1.2.6 (x32)
Babel Deluxe (HKCU Version: 1.0.1)
be Flash Player 10 Plugin 64-bit (Version: 10.2.161.23)
Blood Ties Deluxe (HKCU Version: 1.0.0)
Bonjour (Version: 3.0.0.10)
Book of Legends Deluxe (HKCU Version: 1.0.0)
BufferChm (x32 Version: 82.0.173.000)
CDDRV_Installer (Version: 4.60)
Chuzzle Deluxe (x32 Version: 1.0.1)
ConvertHelper 2.2 (x32)
Copy (x32 Version: 82.0.188.000)
Cradle of Persia Deluxe (HKCU Version: 1.0.0)
Craften Terminal 3.3.4897.28268 (x32 Version: 3.3.4897.28268)
CustomerResearchQFolder (x32 Version: 1.00.0000)
Deep Blue Sea 2 - The Amulet of Light (x32)
Deponia (x32 Version: 1.0)
Destinations (x32 Version: 82.0.173.000)
DEUTSCHLAND SPIELT GAME CENTER (x32)
DeviceManagementQFolder (x32 Version: 1.00.0000)
Die Mode-Designerin (x32)
dm-Fotowelt (x32)
DocProc (x32 Version: 8.1.0.0)
DocProcQFolder (x32 Version: 1.00.0000)
Dream Sleuth Deluxe (HKCU Version: 1.0.0)
Dungeon Defenders (x32)
Easy CD and DVD Cover Creator 4.13 (x32 Version: 4.13)
eSupportQFolder (x32 Version: 1.00.0000)
EXPERTool 7.0 (x32)
Fax (x32 Version: 82.0.188.000)
Feeding Frenzy Deluxe (x32 Version: 1.0.0)
FileZilla Client 3.5.3 (HKCU Version: 3.5.3)
FRITZ!Box USB-Fernanschluss (HKCU Version: 2.3.0.2)
G.H.O.S.T. Hunters Deluxe (HKCU Version: 1.0.0)
Garry's Mod (x32)
Gold Rush - Treasure Hunt Deluxe (HKCU Version: 1.0.0)
Gold Rush Deluxe (HKCU Version: 1.1.0)
Google Chrome (HKCU Version: 27.0.1453.116)
Google Talk Plugin (x32 Version: 4.2.1.14031)
HP Customer Participation Program 8.0 (Version: 8.0)
HP Imaging Device Functions 8.0 (Version: 8.0)
HP OCR Software 8.0 (Version: 8.0)
HP Photosmart Essential (x32 Version: 1.12.0.46)
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (Version: 8.0)
HP Solution Center 8.0 (Version: 8.0)
HP Update (x32 Version: 4.000.005.006)
HPDiagnosticAlert (x32 Version: 1.00.0000)
HPProductAssistant (x32 Version: 82.0.173.000)
HPSSupply (x32 Version: 2.1.3.0000)
Hühner-Attacke Deluxe (x32)
iTunes (Version: 10.5.3.3)
JadeRousseauS01E01 (x32)
Java(TM) 6 Update 13 (x32 Version: 6.0.130)
Jewel Quest Heritage Deluxe (HKCU Version: 1.0.0)
Kaspersky PURE (x32 Version: 9.1.0.124)
KhalInstallWrapper (Version: 4.60.122)
Kuros Deluxe (HKCU Version: 1.0.0)
Little Shop of Treasures Deluxe (HKCU Version: 1.0.0)
Logitech GamePanel Software 3.06.109 (Version: 3.06.109)
Logitech SetPoint (x32 Version: 4.60)
LogMeIn Hamachi (x32 Version: 2.1.0.374)
MarketResearch (x32 Version: 82.0.174.000)
Masters of Mystery Deluxe (HKCU Version: 1.0.0)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 1.1 (x32)
Microsoft .NET Framework 1.1 Security Update (KB2698023) (x32)
Microsoft .NET Framework 1.1 Security Update (KB2742597) (x32)
Microsoft .NET Framework 1.1 Security Update (KB979906) (x32)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (x32 Version: 5.1.20125.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)
Mozilla Firefox 15.0.1 (x86 de) (x32 Version: 15.0.1)
Mozilla Maintenance Service (x32 Version: 15.0.1)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Mushroom Age Deluxe (HKCU Version: 1.0.0)
Mystery P.I. - Stolen in San Francisco Deluxe (HKCU Version: 1.0.0)
NVIDIA 3D Vision Controller-Treiber 314.22 (Version: 314.22)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Grafiktreiber 314.22 (Version: 314.22)
NVIDIA HD-Audiotreiber 1.3.23.1 (Version: 1.3.23.1)
NVIDIA Install Application (Version: 2.1002.115.743)
NVIDIA PhysX (x32 Version: 9.12.1031)
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)
NVIDIA Systemsteuerung 314.22 (Version: 314.22)
NVIDIA Update 1.12.12 (Version: 1.12.12)
NVIDIA Update Components (Version: 1.12.12)
OpenAL (x32)
OpenOffice.org 3.1 (x32 Version: 3.1.9399)
Opera 12.15 (x32 Version: 12.15.1748)
oZone3D.Net FurMark v1.5.0 (x32)
Pando Media Booster (x32 Version: 2.6.0.1)
PDFCreator (x32 Version: 0.9.6)
Proxy Me! (HKCU)
Punch'n'Crunch 1.0 (x32 Version: 1.0)
PunkBuster Services (x32 Version: 0.993)
Puzzle Hero Deluxe (HKCU Version: 1.0.0)
PVSonyDll (Version: 1.00.0001)
QuickTime (x32 Version: 7.71.80.42)
Realm of the Mad God (x32)
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (x32 Version: 1.00.0000)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5618)
Saqqarah (HKCU Version: 1.0.0)
Scan (x32 Version: 8.1.0.0)
Skype Click to Call (x32 Version: 6.3.11079)
Skype™ 6.5 (x32 Version: 6.5.158)
SolutionCenter (x32 Version: 82.0.188.000)
Spelling Dictionaries Support For Adobe Reader 9 (x32 Version: 9.0.0)
Status (x32 Version: 82.0.173.000)
Steam (x32 Version: 1.0.0.0)
Super Collapse! Puzzle Gallery 4 (HKCU Version: 1.0.0)
TeamSpeak 2 RC2 (x32 Version: 2.0.32.60)
TeamSpeak 3 Client
TeamSpeak 3 Client (x32 Version: 3.0.10.1)
TeamViewer 4 (x32)
TeamViewer 5 (x32 Version: 5.0 8625 )
Terraria (x32)
The Enchanted Kingdom - Elisa's Adventure Deluxe (HKCU Version: 1.0.0)
The Hidden Object Show Deluxe (HKCU Version: 1.0.0)
The legend of El Dorado Deluxe (HKCU Version: 1.0.0)
Toolbox (x32 Version: 82.0.173.000)
TP-LINK Drahtlos Tool (x32 Version: 1.5.6.0)
TrayApp (x32 Version: 82.0.188.000)
Trojan Remover 6.8.7 (x32 Version: 6.8.7)
UnloadSupport (x32 Version: 1.00.0000)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (x32 Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
VLC media player 0.9.8a (x32 Version: 0.9.8a)
WebReg (x32 Version: 82.0.173.000)
WinRAR 4.20 (32-Bit) (x32 Version: 4.20.0)
World of Warcraft (x32 Version: 5.2.0.16826)
Worms Revolution (x32)
==================== Restore Points =========================
06-06-2013 14:19:02 Geplanter Prüfpunkt
08-06-2013 14:29:08 Geplanter Prüfpunkt
09-06-2013 16:47:55 Geplanter Prüfpunkt
09-06-2013 17:02:53 Windows-Sicherung
09-06-2013 17:41:15 Windows Update
16-06-2013 14:40:45 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
16-06-2013 14:42:54 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
16-06-2013 14:49:18 DirectX wurde installiert
16-06-2013 17:00:12 Windows-Sicherung
16-06-2013 17:08:47 Windows Update
23-06-2013 00:20:34 Geplanter Prüfpunkt
23-06-2013 17:00:50 Windows-Sicherung
30-06-2013 17:28:50 Windows-Sicherung
07-07-2013 17:00:53 Windows-Sicherung
11-07-2013 16:01:19 Removed Cisco EAP-FAST Module
11-07-2013 16:14:43 Removed Snap.Do
11-07-2013 16:24:24 Removed Snap.Do
11-07-2013 16:27:54 Removed Snap.Do
11-07-2013 16:34:17 Removed Snap.Do
11-07-2013 16:40:43 Removed Snap.Do
11-07-2013 16:45:38 Removed Cisco EAP-FAST Module
11-07-2013 16:46:49 Removed Cisco LEAP Module
11-07-2013 16:48:08 Removed Cisco PEAP Module
12-07-2013 17:39:28 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2006-11-02 14:34 - 2006-09-18 23:37 - 00000736 ____A C:\Windows\system32\Drivers\etc\hosts
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {04C084E7-1E9A-4A66-8B75-8DFFFD1B9971} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {2001244A-CA85-4639-858A-EB4DE35BB5BC} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-21] (Microsoft Corp.)
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {349E572E-E628-4FC2-959E-6AADE57DB3C7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1203581777-2479668924-669779983-1000UA => C:\Users\Elke\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-12] (Google Inc.)
Task: {476727BE-5235-47FD-86F3-8A76BF7B3076} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated)
Task: {66DCEE02-C125-4C59-95CE-26A60F02E2ED} - System32\Tasks\Microsoft\Windows\WindowsBackup\CheckFull => C:\Windows\System32\sdclt.exe [2010-12-14] (Microsoft Corporation)
Task: {677221CA-41AC-41A1-AC71-BE0E0BB3C089} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {7F29C8B8-3862-40B1-83FF-2299BD8327D7} - System32\Tasks\{50F2A93E-A3BE-4954-8401-2E0DA9122432} => C:\users\elke\appdata\local\google\chrome\application\chrome.exe [2013-06-15] (Google Inc.)
Task: {9AAA061C-EB37-4FC2-ACE3-1F93B9C0623E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation)
Task: {A20BE403-1C14-4169-A529-C474C37C00A9} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated)
Task: {A3E64DD8-9B07-471B-961D-32F9D830E743} - System32\Tasks\{08A49293-3EBB-48FD-BD94-F314E063482A} => C:\program files (x86)\opera\opera.exe [2013-05-05] (Opera Software)
Task: {A9683382-0125-42BE-A29E-E39819CD3AF7} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation)
Task: {AAAD07BB-BBB6-47AB-A81C-114F2C78F429} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation)
Task: {C850AA8F-478C-415E-9CDF-75BE45BA5640} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1203581777-2479668924-669779983-1000Core => C:\Users\Elke\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-12] (Google Inc.)
Task: {CF781DC3-E887-494C-A73B-528D1ED6E362} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\System32\sdclt.exe [2010-12-14] (Microsoft Corporation)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {EA1F58CC-8E65-4C00-9D09-C9A9C6255923} - \Adobe Flash Player Updater No Task File
Task: {FCCACE4C-B737-488D-B9CF-B2DAFD14C8EC} - System32\Tasks\{C1FFA9AE-F7D9-42ED-88A0-FB9E1AF9512C} => C:\users\elke\appdata\local\google\chrome\application\chrome.exe [2013-06-15] (Google Inc.)
Task: {FF391A78-3F6D-430C-A88E-12EE857FF994} - System32\Tasks\{F1CF7033-C1E7-4E62-8510-0536101F9B99} => C:\program files (x86)\opera\opera.exe [2013-05-05] (Opera Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1203581777-2479668924-669779983-1000Core.job => C:\Users\Elke\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1203581777-2479668924-669779983-1000UA.job => C:\Users\Elke\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/12/2013 06:41:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/12/2013 06:44:52 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung gmer_2.1.19163.exe, Version 2.1.19163.0, Zeitstempel 0x515d31f0, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e39f, Ausnahmecode 0xc0000005, Fehleroffset 0x0002ab11,
Prozess-ID 0x56c, Anwendungsstartzeit gmer_2.1.19163.exe0.
Error: (07/11/2013 09:09:53 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/11/2013 09:05:52 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\ELKE\DESKTOP\OTL.EXE> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (07/11/2013 09:05:52 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\ELKE\DESKTOP\OTL.EXE> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (07/11/2013 08:40:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/11/2013 08:02:38 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/11/2013 07:25:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/11/2013 07:20:56 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\ELKE\APPDATA\LOCAL\LOGMEIN HAMACHI\H2-UI.CFG.UPDATING> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (07/11/2013 07:20:43 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\ELKE\APPDATA\LOCAL\LOGMEIN HAMACHI\H2-UI.INI.UPDATING> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
System errors:
=============
Error: (07/12/2013 08:02:01 PM) (Source: Service Control Manager) (User: )
Description: Adobe Flash Player Update Service%%32
Error: (07/12/2013 07:00:07 PM) (Source: Service Control Manager) (User: )
Description: Adobe Flash Player Update Service%%5
Error: (07/12/2013 06:44:29 PM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon%%1069
Error: (07/12/2013 06:44:29 PM) (Source: Service Control Manager) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330
Error: (07/12/2013 06:41:49 PM) (Source: Service Control Manager) (User: )
Description: CdaC15BA%%1275
Error: (07/12/2013 06:41:49 PM) (Source: Service Control Manager) (User: )
Description: TBPanel%%2
Error: (07/12/2013 06:41:04 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\CdaC15BA.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (07/12/2013 06:40:48 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 12.07.2013 um 18:20:06 unerwartet heruntergefahren.
Error: (07/12/2013 06:43:43 AM) (Source: avmaudio) (User: )
Description:
Error: (07/11/2013 09:12:23 PM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon%%1069
Microsoft Office Sessions:
=========================
Error: (08/24/2009 11:34:43 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 88 seconds with 60 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2013-07-12 20:08:09.769
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-12 20:08:09.595
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-12 20:08:09.427
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-12 20:08:09.253
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-12 20:08:09.055
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-12 20:08:08.890
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-12 20:08:08.715
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-12 20:08:08.541
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-12 06:27:30.881
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Elke\AppData\Local\Temp\tmp7E32.tmp" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-12 06:27:30.694
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Elke\AppData\Local\Temp\tmp7CE8.tmp" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 56%
Total physical RAM: 4093.58 MB
Available physical RAM: 1784.43 MB
Total Pagefile: 8398.21 MB
Available Pagefile: 6141.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (Affenkiste_C) (Fixed) (Total:244.14 GB) (Free:6.98 GB) NTFS (Disk=0 Partition=1) ==>[Drive with boot components (obtained from BCD)]
Drive d: (Affenkiste_D) (Fixed) (Total:454.49 GB) (Free:347.31 GB) NTFS (Disk=0 Partition=2)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 699 GB) (Disk ID: 9E03F7DC)
Partition 1: (Active) - (Size=244 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=454 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Liebe Grüße Elke |
|
12.07.2013, 21:05
| #6 | |
| /// the machine /// TB-Ausbilder | Trojan-Downloader.Win32MultiDL.c lässt sich nicht entfernenCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Trojan-Downloader.Win32MultiDL.c lässt sich nicht entfernen |
|
12.07.2013, 22:36
| #7 |
| | Trojan-Downloader.Win32MultiDL.c lässt sich nicht entfernen Lieber Schrauber, vielen Dank für die schnellen Antworten. Das Log ist zu lang, ich habe es jetzt nach Anleitung gezippt, ich hoffe das klappt jetzt mit dem hochladen . |
|
13.07.2013, 10:14
| #8 |
| /// the machine /// TB-Ausbilder | Trojan-Downloader.Win32MultiDL.c lässt sich nicht entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.07.2013, 15:43
| #9 |
| | Trojan-Downloader.Win32MultiDL.c lässt sich nicht entfernen Hallo Schrauber, sry das es mit meiner Antwort länger gedauert hat. Hier die Logs: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.305 - Datei am 14/07/2013 um 16:17:43 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : Elke - AFFENKISTE
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Elke\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Elke\AppData\Roaming\Mozilla\Firefox\Profiles\w3ni35zv.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\Elke\AppData\Roaming\Mozilla\Firefox\Profiles\w3ni35zv.default\searchplugins\Web Search.xml
Gelöscht mit Neustart : C:\Program Files (x86)\ICQ6Toolbar
Gelöscht mit Neustart : C:\ProgramData\Babylon
Gelöscht mit Neustart : C:\ProgramData\ICQ\ICQToolbar
Gelöscht mit Neustart : C:\ProgramData\Trymedia
Gelöscht mit Neustart : C:\Users\Elke\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Gelöscht mit Neustart : C:\Users\Elke\AppData\LocalLow\delta
Gelöscht mit Neustart : C:\Users\Elke\AppData\Roaming\Babylon
Gelöscht mit Neustart : C:\Users\Elke\AppData\Roaming\DealPly
Gelöscht mit Neustart : C:\Users\Elke\AppData\Roaming\file scout
Gelöscht mit Neustart : C:\Windows\SysWOW64\BrowserProtect
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\XingHaoLyrics
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\520d68dbc3fe941
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\0408a92bd64830bbba0477bd54a12436
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\12389d0863a0588ade0a083ab5270573
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\520d68dbc3fe941
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16490
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=Somoto&dpid=Somoto&co=DE&userid=7053c437-386c-452e-a7fa-96b3557eaed3&searchtype=ds&q={searchTerms}&installDate=09/06/2013 --> hxxp://www.google.com
-\\ Mozilla Firefox v15.0.1 (de)
Datei : C:\Users\Elke\AppData\Roaming\Mozilla\Firefox\Profiles\w3ni35zv.default\prefs.js
C:\Users\Elke\AppData\Roaming\Mozilla\Firefox\Profiles\w3ni35zv.default\user.js ... Gelöscht !
Gelöscht : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Gelöscht : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=115284&tt=3512_1");
Gelöscht : user_pref("extensions.BabylonToolbar_i.hardId", "968d8350000000000000001fd08d15bf");
Gelöscht : user_pref("extensions.BabylonToolbar_i.id", "968d8350000000000000001fd08d15bf");
Gelöscht : user_pref("extensions.BabylonToolbar_i.instlDay", "15537");
Gelöscht : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", false);
Gelöscht : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1719:38:15");
Gelöscht : user_pref("extensions.dealply.channel", "_vitaeazel");
Gelöscht : user_pref("extensions.delta.bbDpng", "9");
Gelöscht : user_pref("extensions.delta.cntry", "DE");
Gelöscht : user_pref("extensions.delta.hdrMd5", "");
Gelöscht : user_pref("extensions.delta.lastVrsnTs", "");
Gelöscht : user_pref("extensions.delta.sg", "er");
Gelöscht : user_pref("extensions.delta.smplGrp", "er");
Gelöscht : user_pref("extensions.enabledAddons", "{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0,ffxtlbr@delta.com:[...]
-\\ Google Chrome v27.0.1453.116
Datei : C:\Users\Elke\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.25] : keyword = "search.snap.do",
-\\ Opera v12.15.1748.0
Datei : C:\Users\Elke\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [8360 octets] - [14/07/2013 16:17:43]
########## EOF - C:\AdwCleaner[S1].txt - [8420 octets] ##########
--- --- --- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.0.9 (07.12.2013:2) OS: Windows (TM) Vista Home Premium x64 Ran by Elke on 14.07.2013 at 16:28:06,04 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1203581777-2479668924-669779983-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\Elke\AppData\Roaming\mozilla\firefox\profiles\w3ni35zv.default\minidumps [3 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 14.07.2013 at 16:33:13,12 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-07-2013 01
Ran by Elke (administrator) on 14-07-2013 16:35:28
Running from C:\Users\Elke\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry64.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - RAVCpl64.exe [x]
HKLM\...\Run: [Skytel] - Skytel.exe [x]
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - KHALMNPR.EXE [x]
HKLM\...\Run: [Launch LgDeviceAgent] - "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" [415816 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] - "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE [4725320 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] - "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2412616 2010-08-03] (Logitech Inc.)
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab)
HKCU\...\Run: [GAINWARD] - C:\Program Files (x86)\EXPERTool\TBPanel.exe /A [2181672 2008-12-03] (Gainward Co.)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [AVMUSBFernanschluss] - "C:\Users\Elke\AppData\Local\Apps\2.0\BZAJMQRM.4KO\5HK34L7E.4NE\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe" [139264 2013-01-16] (AVM Berlin)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM-x32\...\Run: [AVP] - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe" [348760 2010-10-01] (Kaspersky Lab)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255184 2013-06-28] (LogMeIn Inc.)
HKLM-x32\...\Run: [TrojanScanner] - "C:\Program Files (x86)\Trojan Remover\Trjscan.exe" /boot [1653008 2013-06-17] (Simply Super Software)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll [15448 2010-10-01] (Kaspersky Lab)
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\TP-LINK Drahtlos Tool.lnk
ShortcutTarget: TP-LINK Drahtlos Tool.lnk -> C:\Program Files (x86)\TP-LINK\COMMON\TWCU.exe (TP-LINK TECHNOLOGIES CO., LTD. )
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\ievkbd.dll (Kaspersky Lab)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll (Kaspersky Lab)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_13\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_13\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game02.zylom.com/activex/zylomgamesplayer.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\Elke\AppData\Roaming\Mozilla\Firefox\Profiles\w3ni35zv.default
FF Homepage: user_pref("browser.startup.homepage", );
FF NewTab: about:blank
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre1.6.0_13\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Elke\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Elke\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Elke\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Elke\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Elke\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: DownloadHelper - C:\Users\Elke\AppData\Roaming\Mozilla\Firefox\Profiles\w3ni35zv.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: No Name - C:\Users\Elke\AppData\Roaming\Mozilla\Firefox\Profiles\w3ni35zv.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Thunderbird\Extensions: [{eea12ec4-729d-4703-bc37-106ce9879ce2}] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\THBExt
FF Extension: Kaspersky Anti-Spam Extension - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\THBExt
Chrome:
=======
CHR HomePage: hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=7053c437-386c-452e-a7fa-96b3557eaed3&searchtype=hp&installDate=09/06/2013
CHR RestoreOnStartup: "hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=7053c437-386c-452e-a7fa-96b3557eaed3&searchtype=hp&installDate=09/06/2013"
CHR DefaultSearchURL: (Web) - hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=7053c437-386c-452e-a7fa-96b3557eaed3&searchtype=ds&q={searchTerms}&installDate=09/06/2013
CHR DefaultSuggestURL: (Web) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Users\Elke\AppData\Local\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Elke\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Elke\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U13) - C:\Program Files (x86)\Java\jre1.6.0_13\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\Elke\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Elke\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Elke\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Zylom Plugin) - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
CHR Plugin: (Google Update) - C:\Users\Elke\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR StartMenuInternet: Google Chrome - "C:\Users\Elke\AppData\Local\Google\Chrome\Application\chrome.exe"
==================== Services (Whitelisted) =================
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe [348760 2010-10-01] (Kaspersky Lab)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [743992 2009-12-21] (Infowatch)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-01-11] ()
R2 RalinkRegistryWriter; C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry.exe [185632 2010-07-07] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry64.exe [212256 2010-07-07] (Ralink Technology, Corp.)
==================== Drivers (Whitelisted) ====================
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [116096 2011-03-05] (AVM Berlin)
S2 CdaC15BA; C:\Windows\SysWow64\drivers\CdaC15BA.SYS [12464 2009-07-16] (Macrovision Europe Ltd)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [85048 2009-12-14] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66104 2009-12-14] (Infowatch)
S3 gdrv; C:\Windows\gdrv.sys [20544 2008-12-14] (Windows (R) Server 2003 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [20544 2008-12-14] (Windows (R) Server 2003 DDK provider)
R1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [157712 2009-09-01] (Kaspersky Lab)
R0 KLBG; C:\Windows\System32\DRIVERS\klbg.sys [40464 2009-10-14] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [353296 2011-09-15] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [27152 2009-09-14] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [21008 2009-10-02] (Kaspersky Lab)
S1 Beep; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S2 CdaC15BA; \??\C:\Windows\system32\drivers\CdaC15BA.SYS [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S2 TBPanel; No ImagePath
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-14 16:33 - 2013-07-14 16:33 - 00001848 _____ C:\Users\Elke\Desktop\JRT.txt
2013-07-14 16:27 - 2013-07-14 16:27 - 00000000 ____D C:\Windows\ERUNT
2013-07-14 16:26 - 2013-07-14 16:15 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\Elke\Desktop\JRT.exe
2013-07-14 16:17 - 2013-07-14 16:18 - 00008469 _____ C:\AdwCleaner[S1].txt
2013-07-14 16:16 - 2013-07-14 16:15 - 00662345 _____ C:\Users\Elke\Desktop\adwcleaner.exe
2013-07-12 23:24 - 2013-07-12 23:24 - 00153151 _____ C:\ComboFix.txt
2013-07-12 22:30 - 2013-07-12 23:24 - 00000000 ____D C:\Qoobox
2013-07-12 22:30 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-12 22:30 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-12 22:30 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-12 22:30 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-12 22:30 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-12 22:30 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-12 22:30 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-12 22:30 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-12 22:29 - 2013-07-12 23:00 - 00000000 ____D C:\Windows\erdnt
2013-07-12 22:28 - 2013-07-12 22:28 - 05088739 ____R (Swearware) C:\Users\Elke\Desktop\ComboFix.exe
2013-07-12 20:09 - 2013-07-12 20:09 - 00026626 _____ C:\Users\Elke\Desktop\Addition.txt
2013-07-12 20:06 - 2013-07-12 20:06 - 00000000 ____D C:\FRST
2013-07-12 20:05 - 2013-07-12 07:15 - 01778143 _____ (Farbar) C:\Users\Elke\Desktop\FRST64.exe
2013-07-11 21:06 - 2013-07-11 21:06 - 00065832 _____ C:\Users\Elke\Desktop\Extras.Txt
2013-07-11 21:04 - 2013-07-11 21:04 - 00130204 _____ C:\Users\Elke\Desktop\OTL.Txt
2013-07-11 20:49 - 2013-07-11 20:49 - 00000470 _____ C:\Users\Elke\Desktop\defogger_disable.log
2013-07-11 20:47 - 2013-07-11 20:47 - 00000000 _____ C:\Users\Elke\defogger_reenable
2013-07-11 20:45 - 2013-07-11 20:45 - 00377856 _____ C:\Users\Elke\Desktop\gmer_2.1.19163.exe
2013-07-11 20:44 - 2013-07-11 20:44 - 00602112 _____ (OldTimer Tools) C:\Users\Elke\Desktop\OTL.exe
2013-07-11 20:44 - 2013-07-11 20:44 - 00050477 _____ C:\Users\Elke\Desktop\Defogger.exe
2013-07-11 20:27 - 2013-07-11 20:27 - 00000990 _____ C:\Users\Public\Desktop\Trojan Remover.lnk
2013-07-11 20:27 - 2013-07-11 20:27 - 00000000 ____D C:\Users\Elke\Documents\Simply Super Software
2013-07-11 20:27 - 2013-07-11 20:27 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-07-11 20:27 - 2013-07-11 20:27 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2013-07-11 20:27 - 2012-06-15 16:39 - 00169744 _____ C:\Windows\SysWOW64\ztvunrar36.dll
2013-07-11 20:27 - 2012-06-15 16:35 - 00185616 _____ C:\Windows\SysWOW64\ztvunrar39.dll
2013-07-11 20:27 - 2012-06-15 16:33 - 00605968 _____ (Igor Pavlov) C:\Windows\SysWOW64\ztv7z.dll
2013-07-11 20:27 - 2012-06-15 16:33 - 00077072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ztvcabinet.dll
2013-07-11 20:27 - 2005-08-26 01:50 - 00077312 _____ C:\Windows\SysWOW64\ztvunace26.dll
2013-07-11 20:27 - 2003-02-02 20:06 - 00153088 _____ C:\Windows\SysWOW64\UNRAR3.dll
2013-07-11 20:27 - 2002-03-06 01:00 - 00075264 _____ C:\Windows\SysWOW64\unacev2.dll
2013-07-11 20:26 - 2013-07-11 20:26 - 20553576 _____ (Simply Super Software ) C:\Users\Elke\Downloads\trjsetup687.exe
2013-07-11 17:05 - 2013-07-11 17:05 - 00000000 ____D C:\ProgramData\䖸Ė䉘Ė3-40C5-AD09-953C574F14BCÄĖ㭸Ė
2013-07-11 16:53 - 2013-07-11 16:53 - 00000000 ____D C:\ProgramData\䖸˧䉘˧3-40C5-AD09-953C574F14BCÄ˧㭸˧
2013-07-11 16:44 - 2013-07-11 16:44 - 00000000 ____D C:\ProgramData\䖸2䉘23-40C5-AD09-953C574F14BCÄ2㭸2
2013-07-10 15:26 - 2013-07-10 15:26 - 00000000 ____D C:\ProgramData\䖸ɿ䉘ɿ3-40C5-AD09-953C574F14BCÄɿ㭸ɿ
2013-07-09 20:57 - 2013-07-09 21:05 - 00000000 ____D C:\Users\Elke\AppData\Roaming\Minecraft Version Changer
2013-07-09 20:57 - 2013-07-09 20:57 - 00000000 ____D C:\Users\Elke\AppData\Local\Craften_Dev_Team
2013-07-09 20:56 - 2013-07-09 20:56 - 00000000 ____D C:\Program Files (x86)\Craften Terminal
2013-07-09 20:55 - 2013-07-09 20:55 - 02484499 _____ (Craften Dev Team ) C:\Users\Elke\Downloads\craftenterminal.exe
2013-07-09 11:50 - 2013-07-09 11:50 - 00000000 ____D C:\ProgramData\䖸ʰ䉘ʰ3-40C5-AD09-953C574F14BCÄʰ㭸ʰ
2013-07-08 16:58 - 2013-07-08 16:58 - 00000000 ____D C:\ProgramData\䖸ʔ䉘ʔ3-40C5-AD09-953C574F14BCÄʔ㭸ʔ
2013-07-07 18:34 - 2013-07-07 18:34 - 00000000 ____D C:\ProgramData\䖸ê䉘ê3-40C5-AD09-953C574F14BCÄê㭸ê
2013-07-07 17:27 - 2013-07-07 17:27 - 00000000 ____D C:\ProgramData\䖸ɝ䉘ɝ3-40C5-AD09-953C574F14BCÄɝ㭸ɝ
2013-07-06 11:50 - 2013-07-06 11:50 - 00291342 _____ C:\Users\Elke\Desktop\MagicLauncher_1.0.0.zip
2013-07-05 17:43 - 2013-07-05 17:43 - 00000931 _____ C:\Users\Elke\Desktop\Minecraft.exe.lnk
2013-07-05 17:36 - 2013-07-05 17:36 - 00000000 ____D C:\ProgramData\䖸ˆ䉘ˆ3-40C5-AD09-953C574F14BCĈ㭸ˆ
2013-07-05 17:34 - 2013-07-05 17:34 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-06-29 21:06 - 2013-06-29 21:06 - 00000000 ____D C:\ProgramData\䖸ʅ䉘ʅ3-40C5-AD09-953C574F14BCÄʅ㭸ʅ
2013-06-28 13:35 - 2013-06-28 13:35 - 00000000 ____D C:\ProgramData\䖸ʙ䉘ʙ3-40C5-AD09-953C574F14BCÄʙ㭸ʙ
2013-06-26 19:14 - 2013-06-26 19:14 - 00000000 ____D C:\ProgramData\䖸B䉘B3-40C5-AD09-953C574F14BCÄB㭸B
2013-06-24 20:06 - 2013-06-24 20:06 - 00000000 ____D C:\ProgramData\䖸ʪ䉘ʪ3-40C5-AD09-953C574F14BCÄʪ㭸ʪ
2013-06-23 14:10 - 2013-06-23 14:10 - 00000000 ____D C:\ProgramData\䖸˗䉘˗3-40C5-AD09-953C574F14BCÄ˗㭸˗
2013-06-22 12:01 - 2013-06-22 12:01 - 00000000 ____D C:\ProgramData\䖸ʩ䉘ʩ3-40C5-AD09-953C574F14BCÄʩ㭸ʩ
2013-06-17 20:14 - 2013-06-17 20:14 - 00003354 _____ C:\Windows\System32\Tasks\AdobeFlashPlayerUpdate
2013-06-17 20:14 - 2013-06-17 20:14 - 00003094 _____ C:\Windows\System32\Tasks\AdobeFlashPlayerUpdate 2
2013-06-17 20:14 - 2013-05-28 15:05 - 00163328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
2013-06-16 19:17 - 2013-05-17 05:09 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-06-16 19:17 - 2013-05-17 05:02 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-06-16 19:17 - 2013-05-17 05:02 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-06-16 19:17 - 2013-05-17 05:01 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-06-16 19:17 - 2013-05-17 05:00 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-06-16 19:17 - 2013-05-17 04:58 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-06-16 19:17 - 2013-05-17 04:56 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-06-16 19:17 - 2013-05-17 04:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-06-16 19:17 - 2013-05-17 04:55 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-06-16 19:17 - 2013-05-17 04:54 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-06-16 19:17 - 2013-05-17 04:53 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-06-16 19:17 - 2013-05-17 04:51 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-06-16 19:17 - 2013-05-17 04:51 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-06-16 19:17 - 2013-05-17 04:46 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-06-16 19:17 - 2013-05-17 01:08 - 12329984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-16 19:17 - 2013-05-17 00:39 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-16 19:17 - 2013-05-17 00:28 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-16 19:17 - 2013-05-17 00:28 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-16 19:17 - 2013-05-17 00:27 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-16 19:17 - 2013-05-17 00:26 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-16 19:17 - 2013-05-17 00:23 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-16 19:17 - 2013-05-17 00:21 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-16 19:17 - 2013-05-17 00:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-16 19:17 - 2013-05-17 00:20 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-16 19:17 - 2013-05-17 00:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-16 19:17 - 2013-05-17 00:17 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-16 19:17 - 2013-05-17 00:17 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-16 19:17 - 2013-05-17 00:16 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-16 19:17 - 2013-05-17 00:12 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-16 19:16 - 2013-05-17 06:05 - 17824768 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-06-16 19:16 - 2013-05-17 05:27 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-06-16 19:16 - 2013-05-17 00:49 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-16 16:42 - 2013-06-16 16:48 - 00000000 ____D C:\ProgramData\Package Cache
2013-06-16 10:31 - 2013-06-16 10:31 - 00000000 ____D C:\ProgramData\䖸ˍ䉘ˍ3-40C5-AD09-953C574F14BCÄˍ㭸ˍ
2013-06-14 18:37 - 2013-06-14 18:37 - 00000000 ____D C:\Users\Elke\Documents\Aktivierung
2013-06-14 18:00 - 2013-06-14 18:00 - 00000000 ____D C:\ProgramData\䖸!䉘!3-40C5-AD09-953C574F14BCÄ!㭸!
==================== One Month Modified Files and Folders =======
2013-07-14 16:33 - 2013-07-14 16:33 - 00001848 _____ C:\Users\Elke\Desktop\JRT.txt
2013-07-14 16:28 - 2008-01-21 03:53 - 01695323 _____ C:\Windows\WindowsUpdate.log
2013-07-14 16:27 - 2013-07-14 16:27 - 00000000 ____D C:\Windows\ERUNT
2013-07-14 16:27 - 2012-09-08 20:45 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-14 16:24 - 2012-09-15 14:07 - 00000000 ____D C:\Users\Elke\AppData\Local\LogMeIn Hamachi
2013-07-14 16:24 - 2008-12-13 15:56 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-14 16:20 - 2008-01-21 05:26 - 00116136 _____ C:\Windows\PFRO.log
2013-07-14 16:20 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-14 16:20 - 2006-11-02 17:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-14 16:20 - 2006-11-02 17:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-14 16:19 - 2006-11-02 17:42 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-14 16:18 - 2013-07-14 16:17 - 00008469 _____ C:\AdwCleaner[S1].txt
2013-07-14 16:15 - 2013-07-14 16:26 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\Elke\Desktop\JRT.exe
2013-07-14 16:15 - 2013-07-14 16:16 - 00662345 _____ C:\Users\Elke\Desktop\adwcleaner.exe
2013-07-13 08:09 - 2011-09-12 14:54 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1203581777-2479668924-669779983-1000UA.job
2013-07-12 23:33 - 2009-01-06 19:17 - 00000000 ____D C:\Users\Elke\AppData\Local\Deployment
2013-07-12 23:33 - 2008-12-13 23:24 - 00000000 ____D C:\Users\Elke\AppData\Local\Apps\2.0
2013-07-12 23:24 - 2013-07-12 23:24 - 00153151 _____ C:\ComboFix.txt
2013-07-12 23:24 - 2013-07-12 22:30 - 00000000 ____D C:\Qoobox
2013-07-12 23:24 - 2006-11-02 15:33 - 00000000 __RHD C:\Users\Default
2013-07-12 23:00 - 2013-07-12 22:29 - 00000000 ____D C:\Windows\erdnt
2013-07-12 22:56 - 2006-11-02 14:34 - 00000215 _____ C:\Windows\system.ini
2013-07-12 22:55 - 2008-12-13 14:59 - 00000000 ____D C:\Users\Elke
2013-07-12 22:28 - 2013-07-12 22:28 - 05088739 ____R (Swearware) C:\Users\Elke\Desktop\ComboFix.exe
2013-07-12 22:27 - 2011-03-05 19:33 - 00186721 _____ C:\Windows\avmacc.log
2013-07-12 20:53 - 2011-09-12 14:54 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1203581777-2479668924-669779983-1000Core.job
2013-07-12 20:09 - 2013-07-12 20:09 - 00026626 _____ C:\Users\Elke\Desktop\Addition.txt
2013-07-12 20:06 - 2013-07-12 20:06 - 00000000 ____D C:\FRST
2013-07-12 18:44 - 2010-09-27 07:47 - 01619370 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-07-12 18:44 - 2008-01-21 13:09 - 00685456 _____ C:\Windows\system32\perfh007.dat
2013-07-12 18:44 - 2008-01-21 13:09 - 00150420 _____ C:\Windows\system32\perfc007.dat
2013-07-12 07:15 - 2013-07-12 20:05 - 01778143 _____ (Farbar) C:\Users\Elke\Desktop\FRST64.exe
2013-07-11 21:06 - 2013-07-11 21:06 - 00065832 _____ C:\Users\Elke\Desktop\Extras.Txt
2013-07-11 21:04 - 2013-07-11 21:04 - 00130204 _____ C:\Users\Elke\Desktop\OTL.Txt
2013-07-11 20:49 - 2013-07-11 20:49 - 00000470 _____ C:\Users\Elke\Desktop\defogger_disable.log
2013-07-11 20:48 - 2008-01-21 13:10 - 01589024 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-11 20:47 - 2013-07-11 20:47 - 00000000 _____ C:\Users\Elke\defogger_reenable
2013-07-11 20:45 - 2013-07-11 20:45 - 00377856 _____ C:\Users\Elke\Desktop\gmer_2.1.19163.exe
2013-07-11 20:44 - 2013-07-11 20:44 - 00602112 _____ (OldTimer Tools) C:\Users\Elke\Desktop\OTL.exe
2013-07-11 20:44 - 2013-07-11 20:44 - 00050477 _____ C:\Users\Elke\Desktop\Defogger.exe
2013-07-11 20:27 - 2013-07-11 20:27 - 00000990 _____ C:\Users\Public\Desktop\Trojan Remover.lnk
2013-07-11 20:27 - 2013-07-11 20:27 - 00000000 ____D C:\Users\Elke\Documents\Simply Super Software
2013-07-11 20:27 - 2013-07-11 20:27 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-07-11 20:27 - 2013-07-11 20:27 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2013-07-11 20:26 - 2013-07-11 20:26 - 20553576 _____ (Simply Super Software ) C:\Users\Elke\Downloads\trjsetup687.exe
2013-07-11 18:12 - 2008-12-20 21:58 - 00000000 ____D C:\Program Files (x86)\MobMapUpdater
2013-07-11 17:59 - 2009-08-26 11:06 - 00000000 ____D C:\Users\Elke\Desktop\Spiele
2013-07-11 17:56 - 2009-06-24 13:46 - 00000000 ____D C:\Users\Elke\AppData\Roaming\Mozilla
2013-07-11 17:34 - 2012-02-08 11:03 - 00002655 _____ C:\Users\Elke\Desktop\Microsoft Office Word 2007.lnk
2013-07-11 17:06 - 2013-01-26 22:03 - 00000000 ____D C:\Users\Elke\Desktop\Mama
2013-07-11 17:05 - 2013-07-11 17:05 - 00000000 ____D C:\ProgramData\䖸Ė䉘Ė3-40C5-AD09-953C574F14BCÄĖ㭸Ė
2013-07-11 16:53 - 2013-07-11 16:53 - 00000000 ____D C:\ProgramData\䖸˧䉘˧3-40C5-AD09-953C574F14BCÄ˧㭸˧
2013-07-11 16:44 - 2013-07-11 16:44 - 00000000 ____D C:\ProgramData\䖸2䉘23-40C5-AD09-953C574F14BCÄ2㭸2
2013-07-11 16:23 - 2008-12-21 22:29 - 00000000 ____D C:\Program Files (x86)\Opera
2013-07-10 21:08 - 2010-05-21 16:07 - 00000000 ____D C:\Users\Elke\AppData\Roaming\TS3Client
2013-07-10 20:53 - 2010-07-31 22:19 - 00000000 ____D C:\Users\Elke\AppData\Roaming\Skype
2013-07-10 20:48 - 2011-09-12 14:54 - 00003998 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1203581777-2479668924-669779983-1000UA
2013-07-10 20:48 - 2011-09-12 14:54 - 00003602 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1203581777-2479668924-669779983-1000Core
2013-07-10 16:28 - 2011-07-17 13:16 - 00000000 ____D C:\Users\Elke\AppData\Roaming\.minecraft
2013-07-10 15:26 - 2013-07-10 15:26 - 00000000 ____D C:\ProgramData\䖸ɿ䉘ɿ3-40C5-AD09-953C574F14BCÄɿ㭸ɿ
2013-07-09 21:05 - 2013-07-09 20:57 - 00000000 ____D C:\Users\Elke\AppData\Roaming\Minecraft Version Changer
2013-07-09 20:57 - 2013-07-09 20:57 - 00000000 ____D C:\Users\Elke\AppData\Local\Craften_Dev_Team
2013-07-09 20:56 - 2013-07-09 20:56 - 00000000 ____D C:\Program Files (x86)\Craften Terminal
2013-07-09 20:55 - 2013-07-09 20:55 - 02484499 _____ (Craften Dev Team ) C:\Users\Elke\Downloads\craftenterminal.exe
2013-07-09 11:52 - 2011-02-04 10:39 - 00002032 _____ C:\Users\Elke\AppData\Local\d3d9caps.dat
2013-07-09 11:50 - 2013-07-09 11:50 - 00000000 ____D C:\ProgramData\䖸ʰ䉘ʰ3-40C5-AD09-953C574F14BCÄʰ㭸ʰ
2013-07-08 16:58 - 2013-07-08 16:58 - 00000000 ____D C:\ProgramData\䖸ʔ䉘ʔ3-40C5-AD09-953C574F14BCÄʔ㭸ʔ
2013-07-07 18:34 - 2013-07-07 18:34 - 00000000 ____D C:\ProgramData\䖸ê䉘ê3-40C5-AD09-953C574F14BCÄê㭸ê
2013-07-07 17:27 - 2013-07-07 17:27 - 00000000 ____D C:\ProgramData\䖸ɝ䉘ɝ3-40C5-AD09-953C574F14BCÄɝ㭸ɝ
2013-07-06 22:03 - 2008-12-21 22:24 - 00228352 _____ C:\Users\Elke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-06 11:50 - 2013-07-06 11:50 - 00291342 _____ C:\Users\Elke\Desktop\MagicLauncher_1.0.0.zip
2013-07-05 17:43 - 2013-07-05 17:43 - 00000931 _____ C:\Users\Elke\Desktop\Minecraft.exe.lnk
2013-07-05 17:36 - 2013-07-05 17:36 - 00000000 ____D C:\ProgramData\䖸ˆ䉘ˆ3-40C5-AD09-953C574F14BCĈ㭸ˆ
2013-07-05 17:34 - 2013-07-05 17:34 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-06-29 21:06 - 2013-06-29 21:06 - 00000000 ____D C:\ProgramData\䖸ʅ䉘ʅ3-40C5-AD09-953C574F14BCÄʅ㭸ʅ
2013-06-28 13:35 - 2013-06-28 13:35 - 00000000 ____D C:\ProgramData\䖸ʙ䉘ʙ3-40C5-AD09-953C574F14BCÄʙ㭸ʙ
2013-06-26 19:14 - 2013-06-26 19:14 - 00000000 ____D C:\ProgramData\䖸B䉘B3-40C5-AD09-953C574F14BCÄB㭸B
2013-06-24 20:06 - 2013-06-24 20:06 - 00000000 ____D C:\ProgramData\䖸ʪ䉘ʪ3-40C5-AD09-953C574F14BCÄʪ㭸ʪ
2013-06-23 14:10 - 2013-06-23 14:10 - 00000000 ____D C:\ProgramData\䖸˗䉘˗3-40C5-AD09-953C574F14BCÄ˗㭸˗
2013-06-22 12:01 - 2013-06-22 12:01 - 00000000 ____D C:\ProgramData\䖸ʩ䉘ʩ3-40C5-AD09-953C574F14BCÄʩ㭸ʩ
2013-06-21 14:41 - 2011-09-13 17:41 - 00002049 _____ C:\Users\Elke\Desktop\Google Chrome.lnk
2013-06-20 15:00 - 2012-12-16 18:14 - 00000000 ____D C:\Users\Elke\Documents\Nicolas Word
2013-06-17 20:53 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\rescache
2013-06-17 20:14 - 2013-06-17 20:14 - 00003354 _____ C:\Windows\System32\Tasks\AdobeFlashPlayerUpdate
2013-06-17 20:14 - 2013-06-17 20:14 - 00003094 _____ C:\Windows\System32\Tasks\AdobeFlashPlayerUpdate 2
2013-06-17 20:12 - 2012-10-21 18:17 - 00000000 ____D C:\Users\Elke\Desktop\Steam
2013-06-16 19:57 - 2008-12-13 16:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-16 19:38 - 2006-11-02 14:35 - 75825640 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-06-16 16:55 - 2009-03-09 20:51 - 00323566 _____ C:\Windows\DirectX.log
2013-06-16 16:48 - 2013-06-16 16:42 - 00000000 ____D C:\ProgramData\Package Cache
2013-06-16 10:31 - 2013-06-16 10:31 - 00000000 ____D C:\ProgramData\䖸ˍ䉘ˍ3-40C5-AD09-953C574F14BCÄˍ㭸ˍ
2013-06-15 20:10 - 2013-04-30 14:25 - 00001100 _____ C:\Users\Elke\AppData\Local\d3d8caps.dat
2013-06-14 18:41 - 2010-10-30 23:51 - 00000000 ____D C:\Users\Elke\Documents\VanessaWord
2013-06-14 18:37 - 2013-06-14 18:37 - 00000000 ____D C:\Users\Elke\Documents\Aktivierung
2013-06-14 18:29 - 2012-09-08 20:45 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-14 18:29 - 2011-06-02 10:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-14 18:00 - 2013-06-14 18:00 - 00000000 ____D C:\ProgramData\䖸!䉘!3-40C5-AD09-953C574F14BCÄ!㭸!
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-14 16:30
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- --- --- --- lg Elke |
|
14.07.2013, 18:50
| #10 |
| /// the machine /// TB-Ausbilder | Trojan-Downloader.Win32MultiDL.c lässt sich nicht entfernenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.07.2013, 19:18
| #11 |
| | Trojan-Downloader.Win32MultiDL.c lässt sich nicht entfernen Hallo Schrauber, ich bekomme den Eset scanner nicht zum laufen. Es kommt noch das Häkchen Terms of use, aber dann kommt die Frage: "Use costum proxy settings. Configure...." Wenn ich ohne ein Häkchen zu setzten auf Start gehe dann meldet das Programm Can not get update. Is proxy configured? Was muss ich denn in die Proxy server settings reinschreiben? Es kommt auch garnicht die Auswahlmöglichkeit Scan Archive. liebe Grüße Elke |
|
14.07.2013, 21:34
| #12 |
| /// the machine /// TB-Ausbilder | Trojan-Downloader.Win32MultiDL.c lässt sich nicht entfernen In welchem browser? Versuch mal nen anderen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.07.2013, 21:23
| #13 |
| | Trojan-Downloader.Win32MultiDL.c lässt sich nicht entfernen Hallo Schrauber, eset hat mich jetzt ganz schön geärgert, aber jetzt habe ich es geschafft. hier die Logs: SETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=e4e9c05d05c7ca4a83757883d9cc80cf # engine=14409 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-07-16 10:25:45 # local_time=2013-07-16 12:25:45 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1282 16774526 100 100 57822094 132964917 401410 0 # compatibility_mode=5892 16776574 100 100 2561248 211494251 0 0 # scanned=417826 # found=1 # cleaned=0 # scan_time=7067 sh=1FDF2ED6E55AAB1B5AEA5DA49A6F13F0AB48C82A ft=1 fh=e406b055e8737d71 vn="a variant of Win32/Kryptik.AMQ trojan" ac=I fn="C:\Users\Elke\AppData\Local\Zylom Games\The Hidden Object Show Deluxe\thehiddenobjectshow.dll" Results of screen317's Security Check version 0.99.69 Windows Vista Service Pack 2 x64 (UAC is disabled!) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java(TM) 6 Update 13 Java version out of Date! Adobe Flash Player 11.7.700.224 Adobe Reader 9 Adobe Reader out of Date! Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox 15.0.1 Firefox out of Date! Google Chrome 27.0.1453.116 Google Chrome 28.0.1500.72 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-07-2013 01
Ran by Elke (administrator) on 16-07-2013 21:59:58
Running from C:\Users\Elke\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry64.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Microsoft Corporation) C:\Windows\system32\sdclt.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - RAVCpl64.exe [x]
HKLM\...\Run: [Skytel] - Skytel.exe [x]
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - KHALMNPR.EXE [x]
HKLM\...\Run: [Launch LgDeviceAgent] - "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" [415816 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] - "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE [4725320 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] - "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2412616 2010-08-03] (Logitech Inc.)
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab)
HKCU\...\Run: [GAINWARD] - C:\Program Files (x86)\EXPERTool\TBPanel.exe /A [2181672 2008-12-03] (Gainward Co.)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [AVMUSBFernanschluss] - "C:\Users\Elke\AppData\Local\Apps\2.0\BZAJMQRM.4KO\5HK34L7E.4NE\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe" [139264 2013-01-16] (AVM Berlin)
HKCU\...\Run: [Google Update] - "C:\Users\Elke\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-09-12] (Google Inc.)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM-x32\...\Run: [AVP] - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe" [348760 2010-10-01] (Kaspersky Lab)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255184 2013-06-28] (LogMeIn Inc.)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll [15448 2010-10-01] (Kaspersky Lab)
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\TP-LINK Drahtlos Tool.lnk
ShortcutTarget: TP-LINK Drahtlos Tool.lnk -> C:\Program Files (x86)\TP-LINK\COMMON\TWCU.exe (TP-LINK TECHNOLOGIES CO., LTD. )
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\ievkbd.dll (Kaspersky Lab)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll (Kaspersky Lab)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_13\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_13\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game02.zylom.com/activex/zylomgamesplayer.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Elke\AppData\Roaming\Mozilla\Firefox\Profiles\w3ni35zv.default
FF Homepage: user_pref("browser.startup.homepage", );
FF NewTab: about:blank
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre1.6.0_13\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Elke\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Elke\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Elke\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Elke\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Elke\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: DownloadHelper - C:\Users\Elke\AppData\Roaming\Mozilla\Firefox\Profiles\w3ni35zv.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: No Name - C:\Users\Elke\AppData\Roaming\Mozilla\Firefox\Profiles\w3ni35zv.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Thunderbird\Extensions: [{eea12ec4-729d-4703-bc37-106ce9879ce2}] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\THBExt
FF Extension: Kaspersky Anti-Spam Extension - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\THBExt
Chrome:
=======
CHR HomePage: hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=7053c437-386c-452e-a7fa-96b3557eaed3&searchtype=hp&installDate=09/06/2013
CHR RestoreOnStartup: "hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=7053c437-386c-452e-a7fa-96b3557eaed3&searchtype=hp&installDate=09/06/2013"
CHR DefaultSearchURL: (Web) - hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=7053c437-386c-452e-a7fa-96b3557eaed3&searchtype=ds&q={searchTerms}&installDate=09/06/2013
CHR DefaultSuggestURL: (Web) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Users\Elke\AppData\Local\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Elke\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Elke\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U13) - C:\Program Files (x86)\Java\jre1.6.0_13\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\Elke\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Elke\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Elke\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Zylom Plugin) - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
CHR Plugin: (Google Update) - C:\Users\Elke\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR StartMenuInternet: Google Chrome - "C:\Users\Elke\AppData\Local\Google\Chrome\Application\chrome.exe"
==================== Services (Whitelisted) =================
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe [348760 2010-10-01] (Kaspersky Lab)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [743992 2009-12-21] (Infowatch)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-01-11] ()
R2 RalinkRegistryWriter; C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry.exe [185632 2010-07-07] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry64.exe [212256 2010-07-07] (Ralink Technology, Corp.)
==================== Drivers (Whitelisted) ====================
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [116096 2011-03-05] (AVM Berlin)
S2 CdaC15BA; C:\Windows\SysWow64\drivers\CdaC15BA.SYS [12464 2009-07-16] (Macrovision Europe Ltd)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [85048 2009-12-14] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66104 2009-12-14] (Infowatch)
S3 gdrv; C:\Windows\gdrv.sys [20544 2008-12-14] (Windows (R) Server 2003 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [20544 2008-12-14] (Windows (R) Server 2003 DDK provider)
R1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [157712 2009-09-01] (Kaspersky Lab)
R0 KLBG; C:\Windows\System32\DRIVERS\klbg.sys [40464 2009-10-14] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [353296 2011-09-15] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [27152 2009-09-14] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [21008 2009-10-02] (Kaspersky Lab)
S1 Beep; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S2 CdaC15BA; \??\C:\Windows\system32\drivers\CdaC15BA.SYS [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S2 TBPanel; No ImagePath
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-16 21:33 - 2013-07-14 20:08 - 00891022 _____ C:\Users\Elke\Desktop\SecurityCheck.exe
2013-07-16 21:30 - 2013-07-16 21:57 - 00000000 ____D C:\Users\Elke\Desktop\log file
2013-07-16 10:16 - 2013-07-16 10:16 - 00000133 _____ C:\Users\Elke\Desktop\eset.txt
2013-07-14 17:07 - 2013-07-14 17:07 - 00000288 ___SH C:\Windows\KLIF.spi
2013-07-14 16:33 - 2013-07-14 16:33 - 00001848 _____ C:\Users\Elke\Desktop\JRT.txt
2013-07-14 16:27 - 2013-07-14 16:27 - 00000000 ____D C:\Windows\ERUNT
2013-07-14 16:26 - 2013-07-14 16:15 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\Elke\Desktop\JRT.exe
2013-07-14 16:17 - 2013-07-14 16:18 - 00008469 _____ C:\AdwCleaner[S1].txt
2013-07-14 16:16 - 2013-07-14 16:15 - 00662345 _____ C:\Users\Elke\Desktop\adwcleaner.exe
2013-07-12 23:24 - 2013-07-12 23:24 - 00153151 _____ C:\ComboFix.txt
2013-07-12 22:30 - 2013-07-12 23:24 - 00000000 ____D C:\Qoobox
2013-07-12 22:30 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-12 22:30 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-12 22:30 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-12 22:30 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-12 22:30 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-12 22:30 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-12 22:30 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-12 22:30 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-12 22:29 - 2013-07-12 23:00 - 00000000 ____D C:\Windows\erdnt
2013-07-12 22:28 - 2013-07-12 22:28 - 05088739 ____R (Swearware) C:\Users\Elke\Desktop\ComboFix.exe
2013-07-12 20:09 - 2013-07-12 20:09 - 00026626 _____ C:\Users\Elke\Desktop\Addition.txt
2013-07-12 20:06 - 2013-07-12 20:06 - 00000000 ____D C:\FRST
2013-07-12 20:05 - 2013-07-12 07:15 - 01778143 _____ (Farbar) C:\Users\Elke\Desktop\FRST64.exe
2013-07-11 21:06 - 2013-07-11 21:06 - 00065832 _____ C:\Users\Elke\Desktop\Extras.Txt
2013-07-11 21:04 - 2013-07-11 21:04 - 00130204 _____ C:\Users\Elke\Desktop\OTL.Txt
2013-07-11 20:49 - 2013-07-11 20:49 - 00000470 _____ C:\Users\Elke\Desktop\defogger_disable.log
2013-07-11 20:47 - 2013-07-11 20:47 - 00000000 _____ C:\Users\Elke\defogger_reenable
2013-07-11 20:45 - 2013-07-11 20:45 - 00377856 _____ C:\Users\Elke\Desktop\gmer_2.1.19163.exe
2013-07-11 20:44 - 2013-07-11 20:44 - 00602112 _____ (OldTimer Tools) C:\Users\Elke\Desktop\OTL.exe
2013-07-11 20:44 - 2013-07-11 20:44 - 00050477 _____ C:\Users\Elke\Desktop\Defogger.exe
2013-07-11 20:26 - 2013-07-11 20:26 - 20553576 _____ (Simply Super Software ) C:\Users\Elke\Downloads\trjsetup687.exe
2013-07-11 17:05 - 2013-07-11 17:05 - 00000000 ____D C:\ProgramData\䖸Ė䉘Ė3-40C5-AD09-953C574F14BCÄĖ㭸Ė
2013-07-11 16:53 - 2013-07-11 16:53 - 00000000 ____D C:\ProgramData\䖸˧䉘˧3-40C5-AD09-953C574F14BCÄ˧㭸˧
2013-07-11 16:44 - 2013-07-11 16:44 - 00000000 ____D C:\ProgramData\䖸2䉘23-40C5-AD09-953C574F14BCÄ2㭸2
2013-07-10 15:26 - 2013-07-10 15:26 - 00000000 ____D C:\ProgramData\䖸ɿ䉘ɿ3-40C5-AD09-953C574F14BCÄɿ㭸ɿ
2013-07-09 20:57 - 2013-07-09 21:05 - 00000000 ____D C:\Users\Elke\AppData\Roaming\Minecraft Version Changer
2013-07-09 20:57 - 2013-07-09 20:57 - 00000000 ____D C:\Users\Elke\AppData\Local\Craften_Dev_Team
2013-07-09 20:56 - 2013-07-09 20:56 - 00000000 ____D C:\Program Files (x86)\Craften Terminal
2013-07-09 20:55 - 2013-07-09 20:55 - 02484499 _____ (Craften Dev Team ) C:\Users\Elke\Downloads\craftenterminal.exe
2013-07-09 11:50 - 2013-07-09 11:50 - 00000000 ____D C:\ProgramData\䖸ʰ䉘ʰ3-40C5-AD09-953C574F14BCÄʰ㭸ʰ
2013-07-08 16:58 - 2013-07-08 16:58 - 00000000 ____D C:\ProgramData\䖸ʔ䉘ʔ3-40C5-AD09-953C574F14BCÄʔ㭸ʔ
2013-07-07 18:34 - 2013-07-07 18:34 - 00000000 ____D C:\ProgramData\䖸ê䉘ê3-40C5-AD09-953C574F14BCÄê㭸ê
2013-07-07 17:27 - 2013-07-07 17:27 - 00000000 ____D C:\ProgramData\䖸ɝ䉘ɝ3-40C5-AD09-953C574F14BCÄɝ㭸ɝ
2013-07-06 11:50 - 2013-07-06 11:50 - 00291342 _____ C:\Users\Elke\Desktop\MagicLauncher_1.0.0.zip
2013-07-05 17:43 - 2013-07-05 17:43 - 00000931 _____ C:\Users\Elke\Desktop\Minecraft.exe.lnk
2013-07-05 17:36 - 2013-07-05 17:36 - 00000000 ____D C:\ProgramData\䖸ˆ䉘ˆ3-40C5-AD09-953C574F14BCĈ㭸ˆ
2013-07-05 17:34 - 2013-07-05 17:34 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-06-29 21:06 - 2013-06-29 21:06 - 00000000 ____D C:\ProgramData\䖸ʅ䉘ʅ3-40C5-AD09-953C574F14BCÄʅ㭸ʅ
2013-06-28 13:35 - 2013-06-28 13:35 - 00000000 ____D C:\ProgramData\䖸ʙ䉘ʙ3-40C5-AD09-953C574F14BCÄʙ㭸ʙ
2013-06-26 19:14 - 2013-06-26 19:14 - 00000000 ____D C:\ProgramData\䖸B䉘B3-40C5-AD09-953C574F14BCÄB㭸B
2013-06-24 20:06 - 2013-06-24 20:06 - 00000000 ____D C:\ProgramData\䖸ʪ䉘ʪ3-40C5-AD09-953C574F14BCÄʪ㭸ʪ
2013-06-23 14:10 - 2013-06-23 14:10 - 00000000 ____D C:\ProgramData\䖸˗䉘˗3-40C5-AD09-953C574F14BCÄ˗㭸˗
2013-06-22 12:01 - 2013-06-22 12:01 - 00000000 ____D C:\ProgramData\䖸ʩ䉘ʩ3-40C5-AD09-953C574F14BCÄʩ㭸ʩ
2013-06-17 20:14 - 2013-06-17 20:14 - 00003354 _____ C:\Windows\System32\Tasks\AdobeFlashPlayerUpdate
2013-06-17 20:14 - 2013-06-17 20:14 - 00003094 _____ C:\Windows\System32\Tasks\AdobeFlashPlayerUpdate 2
2013-06-17 20:14 - 2013-05-28 15:05 - 00163328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
2013-06-16 19:17 - 2013-05-17 05:09 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-06-16 19:17 - 2013-05-17 05:02 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-06-16 19:17 - 2013-05-17 05:02 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-06-16 19:17 - 2013-05-17 05:01 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-06-16 19:17 - 2013-05-17 05:00 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-06-16 19:17 - 2013-05-17 04:58 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-06-16 19:17 - 2013-05-17 04:56 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-06-16 19:17 - 2013-05-17 04:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-06-16 19:17 - 2013-05-17 04:55 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-06-16 19:17 - 2013-05-17 04:54 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-06-16 19:17 - 2013-05-17 04:53 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-06-16 19:17 - 2013-05-17 04:51 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-06-16 19:17 - 2013-05-17 04:51 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-06-16 19:17 - 2013-05-17 04:46 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-06-16 19:17 - 2013-05-17 01:08 - 12329984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-16 19:17 - 2013-05-17 00:39 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-16 19:17 - 2013-05-17 00:28 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-16 19:17 - 2013-05-17 00:28 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-16 19:17 - 2013-05-17 00:27 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-16 19:17 - 2013-05-17 00:26 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-16 19:17 - 2013-05-17 00:23 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-16 19:17 - 2013-05-17 00:21 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-16 19:17 - 2013-05-17 00:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-16 19:17 - 2013-05-17 00:20 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-16 19:17 - 2013-05-17 00:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-16 19:17 - 2013-05-17 00:17 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-16 19:17 - 2013-05-17 00:17 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-16 19:17 - 2013-05-17 00:16 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-16 19:17 - 2013-05-17 00:12 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-16 19:16 - 2013-05-17 06:05 - 17824768 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-06-16 19:16 - 2013-05-17 05:27 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-06-16 19:16 - 2013-05-17 00:49 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-16 16:42 - 2013-06-16 16:48 - 00000000 ____D C:\ProgramData\Package Cache
2013-06-16 10:31 - 2013-06-16 10:31 - 00000000 ____D C:\ProgramData\䖸ˍ䉘ˍ3-40C5-AD09-953C574F14BCÄˍ㭸ˍ
==================== One Month Modified Files and Folders =======
2013-07-16 21:58 - 2011-09-12 14:54 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1203581777-2479668924-669779983-1000UA.job
2013-07-16 21:57 - 2013-07-16 21:30 - 00000000 ____D C:\Users\Elke\Desktop\log file
2013-07-16 21:40 - 2008-01-21 03:53 - 01750621 _____ C:\Windows\WindowsUpdate.log
2013-07-16 21:28 - 2012-09-08 20:45 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-16 21:25 - 2011-09-12 14:54 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1203581777-2479668924-669779983-1000Core.job
2013-07-16 12:14 - 2006-11-02 17:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-16 12:14 - 2006-11-02 17:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-16 10:16 - 2013-07-16 10:16 - 00000133 _____ C:\Users\Elke\Desktop\eset.txt
2013-07-16 10:16 - 2012-09-15 14:07 - 00000000 ____D C:\Users\Elke\AppData\Local\LogMeIn Hamachi
2013-07-15 20:03 - 2011-09-13 17:41 - 00002049 _____ C:\Users\Elke\Desktop\Google Chrome.lnk
2013-07-15 19:54 - 2011-09-12 14:54 - 00004088 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1203581777-2479668924-669779983-1000UA
2013-07-15 19:54 - 2011-09-12 14:54 - 00003692 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1203581777-2479668924-669779983-1000Core
2013-07-14 20:08 - 2013-07-16 21:33 - 00891022 _____ C:\Users\Elke\Desktop\SecurityCheck.exe
2013-07-14 17:07 - 2013-07-14 17:07 - 00000288 ___SH C:\Windows\KLIF.spi
2013-07-14 17:06 - 2008-12-13 15:56 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-14 17:04 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-14 17:02 - 2006-11-02 17:42 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-14 16:33 - 2013-07-14 16:33 - 00001848 _____ C:\Users\Elke\Desktop\JRT.txt
2013-07-14 16:27 - 2013-07-14 16:27 - 00000000 ____D C:\Windows\ERUNT
2013-07-14 16:24 - 2010-01-05 16:42 - 00000000 ____D C:\ProgramData\ICQ
2013-07-14 16:20 - 2008-01-21 05:26 - 00116136 _____ C:\Windows\PFRO.log
2013-07-14 16:18 - 2013-07-14 16:17 - 00008469 _____ C:\AdwCleaner[S1].txt
2013-07-14 16:15 - 2013-07-14 16:26 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\Elke\Desktop\JRT.exe
2013-07-14 16:15 - 2013-07-14 16:16 - 00662345 _____ C:\Users\Elke\Desktop\adwcleaner.exe
2013-07-12 23:33 - 2009-01-06 19:17 - 00000000 ____D C:\Users\Elke\AppData\Local\Deployment
2013-07-12 23:33 - 2008-12-13 23:24 - 00000000 ____D C:\Users\Elke\AppData\Local\Apps\2.0
2013-07-12 23:24 - 2013-07-12 23:24 - 00153151 _____ C:\ComboFix.txt
2013-07-12 23:24 - 2013-07-12 22:30 - 00000000 ____D C:\Qoobox
2013-07-12 23:24 - 2006-11-02 15:33 - 00000000 __RHD C:\Users\Default
2013-07-12 23:00 - 2013-07-12 22:29 - 00000000 ____D C:\Windows\erdnt
2013-07-12 22:56 - 2006-11-02 14:34 - 00000215 _____ C:\Windows\system.ini
2013-07-12 22:55 - 2008-12-13 14:59 - 00000000 ____D C:\Users\Elke
2013-07-12 22:28 - 2013-07-12 22:28 - 05088739 ____R (Swearware) C:\Users\Elke\Desktop\ComboFix.exe
2013-07-12 22:27 - 2011-03-05 19:33 - 00186721 _____ C:\Windows\avmacc.log
2013-07-12 20:09 - 2013-07-12 20:09 - 00026626 _____ C:\Users\Elke\Desktop\Addition.txt
2013-07-12 20:06 - 2013-07-12 20:06 - 00000000 ____D C:\FRST
2013-07-12 18:44 - 2010-09-27 07:47 - 01619370 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-07-12 18:44 - 2008-01-21 13:09 - 00685456 _____ C:\Windows\system32\perfh007.dat
2013-07-12 18:44 - 2008-01-21 13:09 - 00150420 _____ C:\Windows\system32\perfc007.dat
2013-07-12 07:15 - 2013-07-12 20:05 - 01778143 _____ (Farbar) C:\Users\Elke\Desktop\FRST64.exe
2013-07-11 21:06 - 2013-07-11 21:06 - 00065832 _____ C:\Users\Elke\Desktop\Extras.Txt
2013-07-11 21:04 - 2013-07-11 21:04 - 00130204 _____ C:\Users\Elke\Desktop\OTL.Txt
2013-07-11 20:49 - 2013-07-11 20:49 - 00000470 _____ C:\Users\Elke\Desktop\defogger_disable.log
2013-07-11 20:48 - 2008-01-21 13:10 - 01589024 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-11 20:47 - 2013-07-11 20:47 - 00000000 _____ C:\Users\Elke\defogger_reenable
2013-07-11 20:45 - 2013-07-11 20:45 - 00377856 _____ C:\Users\Elke\Desktop\gmer_2.1.19163.exe
2013-07-11 20:44 - 2013-07-11 20:44 - 00602112 _____ (OldTimer Tools) C:\Users\Elke\Desktop\OTL.exe
2013-07-11 20:44 - 2013-07-11 20:44 - 00050477 _____ C:\Users\Elke\Desktop\Defogger.exe
2013-07-11 20:26 - 2013-07-11 20:26 - 20553576 _____ (Simply Super Software ) C:\Users\Elke\Downloads\trjsetup687.exe
2013-07-11 18:12 - 2008-12-20 21:58 - 00000000 ____D C:\Program Files (x86)\MobMapUpdater
2013-07-11 17:59 - 2009-08-26 11:06 - 00000000 ____D C:\Users\Elke\Desktop\Spiele
2013-07-11 17:56 - 2009-06-24 13:46 - 00000000 ____D C:\Users\Elke\AppData\Roaming\Mozilla
2013-07-11 17:34 - 2012-02-08 11:03 - 00002655 _____ C:\Users\Elke\Desktop\Microsoft Office Word 2007.lnk
2013-07-11 17:06 - 2013-01-26 22:03 - 00000000 ____D C:\Users\Elke\Desktop\Mama
2013-07-11 17:05 - 2013-07-11 17:05 - 00000000 ____D C:\ProgramData\䖸Ė䉘Ė3-40C5-AD09-953C574F14BCÄĖ㭸Ė
2013-07-11 16:53 - 2013-07-11 16:53 - 00000000 ____D C:\ProgramData\䖸˧䉘˧3-40C5-AD09-953C574F14BCÄ˧㭸˧
2013-07-11 16:44 - 2013-07-11 16:44 - 00000000 ____D C:\ProgramData\䖸2䉘23-40C5-AD09-953C574F14BCÄ2㭸2
2013-07-11 16:23 - 2008-12-21 22:29 - 00000000 ____D C:\Program Files (x86)\Opera
2013-07-10 21:08 - 2010-05-21 16:07 - 00000000 ____D C:\Users\Elke\AppData\Roaming\TS3Client
2013-07-10 20:53 - 2010-07-31 22:19 - 00000000 ____D C:\Users\Elke\AppData\Roaming\Skype
2013-07-10 16:28 - 2011-07-17 13:16 - 00000000 ____D C:\Users\Elke\AppData\Roaming\.minecraft
2013-07-10 15:26 - 2013-07-10 15:26 - 00000000 ____D C:\ProgramData\䖸ɿ䉘ɿ3-40C5-AD09-953C574F14BCÄɿ㭸ɿ
2013-07-09 21:05 - 2013-07-09 20:57 - 00000000 ____D C:\Users\Elke\AppData\Roaming\Minecraft Version Changer
2013-07-09 20:57 - 2013-07-09 20:57 - 00000000 ____D C:\Users\Elke\AppData\Local\Craften_Dev_Team
2013-07-09 20:56 - 2013-07-09 20:56 - 00000000 ____D C:\Program Files (x86)\Craften Terminal
2013-07-09 20:55 - 2013-07-09 20:55 - 02484499 _____ (Craften Dev Team ) C:\Users\Elke\Downloads\craftenterminal.exe
2013-07-09 11:52 - 2011-02-04 10:39 - 00002032 _____ C:\Users\Elke\AppData\Local\d3d9caps.dat
2013-07-09 11:50 - 2013-07-09 11:50 - 00000000 ____D C:\ProgramData\䖸ʰ䉘ʰ3-40C5-AD09-953C574F14BCÄʰ㭸ʰ
2013-07-08 16:58 - 2013-07-08 16:58 - 00000000 ____D C:\ProgramData\䖸ʔ䉘ʔ3-40C5-AD09-953C574F14BCÄʔ㭸ʔ
2013-07-07 18:34 - 2013-07-07 18:34 - 00000000 ____D C:\ProgramData\䖸ê䉘ê3-40C5-AD09-953C574F14BCÄê㭸ê
2013-07-07 17:27 - 2013-07-07 17:27 - 00000000 ____D C:\ProgramData\䖸ɝ䉘ɝ3-40C5-AD09-953C574F14BCÄɝ㭸ɝ
2013-07-06 22:03 - 2008-12-21 22:24 - 00228352 _____ C:\Users\Elke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-06 11:50 - 2013-07-06 11:50 - 00291342 _____ C:\Users\Elke\Desktop\MagicLauncher_1.0.0.zip
2013-07-05 17:43 - 2013-07-05 17:43 - 00000931 _____ C:\Users\Elke\Desktop\Minecraft.exe.lnk
2013-07-05 17:36 - 2013-07-05 17:36 - 00000000 ____D C:\ProgramData\䖸ˆ䉘ˆ3-40C5-AD09-953C574F14BCĈ㭸ˆ
2013-07-05 17:34 - 2013-07-05 17:34 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-06-29 21:06 - 2013-06-29 21:06 - 00000000 ____D C:\ProgramData\䖸ʅ䉘ʅ3-40C5-AD09-953C574F14BCÄʅ㭸ʅ
2013-06-28 13:35 - 2013-06-28 13:35 - 00000000 ____D C:\ProgramData\䖸ʙ䉘ʙ3-40C5-AD09-953C574F14BCÄʙ㭸ʙ
2013-06-26 19:14 - 2013-06-26 19:14 - 00000000 ____D C:\ProgramData\䖸B䉘B3-40C5-AD09-953C574F14BCÄB㭸B
2013-06-24 20:06 - 2013-06-24 20:06 - 00000000 ____D C:\ProgramData\䖸ʪ䉘ʪ3-40C5-AD09-953C574F14BCÄʪ㭸ʪ
2013-06-23 14:10 - 2013-06-23 14:10 - 00000000 ____D C:\ProgramData\䖸˗䉘˗3-40C5-AD09-953C574F14BCÄ˗㭸˗
2013-06-22 12:01 - 2013-06-22 12:01 - 00000000 ____D C:\ProgramData\䖸ʩ䉘ʩ3-40C5-AD09-953C574F14BCÄʩ㭸ʩ
2013-06-20 15:00 - 2012-12-16 18:14 - 00000000 ____D C:\Users\Elke\Documents\Nicolas Word
2013-06-17 20:53 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\rescache
2013-06-17 20:14 - 2013-06-17 20:14 - 00003354 _____ C:\Windows\System32\Tasks\AdobeFlashPlayerUpdate
2013-06-17 20:14 - 2013-06-17 20:14 - 00003094 _____ C:\Windows\System32\Tasks\AdobeFlashPlayerUpdate 2
2013-06-17 20:12 - 2012-10-21 18:17 - 00000000 ____D C:\Users\Elke\Desktop\Steam
2013-06-16 19:57 - 2008-12-13 16:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-16 19:38 - 2006-11-02 14:35 - 75825640 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-06-16 16:55 - 2009-03-09 20:51 - 00323566 _____ C:\Windows\DirectX.log
2013-06-16 16:48 - 2013-06-16 16:42 - 00000000 ____D C:\ProgramData\Package Cache
2013-06-16 10:31 - 2013-06-16 10:31 - 00000000 ____D C:\ProgramData\䖸ˍ䉘ˍ3-40C5-AD09-953C574F14BCÄˍ㭸ˍ
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-14 17:13
==================== End Of Log ============================
--- --- --- Kaspersky meldet immer noch den gleichen Trojaner im gleichen Verzeichnis  liebe Grüße Elke |
|
17.07.2013, 08:13
| #14 |
| /// the machine /// TB-Ausbilder | Trojan-Downloader.Win32MultiDL.c lässt sich nicht entfernen Java, Adobe und Firefox updaten. Wo meldet KAV den?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.07.2013, 08:48
| #15 |
| | Trojan-Downloader.Win32MultiDL.c lässt sich nicht entfernen Guten Morgen Schrauber, Kaspersky meldet ihn immer noch in dem alten Verzeichnis: C:/Windows/syswow64/macromed/flash/flashplayerupdateservice.exe lg elke P.S.: hier noch ein Screenshot von der Meldung PP.S.: Adobe meldet das kein Update verfügbar ist. Die anderen habe ich geupdatet. Geändert von Misama (17.07.2013 um 09:08 Uhr) |
|
| Themen zu Trojan-Downloader.Win32MultiDL.c lässt sich nicht entfernen |
| 7-zip, bho, bildschirm, bonjour, computer, downloader, drahtlos, entfernen, error, filescout.exe, firefox, flash player, google, home, install.exe, kaspersky, launch, logfile, lässt sich nicht entfernen, officejet, plug-in, popup, realtek, scan, security, server, software, somoto, super, tastatur, teamspeak, trojan-downloader.win32multidl.c, trojaner, vista, wrapper |
Linear-Darstellung
