| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: email gehackt überprüft durch BSI-sicherheitstestWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
22.01.2014, 13:24
| #1 |
 |  email gehackt überprüft durch BSI-sicherheitstest ich hatte gestern in der Zeitung das gelesen das im Dezember über 16 Mio. emailadressen geknackt wurden sind, und man diese bzw man kann auf der Seite hxxp://www.sicherheitstest.bsi.de seine mail überprüfen ob sie dabei ist!! hab ich gemacht und ca. 30min später diese Mail erhalten: Sehr geehrte Dame, sehr geehrter Herr, Sie haben diese E-Mail erhalten, weil die E-Mail-Adresse webmaster@rxxxxxxe.de auf der Webseite www.sicherheitstest.bsi.de eingegeben und überprüft wurde. Die von Ihnen angegebene E-Mail-Adresse webmaster@ricoteube.de wurde zusammen mit dem Kennwort eines mit dieser E-Mail-Adresse verknüpften Online-Kontos von kriminellen Botnetzbetreibern gespeichert. Dieses Konto verwenden Sie möglicherweise bei einem Sozialen Netzwerk, einem Online-Shop, einem E-Mail-Dienst, beim Online-Banking oder einem anderen Internet-Dienst. so also ist meine auch gehackt wurden !! ich habe schon einige scans durchgeführt . OTL txt Code:
ATTFilter OTL logfile created on: 19.01.2014 19:16:18 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rico\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16428) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 30,17% Memory free 8,00 Gb Paging File | 3,32 Gb Available in Paging File | 41,51% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 232,07 Gb Free Space | 49,84% Space Free | Partition Type: NTFS Computer Name: RICO-PC | User Name: Rico | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Rico\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\afwServ.exe (AVAST Software) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Opera\18.0.1284.68\opera_crashreporter.exe () PRC - C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe (Opera Software) PRC - C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe (Overwolf) PRC - C:\Program Files (x86)\Overwolf\Overwolf.exe (Overwolf) PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) PRC - C:\Program Files (x86)\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) PRC - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com)) PRC - C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe (Haufe-Lexware GmbH & Co. KG) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) PRC - C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.) PRC - C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe () PRC - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) PRC - C:\Windows\SysWOW64\WerFault.exe (Microsoft Corporation) PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Users\Rico\Downloads\bison_webcam_windows_7_8_mixedfeelings\x64\BisonMnt.exe (ALi) PRC - C:\Program Files (x86)\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe (Ulead Systems, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Users\Rico\AppData\Local\Temp\sfamcc00001.dll () MOD - C:\Users\Rico\AppData\Local\Temp\sfareca00001.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll () MOD - C:\Program Files (x86)\Opera\18.0.1284.68\ffmpegsumo.dll () MOD - C:\Program Files (x86)\Opera\18.0.1284.68\opera_crashreporter.exe () MOD - C:\Program Files (x86)\Overwolf\OWExplorerLauncher.dll () MOD - C:\Program Files (x86)\Overwolf\CoreAudioApi.dll () MOD - C:\Program Files (x86)\Overwolf\OWService.dll () MOD - C:\Program Files (x86)\Overwolf\OWExplorer-20125.dll () MOD - C:\Program Files (x86)\Overwolf\OWAgent.dll () MOD - C:\Program Files (x86)\Overwolf\OWLog.dll () MOD - C:\Program Files (x86)\Overwolf\ODK.AddIns.V2.HostView.dll () MOD - C:\Program Files (x86)\Overwolf\OWServer.dll () MOD - C:\Programme\AVAST Software\Avast\libcef.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\3bc7ec22c021d74dce4f8230f3631fca\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\639f444db9491d25b5d158531e1f7d9b\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\034c34ee777c7a2efc9c631b1179211c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a2eb039301af47660eebc7566ce02b9c\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\05ca0ca95b6fcc0d710b63b6200cc178\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c4477b3ce64d0d612d1ab0dba425b77f\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b9fe579783a35b57dd7e69375f35e239\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ef90aeb894485d14b249d102309b6df3\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\4e69f1e7d86d79012db2d7e0dadc8880\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d91f3556f8011a5d48e1448e3fa8df9e\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\1f56d5786274992934de0c900431c447\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\79f6324a598a7c4446a4a1168be7c4b1\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\509f36ec564b9ad2bb2ffda3d4a3b5fc\CustomMarshalers.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\045c9588954c3662d542b53f4462268b\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8f5b881951592b2fd05f710650bf7e04\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\8b5820f1ec9218f4d824680844cef0aa\System.AddIn.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c664f44617c6a89edcc171fa8596c89d\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\35a6b66e089f9164215c96127a0c6276\System.AddIn.Contract.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () MOD - C:\Windows\system\BisonCam.dll () ========== Services (SafeList) ========== SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation) SRV:64bit: - (ftpsvc) -- C:\Windows\SysNative\inetsrv\ftpsvc.dll (Microsoft Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (TlntSvr) -- C:\Windows\SysNative\tlntsvr.exe (Microsoft Corporation) SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (avast! Firewall) -- C:\Programme\AVAST Software\Avast\afwServ.exe (AVAST Software) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (OverwolfUpdaterService) -- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe (Overwolf) SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (DymoPnpService) -- C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe (Sanford, L.P.) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (Lexware_Datenbank_Plus) -- C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.) SRV - (DokanMounter) -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe () SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found DRV:64bit: - (aswNdisFlt) -- C:\Windows\SysNative\drivers\aswndisflt.sys (AVAST Software) DRV:64bit: - (aswStm) -- C:\Windows\SysNative\drivers\aswstm.sys (AVAST Software) DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys () DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys () DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.) DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (MirayVirtualDisk) -- C:\Windows\SysNative\drivers\mvd.sys (Miray) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (NBVol) -- C:\Windows\SysNative\drivers\NBVol.sys (Nero AG) DRV:64bit: - (NBVolUp) -- C:\Windows\SysNative\drivers\NBVolUp.sys (Nero AG) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (Dokan) -- C:\Windows\SysNative\drivers\dokan.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (WinDriver6) -- C:\Windows\SysNative\drivers\windrvr6.sys (Jungo) DRV:64bit: - (smserial) -- C:\Windows\SysNative\drivers\smserial.sys (Motorola Inc.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (MODEMCSA) -- C:\Windows\SysNative\drivers\MODEMCSA.sys (Microsoft Corporation) DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (SiFilter) -- C:\Windows\SysNative\drivers\SiWinAcc.sys (Silicon Image, Inc.) DRV:64bit: - (SiRemFil) -- C:\Windows\SysNative\drivers\SiRemFil.sys (Silicon Image, Inc.) DRV:64bit: - (Si3531) -- C:\Windows\SysNative\drivers\Si3531.sys (Silicon Image, Inc) DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics) DRV:64bit: - (cam) -- C:\Windows\SysNative\drivers\BisonCam.sys (Bison Electronics. Inc. ) DRV:64bit: - (itecir) -- C:\Windows\SysNative\drivers\itecir.sys (Windows (R) Codename Longhorn DDK provider) DRV - (cleanhlp) -- C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys (Emsisoft GmbH) DRV - (a2injectiondriver) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys (Emsisoft GmbH) DRV - (a2acc) -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys (Emsisoft GmbH) DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsisoft GmbH) DRV - (a2util) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys (Emsisoft GmbH) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.1und1.de/links/home IE - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 B1 4F 2E 75 2C CE 01 [binary data] IE - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001\..\SearchScopes,DefaultScope = {E50F5235-42F7-4645-A154-1273E9B07D79} IE - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001\..\SearchScopes\{0E43910A-5DD5-4ED8-AE84-3F9F57E1BDCC}: "URL" = hxxp://search.zonealarm.com/search?src=sp&tbid=goughDev3&Lan=de&q={searchTerms}&gu=4a2cdd017bde441686a3bd96090f9767&tu=11J3y00Be1B0Ca0&sku=&tstsId=&ver=&&r=502 IE - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001\..\SearchScopes\{5F33918C-4091-439E-B1F9-657D6F60E62F}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms} IE - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001\..\SearchScopes\{612DD442-8392-467E-99AE-68F0376E1CA9}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms} IE - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001\..\SearchScopes\{E50F5235-42F7-4645-A154-1273E9B07D79}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms} IE - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001\..\SearchScopes\{E7359880-4F31-44D2-B6B6-D806AC158565}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms} IE - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.openintab: true FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:7.5 FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.1.2.02 FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2011.70 FF - prefs.js..extensions.enabledAddons: pluswinks%40PlusWinks:3.0.0.0 FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.14 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@dymo.com/DymoLabelFramework: C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@nielsen/FirefoxTracker: C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.12.28 10:23:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\netsight@nielsen.com: C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014.01.16 15:43:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2014.01.16 15:43:33 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014.01.16 15:43:33 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2014.01.16 15:43:33 | 000,000,000 | ---D | M] [2013.05.26 15:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rico\AppData\Roaming\mozilla\Extensions [2014.01.17 20:19:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rico\AppData\Roaming\mozilla\Firefox\Profiles\3w7xw9pt.default\extensions [2013.12.23 22:08:58 | 000,395,578 | ---- | M] () (No name found) -- C:\Users\Rico\AppData\Roaming\mozilla\firefox\profiles\3w7xw9pt.default\extensions\ffext_basicvideoext@startpage24.xpi [2014.01.17 18:56:13 | 000,095,372 | ---- | M] () (No name found) -- C:\Users\Rico\AppData\Roaming\mozilla\firefox\profiles\3w7xw9pt.default\extensions\pluswinks@PlusWinks.xpi [2013.08.14 12:28:12 | 000,534,563 | ---- | M] () (No name found) -- C:\Users\Rico\AppData\Roaming\mozilla\firefox\profiles\3w7xw9pt.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2013.11.03 19:44:48 | 000,022,189 | ---- | M] () (No name found) -- C:\Users\Rico\AppData\Roaming\mozilla\firefox\profiles\3w7xw9pt.default\extensions\{4ffdbce8-e472-482b-9e41-f464737776a5}.xpi [2013.06.26 15:24:23 | 000,030,502 | ---- | M] () (No name found) -- C:\Users\Rico\AppData\Roaming\mozilla\firefox\profiles\3w7xw9pt.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2013.12.21 22:00:06 | 000,152,142 | ---- | M] () (No name found) -- C:\Users\Rico\AppData\Roaming\mozilla\firefox\profiles\3w7xw9pt.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2014.01.17 19:04:24 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\Rico\AppData\Roaming\mozilla\firefox\profiles\3w7xw9pt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.11.02 12:30:32 | 000,778,022 | ---- | M] () (No name found) -- C:\Users\Rico\AppData\Roaming\mozilla\firefox\profiles\3w7xw9pt.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014.01.17 20:19:43 | 000,287,587 | ---- | M] () (No name found) -- C:\Users\Rico\AppData\Roaming\mozilla\firefox\profiles\3w7xw9pt.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013.12.20 11:41:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.12.20 11:41:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.12.20 11:41:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.12.28 10:23:31 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://www.google.de/ CHR - Extension: Session Manager = C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi\0.4_0\ CHR - Extension: Tampermonkey = C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.5.3630.77_0\ CHR - Extension: avast! Online Security = C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2011.70_0\ CHR - Extension: Google Wallet = C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\ O1 HOSTS File: ([2014.01.14 23:06:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (PROMT) - {892E81F6-EC63-4d13-8422-835A7A05D6EB} - C:\Program Files (x86)\PRMT8\PRMTIE\prmtie.dll (PROMT Ltd.) O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3:64bit: - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [RealTray] C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Ulead AutoDetector] C:\Program Files (x86)\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe (Ulead Systems, Inc.) O4 - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001..\Run: [Display Cache] C:\ProgramData\Display Fusion Cache0\wtnwkloct.exe (The Privoxy team - www.privoxy.org) O4 - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001..\Run: [HP Officejet 6700 (NET)] C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe (Overwolf) O4 - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe (Adobe Systems Incorporated) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Internet-Suche - C:\Program Files (x86)\PRMT8\PRMTIE\search.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Seite übersetzen - C:\Program Files (x86)\PRMT8\PRMTIE\page.htm () O8:64bit: - Extra context menu item: Übersetzen - C:\Program Files (x86)\PRMT8\PRMTIE\translat.htm () O8:64bit: - Extra context menu item: Übersetzungsoptionen anpassen - C:\Program Files (x86)\PRMT8\PRMTIE\options.htm () O8:64bit: - Extra context menu item: Unbekannte Wörter - C:\Program Files (x86)\PRMT8\PRMTIE\infopanel.htm () O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Internet-Suche - C:\Program Files (x86)\PRMT8\PRMTIE\search.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite übersetzen - C:\Program Files (x86)\PRMT8\PRMTIE\page.htm () O8 - Extra context menu item: Übersetzen - C:\Program Files (x86)\PRMT8\PRMTIE\translat.htm () O8 - Extra context menu item: Übersetzungsoptionen anpassen - C:\Program Files (x86)\PRMT8\PRMTIE\options.htm () O8 - Extra context menu item: Unbekannte Wörter - C:\Program Files (x86)\PRMT8\PRMTIE\infopanel.htm () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Übersetzungsoptionen anpassen - {4034D172-4C52-49de-A6A1-E75F8F591FEC} - C:\Program Files (x86)\PRMT8\PRMTIE\options.htm () O9 - Extra 'Tools' menuitem : Übersetzen - {A2DA13D5-AC77-43b7-963B-40445EBCB8E0} - C:\Program Files (x86)\PRMT8\PRMTIE\prmtie5.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab (SysInfo Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49946C3B-AD92-4FDA-858E-16D0CD604277}: DhcpNameServer = 192.168.5.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64772372-55CF-409F-8706-2A36E2D4D2E6}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.05.27 10:19:29 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014.01.19 19:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2014.01.19 19:23:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager [2014.01.19 19:23:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager [2014.01.19 18:57:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Display Fusion Cache0 [2014.01.19 16:22:28 | 000,000,000 | ---D | C] -- C:\Windows\BisonCam [2014.01.19 16:20:15 | 000,742,312 | ---- | C] (Bison Electronics. Inc. ) -- C:\Windows\SysNative\drivers\BisonCam.sys [2014.01.19 16:20:15 | 000,226,304 | ---- | C] (Bison Inc.) -- C:\Windows\SysNative\BisonR64.dll [2014.01.19 16:20:15 | 000,180,224 | ---- | C] (Bison Inc.) -- C:\Windows\SysWow64\BisonRem.dll [2014.01.19 16:20:15 | 000,180,224 | ---- | C] (Bison Inc.) -- C:\Windows\SysNative\BisonRem.dll [2014.01.17 15:43:19 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2014.01.17 15:42:49 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2014.01.17 15:42:49 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2014.01.17 15:42:49 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2014.01.17 12:39:57 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\City Interactive [2014.01.17 12:37:37 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll [2014.01.17 12:37:37 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll [2014.01.17 12:37:37 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll [2014.01.17 12:37:37 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll [2014.01.17 12:37:30 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll [2014.01.17 12:37:30 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll [2014.01.17 12:37:27 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll [2014.01.17 12:37:27 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll [2014.01.17 12:37:25 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll [2014.01.17 12:37:25 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll [2014.01.17 12:37:23 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll [2014.01.17 12:37:23 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll [2014.01.17 12:37:19 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll [2014.01.17 12:37:19 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll [2014.01.17 12:37:19 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll [2014.01.17 12:37:19 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll [2014.01.17 12:37:14 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll [2014.01.17 12:37:14 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll [2014.01.17 12:36:53 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll [2014.01.17 12:36:53 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll [2014.01.17 12:36:53 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll [2014.01.17 12:36:53 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll [2014.01.17 12:36:47 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll [2014.01.17 12:36:47 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll [2014.01.17 12:36:42 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll [2014.01.17 12:36:42 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll [2014.01.17 12:36:42 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll [2014.01.17 12:36:42 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll [2014.01.17 12:36:40 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll [2014.01.17 12:36:40 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll [2014.01.17 12:36:39 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll [2014.01.17 12:36:39 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll [2014.01.17 12:36:34 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll [2014.01.17 12:36:34 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll [2014.01.17 12:36:34 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll [2014.01.17 12:36:34 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll [2014.01.17 12:36:22 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll [2014.01.17 12:36:22 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll [2014.01.17 12:36:14 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll [2014.01.17 12:36:14 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll [2014.01.17 12:36:06 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll [2014.01.17 12:36:06 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll [2014.01.17 12:35:59 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll [2014.01.17 12:35:59 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll [2014.01.17 12:35:55 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll [2014.01.17 12:35:55 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll [2014.01.17 12:35:55 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll [2014.01.17 12:35:55 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll [2014.01.17 12:35:51 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll [2014.01.17 12:35:51 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll [2014.01.17 12:35:49 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll [2014.01.17 12:35:49 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll [2014.01.17 12:35:44 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll [2014.01.17 12:35:44 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll [2014.01.17 12:35:44 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll [2014.01.17 12:35:44 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll [2014.01.17 12:35:37 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll [2014.01.17 12:35:37 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll [2014.01.17 12:35:35 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll [2014.01.17 12:35:35 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll [2014.01.17 12:35:30 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll [2014.01.17 12:35:30 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll [2014.01.17 12:35:27 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll [2014.01.17 12:35:27 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll [2014.01.17 12:35:20 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll [2014.01.17 12:35:20 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll [2014.01.17 12:35:13 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll [2014.01.17 12:35:13 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll [2014.01.17 12:35:13 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll [2014.01.17 12:35:13 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll [2014.01.17 12:34:56 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll [2014.01.17 12:34:56 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll [2014.01.17 12:34:56 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll [2014.01.17 12:34:56 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll [2014.01.17 12:34:50 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll [2014.01.17 12:34:50 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll [2014.01.17 12:34:48 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll [2014.01.17 12:34:48 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll [2014.01.17 12:34:43 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll [2014.01.17 12:34:43 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll [2014.01.17 12:34:41 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll [2014.01.17 12:34:41 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll [2014.01.17 12:34:40 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll [2014.01.17 12:34:40 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll [2014.01.17 12:34:36 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll [2014.01.17 12:34:36 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll [2014.01.17 12:34:33 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll [2014.01.17 12:34:33 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll [2014.01.17 12:34:31 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll [2014.01.17 12:34:31 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll [2014.01.17 12:34:29 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll [2014.01.17 12:34:29 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll [2014.01.17 12:34:23 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll [2014.01.17 12:34:23 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll [2014.01.17 12:34:19 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll [2014.01.17 12:34:19 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll [2014.01.17 12:34:19 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll [2014.01.17 12:34:19 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll [2014.01.17 12:34:07 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll [2014.01.17 12:34:07 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll [2014.01.17 12:34:01 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll [2014.01.17 12:34:01 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll [2014.01.17 12:33:59 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll [2014.01.17 12:33:59 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll [2014.01.17 12:33:55 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll [2014.01.17 12:33:55 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll [2014.01.17 12:33:52 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll [2014.01.17 12:33:52 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll [2014.01.17 12:33:48 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll [2014.01.17 12:33:48 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll [2014.01.17 12:33:34 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll [2014.01.17 12:33:34 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll [2014.01.17 12:33:32 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll [2014.01.17 12:33:32 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll [2014.01.17 12:33:32 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll [2014.01.17 12:33:32 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll [2014.01.17 12:33:29 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll [2014.01.17 12:33:29 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll [2014.01.17 12:33:26 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll [2014.01.17 12:33:26 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll [2014.01.17 12:33:23 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll [2014.01.17 12:33:23 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll [2014.01.17 12:33:21 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll [2014.01.17 12:33:21 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll [2014.01.17 12:33:17 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll [2014.01.17 12:33:17 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll [2014.01.17 12:33:14 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll [2014.01.17 12:33:14 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll [2014.01.17 12:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive [2014.01.17 10:56:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\City Interactive [2014.01.15 02:28:17 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys [2014.01.15 02:28:17 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys [2014.01.15 02:28:02 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2014.01.14 23:39:10 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys [2014.01.14 23:06:03 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2014.01.14 22:46:44 | 000,000,000 | ---D | C] -- C:\ComboFix [2014.01.10 13:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2014.01.10 13:30:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2014.01.09 12:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan [2014.01.09 12:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations [2014.01.09 12:26:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations [2014.01.02 10:30:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2014.01.02 10:23:53 | 000,000,000 | ---D | C] -- C:\Users\Rico\AppData\Roaming\HpUpdate [2014.01.02 10:23:44 | 000,741,480 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPM5C12.dll [2014.01.02 10:23:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2014.01.02 10:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2014.01.02 10:17:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP [2014.01.02 10:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2014.01.02 10:12:54 | 000,000,000 | ---D | C] -- C:\Users\Rico\AppData\Local\HP [2013.12.28 10:23:38 | 000,079,672 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys [2013.12.27 10:05:16 | 000,000,000 | ---D | C] -- C:\Users\Rico\Desktop\NPL.15.0.02200 [2013.12.25 13:42:58 | 000,839,168 | ---- | C] (LaCourgette) -- C:\Users\Rico\Desktop\XVM_Updater.exe [2013.12.24 14:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hex-Editor MX [2013.12.24 14:11:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hex-Editor MX [2013.12.23 13:31:23 | 000,000,000 | ---D | C] -- C:\Users\Rico\.android [2013.12.23 13:31:16 | 000,000,000 | ---D | C] -- C:\Users\Rico\AppData\Local\cache [2013.12.23 13:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint [2013.12.23 13:01:29 | 000,000,000 | ---D | C] -- C:\Users\Rico\AppData\Roaming\DigitalSites [2013.12.21 21:05:57 | 000,000,000 | ---D | C] -- C:\Users\Rico\Desktop\logfiles [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014.01.19 19:05:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014.01.19 19:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014.01.19 19:04:59 | 000,003,619 | ---- | M] () -- C:\Windows\KernelMessage [2014.01.19 19:00:51 | 000,009,392 | ---- | M] () -- C:\Users\Rico\Documents\cc_20140119_190047.reg [2014.01.19 18:47:04 | 000,021,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014.01.19 18:47:04 | 000,021,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014.01.19 12:05:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014.01.19 10:45:54 | 000,002,528 | ---- | M] () -- C:\Users\Rico\Documents\cc_20140119_104549.reg [2014.01.19 09:37:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014.01.18 23:09:17 | 000,001,922 | ---- | M] () -- C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk [2014.01.18 23:09:12 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2014.01.18 23:08:03 | 3219,988,480 | -HS- | M] () -- C:\hiberfil.sys [2014.01.17 12:29:42 | 000,002,132 | ---- | M] () -- C:\Users\Rico\Desktop\Wolfschanze II.lnk [2014.01.17 11:19:35 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\1&1 Control-Center.lnk [2014.01.17 11:19:35 | 000,002,085 | ---- | M] () -- C:\Users\Public\Desktop\1&1 Webmailer.lnk [2014.01.17 11:19:35 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\1&1 EasyLogin.lnk [2014.01.16 16:38:28 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2014.01.16 16:38:28 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2014.01.16 11:14:16 | 001,629,372 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014.01.16 11:14:16 | 000,703,214 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2014.01.16 11:14:16 | 000,657,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014.01.16 11:14:16 | 000,150,822 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2014.01.16 11:14:16 | 000,123,218 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014.01.15 13:29:25 | 000,002,251 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2014.01.15 03:21:14 | 000,494,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014.01.15 00:06:08 | 000,199,113 | ---- | M] () -- C:\Users\Rico\AppData\Local\census.cache [2014.01.15 00:05:57 | 000,124,978 | ---- | M] () -- C:\Users\Rico\AppData\Local\ars.cache [2014.01.14 23:35:11 | 000,000,036 | ---- | M] () -- C:\Users\Rico\AppData\Local\housecall.guid.cache [2014.01.14 23:06:00 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2014.01.14 22:36:33 | 000,016,405 | ---- | M] () -- C:\Users\Rico\Documents\hijackthis14.01 [2014.01.12 09:39:54 | 000,001,000 | ---- | M] () -- C:\Users\Rico\Documents\MailShield.der [2014.01.10 13:39:00 | 000,000,196 | ---- | M] () -- C:\Users\Rico\Documents\cc_20140110_133857.reg [2014.01.10 13:38:37 | 000,012,518 | ---- | M] () -- C:\Users\Rico\Documents\cc_20140110_133827.reg [2014.01.10 13:37:58 | 000,175,518 | ---- | M] () -- C:\Users\Rico\Documents\cc_20140110_133744.reg [2014.01.10 13:31:08 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2014.01.10 13:08:58 | 000,001,637 | ---- | M] () -- C:\Users\Public\Desktop\World of Tanks.lnk [2014.01.09 12:26:54 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk [2014.01.08 22:23:49 | 000,439,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswndisflt.sys [2014.01.07 15:10:42 | 000,226,431 | ---- | M] () -- C:\Users\Rico\Documents\kontoauszug 07.01.14 [2014.01.03 13:04:50 | 000,125,751 | ---- | M] () -- C:\Users\Rico\Documents\Kfz Steuern versicherung.xps [2014.01.03 13:04:01 | 000,133,668 | ---- | M] () -- C:\Users\Rico\Documents\Fahrkosten 2.xps [2014.01.03 13:03:32 | 000,129,810 | ---- | M] () -- C:\Users\Rico\Documents\Fahrkosten2012.xps [2014.01.02 10:23:41 | 000,002,152 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet 6700.lnk [2014.01.02 10:14:24 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini [2013.12.28 10:25:36 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk [2013.12.28 10:25:36 | 000,001,972 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk [2013.12.28 10:24:15 | 000,079,672 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys [2013.12.28 10:23:20 | 001,034,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2013.12.28 10:23:20 | 000,207,904 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2013.12.28 10:23:19 | 000,422,216 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2013.12.28 10:23:19 | 000,078,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2013.12.28 10:23:18 | 000,334,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2013.12.28 10:23:15 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2013.12.24 14:12:18 | 000,001,959 | ---- | M] () -- C:\Users\Rico\Desktop\Hex-Editor MX.lnk [2013.12.24 13:32:10 | 000,001,133 | ---- | M] () -- C:\Users\Rico\Desktop\JRT (1) - Verknüpfung.lnk [2013.12.24 04:46:24 | 000,839,168 | ---- | M] (LaCourgette) -- C:\Users\Rico\Desktop\XVM_Updater.exe [2013.12.21 21:04:30 | 000,000,000 | ---- | M] () -- C:\Users\Rico\defogger_reenable [2013.12.21 21:03:25 | 000,001,200 | ---- | M] () -- C:\Users\Rico\Desktop\gmer_2.1.19163 - Verknüpfung.lnk [2013.12.21 21:03:18 | 000,001,126 | ---- | M] () -- C:\Users\Rico\Desktop\FRST64 -.lnk [2013.12.21 21:03:06 | 000,000,747 | ---- | M] () -- C:\Users\Rico\Desktop\Defogger - Verknüpfung.lnk [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2014.01.19 19:00:49 | 000,009,392 | ---- | C] () -- C:\Users\Rico\Documents\cc_20140119_190047.reg [2014.01.19 16:22:53 | 000,003,619 | ---- | C] () -- C:\Windows\KernelMessage [2014.01.19 16:20:15 | 000,180,224 | ---- | C] () -- C:\Windows\System\StillDrv.dll [2014.01.19 16:20:15 | 000,172,032 | ---- | C] () -- C:\Windows\System\BisonCam.dll [2014.01.19 16:20:15 | 000,135,168 | ---- | C] () -- C:\Windows\System\BisonVfw.dll [2014.01.19 16:20:15 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini [2014.01.19 16:20:15 | 000,013,448 | ---- | C] () -- C:\Windows\M2000Twn.src [2014.01.19 16:20:15 | 000,002,264 | ---- | C] () -- C:\Windows\System\S20H0220.csr [2014.01.19 16:20:15 | 000,002,264 | ---- | C] () -- C:\Windows\System\S20F0220.csr [2014.01.19 10:45:52 | 000,002,528 | ---- | C] () -- C:\Users\Rico\Documents\cc_20140119_104549.reg [2014.01.17 12:29:42 | 000,002,132 | ---- | C] () -- C:\Users\Rico\Desktop\Wolfschanze II.lnk [2014.01.17 11:19:35 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\1&1 Webmailer.lnk [2014.01.15 00:06:08 | 000,199,113 | ---- | C] () -- C:\Users\Rico\AppData\Local\census.cache [2014.01.15 00:05:57 | 000,124,978 | ---- | C] () -- C:\Users\Rico\AppData\Local\ars.cache [2014.01.14 23:35:11 | 000,000,036 | ---- | C] () -- C:\Users\Rico\AppData\Local\housecall.guid.cache [2014.01.14 22:36:33 | 000,016,405 | ---- | C] () -- C:\Users\Rico\Documents\hijackthis14.01 [2014.01.10 13:38:59 | 000,000,196 | ---- | C] () -- C:\Users\Rico\Documents\cc_20140110_133857.reg [2014.01.10 13:38:35 | 000,012,518 | ---- | C] () -- C:\Users\Rico\Documents\cc_20140110_133827.reg [2014.01.10 13:37:48 | 000,175,518 | ---- | C] () -- C:\Users\Rico\Documents\cc_20140110_133744.reg [2014.01.10 13:31:08 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2014.01.09 12:26:54 | 000,001,995 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk [2014.01.07 15:10:40 | 000,226,431 | ---- | C] () -- C:\Users\Rico\Documents\kontoauszug 07.01.14 [2014.01.03 13:04:49 | 000,125,751 | ---- | C] () -- C:\Users\Rico\Documents\Kfz Steuern versicherung.xps [2014.01.03 13:04:01 | 000,133,668 | ---- | C] () -- C:\Users\Rico\Documents\Fahrkosten 2.xps [2014.01.03 13:03:32 | 000,129,810 | ---- | C] () -- C:\Users\Rico\Documents\Fahrkosten2012.xps [2014.01.02 10:38:14 | 000,001,922 | ---- | C] () -- C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk [2014.01.02 10:24:30 | 000,000,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk [2014.01.02 10:23:41 | 000,002,152 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 6700.lnk [2014.01.02 10:14:24 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2013.12.24 14:12:18 | 000,001,959 | ---- | C] () -- C:\Users\Rico\Desktop\Hex-Editor MX.lnk [2013.12.24 13:32:10 | 000,001,133 | ---- | C] () -- C:\Users\Rico\Desktop\JRT (1) - Verknüpfung.lnk [2013.12.23 13:18:53 | 000,696,832 | ---- | C] () -- C:\Windows\SysNative\xvidcore.dll [2013.12.23 13:18:53 | 000,255,488 | ---- | C] () -- C:\Windows\SysNative\xvidvfw.dll [2013.12.23 13:18:51 | 000,173,568 | ---- | C] () -- C:\Windows\SysNative\xvid.ax [2013.12.23 13:18:43 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax [2013.12.23 13:18:38 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2013.12.23 13:18:37 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2013.12.21 21:04:30 | 000,000,000 | ---- | C] () -- C:\Users\Rico\defogger_reenable [2013.12.21 21:03:25 | 000,001,200 | ---- | C] () -- C:\Users\Rico\Desktop\gmer_2.1.19163 - Verknüpfung.lnk [2013.12.21 21:03:18 | 000,001,126 | ---- | C] () -- C:\Users\Rico\Desktop\FRST64 -.lnk [2013.12.21 21:03:06 | 000,000,747 | ---- | C] () -- C:\Users\Rico\Desktop\Defogger - Verknüpfung.lnk [2013.12.12 17:03:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013.11.27 23:02:58 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI [2013.10.18 13:35:39 | 000,011,491 | ---- | C] () -- C:\Windows\Studio7.ini [2013.10.18 13:34:29 | 000,196,096 | ---- | C] () -- C:\Windows\SysWow64\MACD32.DLL [2013.10.18 13:34:29 | 000,138,752 | ---- | C] () -- C:\Windows\SysWow64\MASE32.DLL [2013.10.18 13:34:29 | 000,136,192 | ---- | C] () -- C:\Windows\SysWow64\Mamc32d.dll [2013.10.18 13:34:29 | 000,136,192 | ---- | C] () -- C:\Windows\SysWow64\MAMC32.DLL [2013.10.18 13:34:29 | 000,057,856 | ---- | C] () -- C:\Windows\SysWow64\MASD32.DLL [2013.10.18 13:34:29 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\MA32.DLL [2013.10.13 18:59:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.10.13 18:59:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.10.13 18:59:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.10.13 18:59:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.10.13 18:59:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.08.19 18:17:16 | 000,483,328 | ---- | C] () -- C:\Windows\ssndii.exe [2013.07.27 12:07:13 | 000,000,036 | ---- | C] () -- C:\Windows\iltwain.ini [2013.07.27 12:06:48 | 000,009,391 | ---- | C] () -- C:\Windows\SysWow64\dymourl.ini [2013.07.27 12:06:21 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\DYMOCFG.DLL [2013.07.27 12:06:21 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\lmmonres.dll [2013.07.19 10:41:49 | 000,007,629 | ---- | C] () -- C:\Users\Rico\AppData\Local\Resmon.ResmonCfg [2013.05.28 18:32:52 | 000,000,216 | ---- | C] () -- C:\Windows\ulead32.ini [2013.05.25 10:03:59 | 001,603,652 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.04.18 18:07:00 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2013.04.18 18:06:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2013.04.18 18:06:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2013.04.18 18:06:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2013.04.18 18:06:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2013.03.21 15:29:42 | 000,207,928 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll [2013.03.21 15:29:42 | 000,138,808 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll [2013.03.21 15:29:42 | 000,074,808 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll [2013.03.21 15:29:40 | 000,319,032 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.06.08 13:10:54 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\7road [2013.12.04 03:30:32 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\AVAST Software [2013.05.25 11:35:49 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\CDXReader [2013.12.23 13:01:29 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\DigitalSites [2013.08.12 21:00:08 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\GHISLER [2013.06.07 22:02:07 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\ImgBurn [2013.05.27 11:26:43 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Keseling [2013.12.23 13:16:39 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\LavFilters [2013.11.24 20:34:42 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Lexware [2013.06.13 14:49:52 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\multilizer [2013.05.25 09:35:49 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\mypcdrivers [2014.01.19 19:27:33 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\NetSpeedMonitor [2013.11.03 20:48:44 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Opera Software [2013.06.14 13:44:19 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Samsung [2013.12.31 13:47:01 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\TeamViewer [2013.05.26 15:53:38 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Thunderbird [2014.01.19 10:45:10 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\TS3Client [2013.12.04 12:35:37 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Ulead Systems [2013.05.31 14:30:33 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Wargaming.net ========== Purity Check ========== < End of report > Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.18.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 Rico :: RICO-PC [limitiert] 18.01.2014 20:43:42 mbam-log-2014-01-18 (20-43-42).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 227492 Laufzeit: 27 Minute(n), Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) defrogger log Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:42 on 18/01/2014 (Rico)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
__________________ Windows 10 pro 64 bit Opera 55.0 Vivaldi,FF.Thunderbird ESET IS |
| Themen zu email gehackt überprüft durch BSI-sicherheitstest |
| adobe, autorun, avast, bonjour, desktop, e-banking, e-mail, email, emsisoft, flash player, format, hijackthis, home, monitor.exe, mozilla, netzwerk, nodrives, officejet, photoshop, realtek, registry, senden, software, spyhunter, spyhunter entfernen, win32/adware.1clickdownload.aq |
Baum-Darstellung