| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PUP.crossfire.SA, PUP.funmoodsWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
20.07.2013, 13:47
| #1 |
 |  PUP.crossfire.SA, PUP.funmoods Hallo zusammen, meine kleine Schwester hat sich offenbar einen Virus eingfangen. Da ich hier so gute Erfahrungen machen durfte, habe ich es jetzt für sie in die Hand genommen, und hoffe dass ihr uns helfen könnt. Zuerst haben wir Malwarebytes laufen lassen: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.07.20.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 Hassel the Hoff :: HASSELTHEHOFF [Administrator] Schutz: Aktiviert 20.07.2013 09:18:03 mbam-log-2013-07-20 (09-18-03).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 531900 Laufzeit: 1 Stunde(n), 16 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\Software\InstalledBrowserExtensions\215 Apps|4479 (PUP.CrossFire.SA) -> Daten: Giant Savings -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Hassel the Hoff\AppData\Local\Temp\is357113909\FunmoodsLatest.exe (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.07.20.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 Hassel the Hoff :: HASSELTHEHOFF [Administrator] Schutz: Aktiviert 20.07.2013 11:05:05 mbam-log-2013-07-20 (11-05-05).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 531557 Laufzeit: 1 Stunde(n), 8 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:19 on 20/07/2013 (Hassel the Hoff)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 20.07.2013 12:22:44 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hassel the Hoff\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 45,29% Memory free 7,35 Gb Paging File | 5,02 Gb Available in Paging File | 68,28% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 230,89 Gb Total Space | 104,02 Gb Free Space | 45,05% Space Free | Partition Type: NTFS Drive E: | 234,77 Gb Total Space | 57,00 Gb Free Space | 24,28% Space Free | Partition Type: NTFS Computer Name: HASSELTHEHOFF | User Name: Hassel the Hoff | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.20 12:21:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hassel the Hoff\Downloads\OTL.exe PRC - [2013.06.27 13:02:12 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.06.27 13:02:09 | 000,111,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\program files (x86)\avira\antivir desktop\ipmGui.exe PRC - [2013.06.27 13:01:55 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.06.27 13:01:54 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.06.18 10:26:02 | 001,074,736 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.exe PRC - [2013.06.18 10:26:02 | 000,884,784 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe PRC - [2013.06.17 10:29:56 | 002,723,368 | ---- | M] (Iminent) -- C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Hassel the Hoff\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.05.08 15:14:06 | 001,089,888 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe PRC - [2013.05.08 15:02:26 | 012,113,248 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files (x86)\Evernote\Evernote\Evernote.exe PRC - [2013.05.08 15:02:26 | 000,395,104 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.12.05 08:37:58 | 005,379,472 | ---- | M] (ManyCam LLC) -- C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe PRC - [2012.11.01 06:16:42 | 000,577,536 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.07.01 04:51:12 | 000,418,896 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe PRC - [2011.07.01 04:51:12 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2011.07.01 04:51:10 | 001,103,440 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2011.07.01 04:51:10 | 000,353,360 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010.09.16 03:13:16 | 002,538,520 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.09.16 03:13:08 | 000,325,656 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2009.10.02 23:32:51 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe PRC - [2009.03.30 16:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe ========== Modules (No Company Name) ========== MOD - [2013.07.20 11:05:01 | 000,120,832 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEMD0CF.tmp MOD - [2013.07.20 11:05:01 | 000,086,016 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEMD404.tmp MOD - [2013.07.20 11:05:01 | 000,086,016 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEMD3E3.tmp MOD - [2013.07.20 11:05:01 | 000,086,016 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEMD3C2.tmp MOD - [2013.07.20 11:05:01 | 000,086,016 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEMD297.tmp MOD - [2013.07.20 11:05:00 | 000,120,832 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEMCF66.tmp MOD - [2013.07.20 11:05:00 | 000,120,832 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEMCD23.tmp MOD - [2013.07.20 11:04:59 | 000,120,832 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEMCBBA.tmp MOD - [2013.07.20 11:04:59 | 000,120,832 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEMCABE.tmp MOD - [2013.07.20 11:04:59 | 000,120,832 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEMCA01.tmp MOD - [2013.07.20 11:04:58 | 000,120,832 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEMC7ED.tmp MOD - [2013.07.20 11:04:58 | 000,120,832 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEMC6D2.tmp MOD - [2013.07.20 11:04:58 | 000,120,832 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEMC4DD.tmp MOD - [2013.07.20 11:04:57 | 000,120,832 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEMC326.tmp MOD - [2013.07.20 11:04:57 | 000,120,832 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEMC21B.tmp MOD - [2013.07.20 11:04:56 | 000,120,832 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEMC035.tmp MOD - [2013.07.20 11:04:56 | 000,120,832 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEMBEAD.tmp MOD - [2013.07.20 11:04:56 | 000,120,832 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEMBD44.tmp MOD - [2013.07.20 11:04:55 | 000,120,832 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEMB96C.tmp MOD - [2013.07.20 11:04:54 | 000,120,832 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEMB526.tmp MOD - [2013.07.20 11:04:53 | 000,120,832 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEMB237.tmp MOD - [2013.07.20 11:04:53 | 000,120,832 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEMB12C.tmp MOD - [2013.07.20 11:04:52 | 000,120,832 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEMAEAA.tmp MOD - [2013.07.20 11:04:50 | 000,120,832 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEMA7E3.tmp MOD - [2013.07.20 11:04:49 | 000,072,192 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEMA2E2.tmp MOD - [2013.07.20 11:04:47 | 000,072,192 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEM9BCF.tmp MOD - [2013.07.20 11:04:44 | 000,072,704 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEM9190.tmp MOD - [2013.07.20 11:04:42 | 000,072,192 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEM88E7.tmp MOD - [2013.07.20 11:04:38 | 000,057,344 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEM78FD.tmp MOD - [2013.07.20 11:04:28 | 000,053,760 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEM5314.tmp MOD - [2013.07.20 11:04:17 | 000,064,000 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEM2510.tmp MOD - [2013.07.20 11:04:13 | 000,053,760 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEM15D2.tmp MOD - [2013.07.20 11:04:10 | 000,075,776 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEMBF0.tmp MOD - [2013.07.20 11:04:04 | 000,075,776 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEMF2B4.tmp MOD - [2013.07.20 11:03:59 | 000,075,776 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEME106.tmp MOD - [2013.07.20 11:03:58 | 000,075,776 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEMDB76.tmp MOD - [2013.07.20 11:03:58 | 000,056,320 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEMDD4C.tmp MOD - [2013.07.20 11:03:57 | 000,075,776 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEMD80B.tmp MOD - [2013.07.20 11:03:55 | 000,075,776 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEMD107.tmp MOD - [2013.07.20 11:03:52 | 000,056,832 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEMC439.tmp MOD - [2013.07.20 11:03:50 | 000,075,776 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEMBBBE.tmp MOD - [2013.07.20 11:03:46 | 000,075,776 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEMAE45.tmp MOD - [2013.07.20 11:03:41 | 000,075,776 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEM9AE2.tmp MOD - [2013.07.20 11:03:40 | 000,068,608 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEM93FD.tmp MOD - [2013.07.20 11:03:38 | 000,055,296 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEM8D85.tmp MOD - [2013.07.20 11:03:36 | 000,056,320 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEM8559.tmp MOD - [2013.07.20 11:03:36 | 000,033,792 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\YTMP7MC8AA\TAA844E.tmp MOD - [2013.07.20 11:03:35 | 000,075,776 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Local\Temp\XTMP1MC3VE\DEM80D2.tmp MOD - [2013.05.28 13:24:32 | 018,123,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\35f10af8371c9953294e6bdc86b5458b\System.ServiceModel.ni.dll MOD - [2013.05.28 13:24:08 | 001,079,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\ce2164d32e319ee1d047119316c19557\System.IdentityModel.ni.dll MOD - [2013.05.28 13:22:26 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\2bb04ca46f8374826e4e6cafae120aa1\System.Runtime.DurableInstancing.ni.dll MOD - [2013.05.28 13:22:24 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\c9508bbbee390fa5c287a84d1a88d7d9\System.Runtime.Serialization.ni.dll MOD - [2013.05.22 22:08:16 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1f0bb5336d1706c9b8ad2330f3642760\PresentationFramework.ni.dll MOD - [2013.05.22 22:07:55 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b2940478ec555990b37af5448b8f509\PresentationCore.ni.dll MOD - [2013.05.22 22:07:46 | 006,841,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\a208cdbd01381d216eb1be12b8925b2a\System.Data.ni.dll MOD - [2013.05.22 22:07:41 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6ded1c6dbf61d19f839da66c951d8fa9\System.Windows.Forms.ni.dll MOD - [2013.05.22 22:07:36 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\93a17ba6cb6753328f25466bc0bf1cb1\System.Core.ni.dll MOD - [2013.05.22 22:07:32 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a1949f57d2ec260e09768e98fecb0559\WindowsBase.ni.dll MOD - [2013.05.22 22:07:27 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ddc3e8c2774eaec614d6775983652980\System.Configuration.ni.dll MOD - [2013.03.29 11:00:22 | 021,113,344 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libcef.dll MOD - [2013.03.29 11:00:04 | 000,133,134 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\avutil-51.dll MOD - [2013.03.29 11:00:02 | 000,983,054 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\avcodec-54.dll MOD - [2013.03.29 11:00:02 | 000,189,454 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\avformat-54.dll MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2013.02.13 22:24:16 | 000,148,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\44155fc8588a8e7e58bade6342975600\System.Configuration.Install.ni.dll MOD - [2013.01.14 20:45:47 | 001,885,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\9ac3d1a9ce7fa3cb28921fe7c63d5841\System.Web.Services.ni.dll MOD - [2013.01.14 20:43:46 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1a832afa259d3062db5d2767bb66367a\System.EnterpriseServices.ni.dll MOD - [2013.01.14 20:43:46 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1a832afa259d3062db5d2767bb66367a\System.EnterpriseServices.Wrapper.dll MOD - [2013.01.14 20:43:45 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\83bbc0d5a9689f5de5090dcf3e3958f8\System.Transactions.ni.dll MOD - [2013.01.14 20:43:43 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\a9ecbe8beef8c04f60f9127ec6599abf\SMDiagnostics.ni.dll MOD - [2013.01.14 20:43:40 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll MOD - [2013.01.14 08:34:28 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll MOD - [2013.01.14 08:34:20 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll MOD - [2013.01.14 08:34:17 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll MOD - [2013.01.14 08:34:09 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll MOD - [2012.12.05 08:33:42 | 002,010,624 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_core220.dll MOD - [2012.12.05 08:33:42 | 001,241,088 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_imgproc220.dll MOD - [2012.12.05 08:33:42 | 000,775,680 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_highgui220.dll MOD - [2012.12.05 08:33:42 | 000,241,152 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_objdetect220.dll MOD - [2012.12.05 08:33:42 | 000,201,216 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_video220.dll MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2012.09.08 13:16:30 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll MOD - [2012.09.08 13:16:20 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2009.02.27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll MOD - [2009.02.27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.deu ========== Services (SafeList) ========== SRV:64bit: - [2010.01.27 10:27:24 | 000,665,320 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atwtusb.exe -- (WTService) SRV - [2013.06.27 13:02:12 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.06.27 13:01:55 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.06.17 10:29:56 | 002,723,368 | ---- | M] (Iminent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe -- (SProtection) SRV - [2013.06.13 17:36:39 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2012.02.04 11:01:09 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV - [2012.02.04 10:59:57 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.08.05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV - [2011.08.05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm) SRV - [2011.08.05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV - [2011.07.01 04:51:10 | 000,353,360 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.05.02 15:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2011.05.02 15:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV - [2011.05.02 15:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2010.09.16 03:13:16 | 002,538,520 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.09.16 03:13:08 | 000,325,656 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.08.15 06:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.09 07:13:09 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.04.09 07:13:09 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.04.09 07:13:09 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013.02.12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2012.10.11 05:08:38 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam) DRV:64bit: - [2012.10.11 05:08:36 | 000,029,696 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple) DRV:64bit: - [2012.09.20 06:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.09.20 06:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.09.12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.29 04:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2011.05.24 01:24:22 | 002,750,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.04.15 05:08:26 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.03.28 05:44:46 | 001,417,776 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.03.23 04:20:58 | 000,077,936 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.01 10:12:06 | 000,250,984 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.05 17:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.10.14 19:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.02.26 10:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.09.17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.08.26 07:15:10 | 000,007,552 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\walvhid.sys -- (vhidmini) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.17 00:19:56 | 000,075,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wsimdx.sys -- (WSIMD) DRV:64bit: - [2009.03.08 13:16:14 | 000,007,680 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\moufiltr.sys -- (moufiltr) DRV:64bit: - [2008.06.27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV:64bit: - [2006.12.12 03:29:02 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.08.14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=950bc204-4715-4e4e-a301-5cc7de2e3db4&searchtype=ds&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=950bc204-4715-4e4e-a301-5cc7de2e3db4&searchtype=ds&q={searchTerms}&installDate=01/01/1970 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=950bc204-4715-4e4e-a301-5cc7de2e3db4&searchtype=ds&q={searchTerms}&installDate=01/01/1970 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=950bc204-4715-4e4e-a301-5cc7de2e3db4&searchtype=hp&installDate=01/01/1970 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 D1 46 B9 4D 30 CD 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=950bc204-4715-4e4e-a301-5cc7de2e3db4&searchtype=ds&q={searchTerms}&installDate=01/01/1970 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=950bc204-4715-4e4e-a301-5cc7de2e3db4&searchtype=ds&q={searchTerms}&installDate=01/01/1970 IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=950bc204-4715-4e4e-a301-5cc7de2e3db4&searchtype=ds&q={searchTerms}&installDate=01/01/1970 IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.27 12:49:41 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=950bc204-4715-4e4e-a301-5cc7de2e3db4&searchtype=hp&installDate=01/01/1970 CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll CHR - Extension: Google Docs = C:\Users\Hassel the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Hassel the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Hassel the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google Search = C:\Users\Hassel the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Giant Savings = C:\Users\Hassel the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.23.99_0\crossrider CHR - Extension: Giant Savings = C:\Users\Hassel the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.23.99_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Hassel the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Gmail = C:\Users\Hassel the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.02.18 18:39:23 | 000,000,884 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.255.255.255 activate.adobe.com practivate.adobe.com O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (no name) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No CLSID value found. O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O2 - BHO: (Giant Savings) - {11111111-1111-1111-1111-110011441179} - C:\Program Files (x86)\Giant Savings\Giant Savings.dll (215 Apps) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No CLSID value found. O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [MacroKeyManager] C:\Windows\SysNative\WTMKM.exe () O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent) O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe File not found O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Infium] "C:\Program Files (x86)\QIP 2012\qip.exe" /autorun File not found O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload File not found O4 - HKCU..\Run: [ManyCam] C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe (ManyCam LLC) O4 - HKCU..\Run: [Ziasof] "C:\Users\Hassel the Hoff\AppData\Roaming\Eqysc\eguxz.exe" File not found O4 - Startup: C:\Users\Hassel the Hoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hassel the Hoff\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Hassel the Hoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) O4 - Startup: C:\Users\Hassel the Hoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) O4 - Startup: C:\Users\Hassel the Hoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Auswahl speichern - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found O8:64bit: - Extra context menu item: Bild ausschneiden - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found O8:64bit: - Extra context menu item: Diese Seite ausschneiden - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Neue Notiz - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html () O8:64bit: - Extra context menu item: URL notieren - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl speichern - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found O8 - Extra context menu item: Bild ausschneiden - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found O8 - Extra context menu item: Diese Seite ausschneiden - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Neue Notiz - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html () O8 - Extra context menu item: URL notieren - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html () O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html () O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6236F674-D37A-4775-BB75-5B22E0C4C16B}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6307772E-8650-4DA5-8ECF-0B63034C8914}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FDD33E38-B7A5-4661-BB9B-3400631B8AA4}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{1c33ac6b-4f28-11e1-8da1-8df88277dc77}\Shell - "" = AutoRun O33 - MountPoints2\{1c33ac6b-4f28-11e1-8da1-8df88277dc77}\Shell\AutoRun\command - "" = G:\SETUP.EXE O33 - MountPoints2\{1c33ac6b-4f28-11e1-8da1-8df88277dc77}\Shell\configure\command - "" = G:\SETUP.EXE O33 - MountPoints2\{1c33ac6b-4f28-11e1-8da1-8df88277dc77}\Shell\install\command - "" = G:\SETUP.EXE O33 - MountPoints2\{5ced3d81-4f27-11e1-baa1-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{5ced3d81-4f27-11e1-baa1-806e6f6e6963}\Shell\AutoRun\command - "" = D:\DistinguishOS.exe O33 - MountPoints2\{fe113106-738d-11e1-9ea5-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{fe113106-738d-11e1-9ea5-806e6f6e6963}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.20 10:41:41 | 000,000,000 | ---D | C] -- C:\Users\Hassel the Hoff\Desktop\Logfiles [2013.07.20 09:14:33 | 000,000,000 | ---D | C] -- C:\Users\Hassel the Hoff\AppData\Roaming\Malwarebytes [2013.07.20 09:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.07.20 09:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.07.20 09:14:19 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.07.20 09:14:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.06.24 18:32:16 | 000,000,000 | ---D | C] -- C:\Users\Hassel the Hoff\AppData\Roaming\Iminent [2013.06.24 18:31:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Iminent [2013.06.24 18:30:03 | 000,000,000 | ---D | C] -- C:\Users\Hassel the Hoff\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl [2013.06.24 18:29:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent [2013.06.24 18:29:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Umbrella [2013.06.24 18:29:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iminent [1 C:\Users\Hassel the Hoff\Documents\*.tmp files -> C:\Users\Hassel the Hoff\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.20 12:19:26 | 000,000,000 | ---- | M] () -- C:\Users\Hassel the Hoff\defogger_reenable [2013.07.20 12:18:02 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.20 11:36:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.20 11:02:47 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.20 10:51:53 | 000,019,824 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.20 10:51:53 | 000,019,824 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.20 10:43:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.20 10:43:34 | 2960,805,888 | -HS- | M] () -- C:\hiberfil.sys [2013.07.20 09:32:19 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.07.20 09:14:21 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.07.03 20:31:31 | 001,520,734 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.03 20:31:31 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.03 20:31:31 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.03 20:31:31 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.03 20:31:31 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.27 13:02:17 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.06.24 18:31:06 | 000,000,635 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013.06.24 18:26:19 | 000,001,075 | ---- | M] () -- C:\Users\Hassel the Hoff\Desktop\Trillian.lnk [2013.06.24 18:26:19 | 000,001,039 | ---- | M] () -- C:\Users\Hassel the Hoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk [1 C:\Users\Hassel the Hoff\Documents\*.tmp files -> C:\Users\Hassel the Hoff\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.20 12:19:26 | 000,000,000 | ---- | C] () -- C:\Users\Hassel the Hoff\defogger_reenable [2013.07.20 09:14:21 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.24 18:30:29 | 000,000,635 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013.06.24 18:26:19 | 000,001,075 | ---- | C] () -- C:\Users\Hassel the Hoff\Desktop\Trillian.lnk [2013.06.24 18:26:19 | 000,001,039 | ---- | C] () -- C:\Users\Hassel the Hoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk [2013.06.18 10:23:42 | 000,012,975 | ---- | C] () -- C:\Users\Hassel the Hoff\AppData\Roaming\Kommagetrennte Werte (Windows).CAL [2012.11.23 00:50:06 | 000,000,680 | RHS- | C] () -- C:\Users\Hassel the Hoff\ntuser.pol [2012.11.05 16:28:52 | 000,000,234 | ---- | C] () -- C:\Users\Hassel the Hoff\.swfinfo [2012.09.19 21:30:06 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT [2012.09.07 12:34:00 | 000,000,112 | ---- | C] () -- C:\ProgramData\1gr1P6.dat [2012.09.07 12:33:46 | 000,000,001 | ---- | C] () -- C:\ProgramData\kxAnw28N.exe_.b [2012.09.07 12:33:46 | 000,000,001 | ---- | C] () -- C:\ProgramData\kxAnw28N.exe.b [2012.07.06 21:56:32 | 014,771,318 | ---- | C] () -- C:\Users\Hassel the Hoff\collage thema.png [2012.07.06 21:56:23 | 022,097,869 | ---- | C] () -- C:\Users\Hassel the Hoff\collage outfit.png [2012.07.06 21:54:58 | 027,291,792 | ---- | C] () -- C:\Users\Hassel the Hoff\collageschmuckundaccesoires.png [2012.05.12 17:37:41 | 000,021,080 | ---- | C] () -- C:\Users\Hassel the Hoff\bidl.jpg [2012.03.28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.03.28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.03.28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.03.28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.03.14 19:05:43 | 000,000,256 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2012.03.14 19:05:43 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2012.03.14 19:05:10 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.03.14 19:05:10 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2012.03.14 19:04:22 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2012.03.14 19:04:21 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2012.02.07 20:14:34 | 000,000,218 | ---- | C] () -- C:\Users\Hassel the Hoff\.recently-used.xbel [2012.02.07 15:38:27 | 000,008,229 | ---- | C] () -- C:\Windows\aiptbl.ini [2012.02.04 15:23:12 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2012.02.04 15:01:54 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll [2012.02.04 10:19:51 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2012.02.04 10:14:43 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012.02.04 10:11:20 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2012.01.10 23:27:26 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2012.01.10 23:27:26 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2012.01.10 23:27:26 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.02.04 10:48:30 | 000,000,000 | ---D | M] -- C:\Users\Hassel the Hoff\AppData\Roaming\DAEMON Tools Lite [2013.07.20 11:03:27 | 000,000,000 | ---D | M] -- C:\Users\Hassel the Hoff\AppData\Roaming\Dropbox [2013.06.06 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\Hassel the Hoff\AppData\Roaming\DVDVideoSoft [2013.05.21 20:23:44 | 000,000,000 | ---D | M] -- C:\Users\Hassel the Hoff\AppData\Roaming\DVDVideoSoftIEHelpers [2012.08.19 15:45:48 | 000,000,000 | ---D | M] -- C:\Users\Hassel the Hoff\AppData\Roaming\Enotuk [2012.08.22 10:18:49 | 000,000,000 | ---D | M] -- C:\Users\Hassel the Hoff\AppData\Roaming\Eqysc [2013.07.20 11:08:03 | 000,000,000 | ---D | M] -- C:\Users\Hassel the Hoff\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl [2013.06.24 18:32:16 | 000,000,000 | ---D | M] -- C:\Users\Hassel the Hoff\AppData\Roaming\Iminent [2012.02.07 19:41:47 | 000,000,000 | ---D | M] -- C:\Users\Hassel the Hoff\AppData\Roaming\inkscape [2012.11.14 22:41:57 | 000,000,000 | ---D | M] -- C:\Users\Hassel the Hoff\AppData\Roaming\IrfanView [2012.11.08 22:42:33 | 000,000,000 | ---D | M] -- C:\Users\Hassel the Hoff\AppData\Roaming\ManyCam [2013.06.06 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\Hassel the Hoff\AppData\Roaming\OpenCandy [2012.02.04 10:43:56 | 000,000,000 | ---D | M] -- C:\Users\Hassel the Hoff\AppData\Roaming\Opera [2012.02.04 14:32:48 | 000,000,000 | ---D | M] -- C:\Users\Hassel the Hoff\AppData\Roaming\QIP [2012.04.20 11:43:09 | 000,000,000 | ---D | M] -- C:\Users\Hassel the Hoff\AppData\Roaming\Samsung [2012.04.26 21:42:22 | 000,000,000 | ---D | M] -- C:\Users\Hassel the Hoff\AppData\Roaming\Temp [2012.09.02 11:27:28 | 000,000,000 | ---D | M] -- C:\Users\Hassel the Hoff\AppData\Roaming\Trillian [2012.11.30 20:50:46 | 000,000,000 | ---D | M] -- C:\Users\Hassel the Hoff\AppData\Roaming\TuneUp Software [2012.11.05 16:17:31 | 000,000,000 | ---D | M] -- C:\Users\Hassel the Hoff\AppData\Roaming\VideoConverterPackages [2012.11.13 21:19:40 | 000,000,000 | ---D | M] -- C:\Users\Hassel the Hoff\AppData\Roaming\XnView [2012.08.19 16:11:05 | 000,000,000 | ---D | M] -- C:\Users\Hassel the Hoff\AppData\Roaming\Zowuyr ========== Purity Check ========== < End of report > Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-20 13:44:34
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\HASSEL~1\AppData\Local\Temp\pwrcikog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800031b4000 45 bytes [00, 00, 1B, 02, 4D, 6D, 43, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff800031b402f 16 bytes [00, 03, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075091465 2 bytes [09, 75]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750914bb 2 bytes [09, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075091465 2 bytes [09, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750914bb 2 bytes [09, 75]
.text ... * 2
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075091465 2 bytes [09, 75]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750914bb 2 bytes [09, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe[1040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075091465 2 bytes [09, 75]
.text C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe[1040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750914bb 2 bytes [09, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075091465 2 bytes [09, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750914bb 2 bytes [09, 75]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [3280] entry point in ".rdata" section 0000000062c171e6
.text C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075091465 2 bytes [09, 75]
.text C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750914bb 2 bytes [09, 75]
.text ... * 2
.text C:\Users\Hassel the Hoff\AppData\Roaming\Dropbox\bin\Dropbox.exe[3776] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075091465 2 bytes [09, 75]
.text C:\Users\Hassel the Hoff\AppData\Roaming\Dropbox\bin\Dropbox.exe[3776] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000750914bb 2 bytes [09, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075091465 2 bytes [09, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750914bb 2 bytes [09, 75]
.text ... * 2
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075091465 2 bytes [09, 75]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750914bb 2 bytes [09, 75]
.text ... * 2
.text C:\Program Files (x86)\Evernote\Evernote\Evernote.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075091465 2 bytes [09, 75]
.text C:\Program Files (x86)\Evernote\Evernote\Evernote.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750914bb 2 bytes [09, 75]
.text ... * 2
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075091465 2 bytes [09, 75]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750914bb 2 bytes [09, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075091465 2 bytes [09, 75]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750914bb 2 bytes [09, 75]
.text ... * 2
---- Processes - GMER 2.1 ----
Library C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1460] 00000000010c0000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\grdcore.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1460] 00000000731c0000
Library c:\program files (x86)\avira\antivir desktop\cfglib.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1460] 0000000073180000
Library c:\program files (x86)\avira\antivir desktop\gpipc.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1460] 0000000073140000
Library c:\program files (x86)\avira\antivir desktop\gpgen.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1460] 00000000730e0000
Library c:\program files (x86)\avira\antivir desktop\gpschd.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1460] 00000000730b0000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\avevtlog.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1460] 0000000072fe0000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\schedr.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1460] 0000000072fd0000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1460] 0000000072f60000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\avipc.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1460] 0000000072c40000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1716] 0000000001270000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\grdcore.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1716] 00000000731c0000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe [2812] 000000013fbd0000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\avipc64.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe [2812] 000007fef7da0000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [4484] 0000000001380000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\ccwkrlib.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [4484] 00000000736f0000
Library c:\program files (x86)\avira\antivir desktop\cfglib.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [4484] 0000000073180000
Library c:\program files (x86)\avira\antivir desktop\ccguard.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [4484] 00000000735c0000
Library C:\program files (x86)\avira\antivir desktop\ipmGui.exe (*** suspicious ***) @ C:\program files (x86)\avira\antivir desktop\ipmGui.exe [5700] 0000000000310000
Library C:\program files (x86)\avira\antivir desktop\ccwkrlib.dll (*** suspicious ***) @ C:\program files (x86)\avira\antivir desktop\ipmGui.exe [5700] 00000000736f0000
---- EOF - GMER 2.1 ----
|
| Themen zu PUP.crossfire.SA, PUP.funmoods |
| adobe, antivir, avira, bho, bonjour, converter, cs4/contributeieplugin.dll, desktop, error, firefox, flash player, format, helper, home, homepage, hängen, launch, logfile, mp3, plug-in, pup.crossfire.sa, pup.funmoods, realtek, registry, scan, senden, server, software, sprotection, temp, virus |
Baum-Darstellung