Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Keylogger,Wichtig//Wertvolle Datein

Keylogger,Wichtig//Wertvolle Datein


Log-Analyse und Auswertung: Keylogger,Wichtig//Wertvolle Datein

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 20.03.2014, 18:45   #1
Yef
 
Keylogger,Wichtig//Wertvolle Datein - Standard

Keylogger,Wichtig//Wertvolle Datein


Hallo,ich habe ein Keylogger auf dem PC.
Woher ich das weis
- Ein Freund ruft mich an um circa 4 Uhr morgens und sagt: Spielst du wieder WoW.(Meine reaktion kann man sich denken ).
Mein Battlenet passwort wurde geändert(ich rufe heute noch den Support an usw.)

Ich hab viele Ordner circa 200-300 Gigabyte gelöscht und OTL drüberlaufen lassen
Der Log :
OTL logfile created on: 20.03.2014 18:25:59 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\RedWidow\Desktop\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

15,98 Gb Total Physical Memory | 13,54 Gb Available Physical Memory | 84,73% Memory free
31,96 Gb Paging File | 28,90 Gb Available in Paging File | 90,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 656,18 Gb Free Space | 70,45% Space Free | Partition Type: NTFS

Computer Name: REDWIDOW-PC | User Name: RedWidow | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2014.03.20 18:25:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RedWidow\Desktop\Downloads\otl.exe
PRC - [2014.02.26 19:57:32 | 003,814,736 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2014.02.15 15:35:41 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
PRC - [2014.02.14 18:31:24 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014.01.09 14:03:15 | 001,171,968 | ---- | M] (Spotify Ltd) -- C:\Users\RedWidow\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013.12.25 21:11:57 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013.10.15 12:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013.09.20 10:57:28 | 006,214,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
PRC - [2013.09.20 10:51:08 | 003,885,120 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
PRC - [2013.09.13 10:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013.08.30 08:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2013.08.30 08:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.08.01 20:53:22 | 000,664,344 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\Applets\LCDMedia.exe
PRC - [2013.07.25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013.07.05 06:22:36 | 000,327,432 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
PRC - [2013.07.05 06:22:34 | 000,077,576 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe
PRC - [2013.06.05 01:02:10 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\RedWidow\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.01.18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2010.01.22 11:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.07.07 12:13:38 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
PRC - [2009.02.23 04:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe


========== Modules (No Company Name) ==========

MOD - [2014.02.14 18:31:23 | 003,578,992 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.09.05 00:14:10 | 004,300,456 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2013.05.16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2013.05.16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013.05.16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012.08.23 10:38:24 | 000,574,840 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
MOD - [2009.07.30 13:54:04 | 000,170,496 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009.02.06 17:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2014.03.01 05:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013.08.30 23:57:54 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013.08.30 18:46:48 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014.03.12 14:54:25 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.02.26 19:57:32 | 002,224,976 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2014.02.26 09:50:04 | 000,377,616 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2014.02.14 18:31:23 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.12.25 21:11:57 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.11.25 21:00:59 | 004,979,992 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2013.10.23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.10.08 15:47:47 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2013.09.11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013.08.30 08:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.07.05 06:22:36 | 000,327,432 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe -- (CyberLink PowerDVD 13 Media Server Service)
SRV - [2013.07.05 06:22:34 | 000,077,576 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe -- (CyberLink PowerDVD 13 Media Server Monitor Service)
SRV - [2012.01.18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 20:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.23 04:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014.02.27 12:15:44 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2013.11.29 17:39:19 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013.08.31 01:11:28 | 012,528,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013.08.30 23:32:32 | 000,618,496 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013.08.30 08:48:10 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013.08.30 08:48:10 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013.08.30 08:48:10 | 000,204,880 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013.08.30 08:48:10 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013.08.30 08:48:10 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013.08.30 08:48:10 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013.08.30 08:48:09 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013.08.30 08:48:09 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013.08.20 06:02:12 | 000,204,568 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013.08.20 06:02:12 | 000,103,576 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013.07.05 09:40:38 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013.06.21 02:09:46 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013.05.30 16:16:40 | 000,064,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2013.04.15 19:51:58 | 000,102,808 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys -- (LADF_RenderOnly)
DRV:64bit: - [2013.04.15 19:51:52 | 000,410,008 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys -- (LADF_CaptureOnly)
DRV:64bit: - [2013.02.12 05:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.18 05:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.03.17 11:24:00 | 000,401,696 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010.03.02 12:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010.01.22 11:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.01.22 11:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.11.24 01:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.24 01:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.10.29 09:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.10.19 13:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.09.30 02:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.31 04:40:34 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMfilt64.sys -- (VMfilt)
DRV:64bit: - [2009.07.16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2013.07.05 23:48:36 | 000,130,320 | ---- | M] (CyberLink Corp.) [2013/10/08 18:03:15] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl -- ({09F57980-3432-4AFC-957D-27AC45FAE1F5})
DRV - [2012.11.20 12:55:42 | 000,057,512 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2172666858-744790929-553880742-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
IE - HKU\S-1-5-21-2172666858-744790929-553880742-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/ [binary data]
IE - HKU\S-1-5-21-2172666858-744790929-553880742-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
IE - HKU\S-1-5-21-2172666858-744790929-553880742-1000\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No CLSID value found
IE - HKU\S-1-5-21-2172666858-744790929-553880742-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2172666858-744790929-553880742-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-2172666858-744790929-553880742-1000\..\SearchScopes\{46244704-D10A-4418-80AC-0799FB662C58}: "URL" = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=ac80fcae000000000000f46d04005e8c&r=132
IE - HKU\S-1-5-21-2172666858-744790929-553880742-1000\..\SearchScopes\{FF1171C3-1834-4EDA-B649-BEDF427DB99A}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552&CUI=UN86581855170247403&UM=4&SSPV=IE_NO_DUM_G_2
IE - HKU\S-1-5-21-2172666858-744790929-553880742-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2172666858-744790929-553880742-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..CT1561552.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/firefox"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.2: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Program Files (x86)\Roblox\Versions\version-79a62ec00b324436\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.10.08 15:56:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013.10.01 13:17:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RedWidow\AppData\Roaming\mozilla\Extensions
[2014.03.16 14:55:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RedWidow\AppData\Roaming\mozilla\Firefox\Profiles\x7ow81t1.default\extensions
[2013.10.29 16:15:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\RedWidow\AppData\Roaming\mozilla\Firefox\Profiles\x7ow81t1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014.03.08 13:33:21 | 000,000,000 | ---D | M] (Hotspot Shield) -- C:\Users\RedWidow\AppData\Roaming\mozilla\Firefox\Profiles\x7ow81t1.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
[2014.03.10 15:18:49 | 000,000,000 | ---D | M] ("Flash Video Downloader - Full HD Download") -- C:\Users\RedWidow\AppData\Roaming\mozilla\Firefox\Profiles\x7ow81t1.default\extensions\artur.dubovoy@gmail.com
[2013.11.29 17:36:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RedWidow\AppData\Roaming\mozilla\Firefox\Profilesx7ow81t1.default\extensions
[2013.11.29 17:36:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RedWidow\AppData\Roaming\mozilla\Firefox\Profilesx7ow81t1.default\extensions\staged
[2014.01.31 17:03:06 | 000,007,926 | ---- | M] () (No name found) -- C:\Users\RedWidow\AppData\Roaming\mozilla\firefox\profiles\x7ow81t1.default\extensions\5@thumbpro.net.xpi
[2013.12.24 13:50:10 | 000,395,578 | ---- | M] () (No name found) -- C:\Users\RedWidow\AppData\Roaming\mozilla\firefox\profiles\x7ow81t1.default\extensions\ffext_basicvideoext@startpage24.xpi
[2014.03.09 16:49:35 | 000,006,796 | ---- | M] () (No name found) -- C:\Users\RedWidow\AppData\Roaming\mozilla\firefox\profiles\x7ow81t1.default\extensions\info@youtube-mp3.org.xpi
[2014.03.09 16:50:08 | 000,019,335 | ---- | M] () (No name found) -- C:\Users\RedWidow\AppData\Roaming\mozilla\firefox\profiles\x7ow81t1.default\extensions\info@youtubespace.de.xpi
[2014.01.31 17:00:59 | 000,169,495 | ---- | M] () (No name found) -- C:\Users\RedWidow\AppData\Roaming\mozilla\firefox\profiles\x7ow81t1.default\extensions\jid0-Z0Vu9hJlqV0fhIAPqPfmUCNubYQ@jetpack.xpi
[2014.02.26 19:28:37 | 000,957,290 | ---- | M] () (No name found) -- C:\Users\RedWidow\AppData\Roaming\mozilla\firefox\profiles\x7ow81t1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014.02.14 16:59:07 | 000,287,566 | ---- | M] () (No name found) -- C:\Users\RedWidow\AppData\Roaming\mozilla\firefox\profiles\x7ow81t1.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.10.26 18:07:16 | 000,002,544 | ---- | M] () -- C:\Users\RedWidow\AppData\Roaming\mozilla\firefox\profiles\x7ow81t1.default\searchplugins\ask-search.xml
[2014.03.08 13:40:13 | 000,001,102 | ---- | M] () -- C:\Users\RedWidow\AppData\Roaming\mozilla\firefox\profiles\x7ow81t1.default\searchplugins\hotspot-shield-customized-web-search.xml
[2013.11.02 18:09:35 | 000,001,434 | ---- | M] () -- C:\Users\RedWidow\AppData\Roaming\mozilla\firefox\profiles\x7ow81t1.default\searchplugins\softonic.xml
[2013.12.16 14:10:53 | 000,001,087 | ---- | M] () -- C:\Users\RedWidow\AppData\Roaming\mozilla\firefox\profiles\x7ow81t1.default\searchplugins\webwebweb.xml
[2014.03.16 14:54:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2014.03.16 14:54:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014.02.14 18:31:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: chrome://newtab
CHR - Extension: No name found = C:\Users\RedWidow\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Users\RedWidow\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\RedWidow\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\RedWidow\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\RedWidow\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: No name found = C:\Users\RedWidow\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No CLSID value found.
O3 - HKU\S-1-5-21-2172666858-744790929-553880742-1000\..\Toolbar\WebBrowser: (no name) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe File not found
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [PowerDVD13Agent] C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime File not found
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2172666858-744790929-553880742-1000..\Run: [Akamai NetSession Interface] C:\Users\RedWidow\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-2172666858-744790929-553880742-1000..\Run: [BackgroundContainer] C:\Users\RedWidow\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll (Conduit Ltd.)
O4 - HKU\S-1-5-21-2172666858-744790929-553880742-1000..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun File not found
O4 - HKU\S-1-5-21-2172666858-744790929-553880742-1000..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-2172666858-744790929-553880742-1000..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent File not found
O4 - HKU\S-1-5-21-2172666858-744790929-553880742-1000..\Run: [Spotify] C:\Users\RedWidow\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-2172666858-744790929-553880742-1000..\Run: [Spotify Web Helper] C:\Users\RedWidow\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-2172666858-744790929-553880742-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2172666858-744790929-553880742-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-2172666858-744790929-553880742-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2172666858-744790929-553880742-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2172666858-744790929-553880742-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2172666858-744790929-553880742-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90F38350-023C-449B-A58D-714D6191461B}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL File not found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 7 Days ==========

[2014.03.20 18:20:21 | 000,000,000 | -H-D | C] -- C:\vthumb
[2014.03.20 18:20:21 | 000,000,000 | ---D | C] -- C:\ResBuffer
[2014.03.20 18:20:21 | 000,000,000 | ---D | C] -- C:\PlaytoAlbumArt
[2014.03.20 18:20:21 | 000,000,000 | ---D | C] -- C:\MOInfoBuffer
[2014.03.20 18:20:21 | 000,000,000 | ---D | C] -- C:\M3U8Buffer
[2014.03.20 18:18:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2014.03.20 18:18:28 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2014.03.20 18:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014.03.20 18:18:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014.03.20 15:49:13 | 000,000,000 | ---D | C] -- C:\Users\RedWidow\Desktop\try
[2014.03.20 15:22:54 | 000,000,000 | ---D | C] -- C:\test
[2014.03.19 18:50:49 | 000,000,000 | ---D | C] -- C:\Users\RedWidow\AppData\Local\Blizzard
[2014.03.19 16:48:56 | 000,000,000 | ---D | C] -- C:\Users\RedWidow\AppData\Local\Blizzard Entertainment
[2014.03.19 15:02:01 | 000,000,000 | ---D | C] -- C:\Users\RedWidow\AppData\Local\Battle.net
[2014.03.19 15:01:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battle.net
[2014.03.15 20:33:17 | 000,000,000 | ---D | C] -- C:\Users\RedWidow\Desktop\costum
[2014.03.15 15:08:50 | 000,000,000 | ---D | C] -- C:\Users\RedWidow\AppData\Local\Roblox
[2014.03.15 15:05:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Roblox
[2014.03.15 15:05:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Roblox
[2014.03.15 08:13:08 | 000,000,000 | ---D | C] -- C:\Users\RedWidow\Documents\Arma 3 - Other Profiles
[2014.03.15 07:53:00 | 000,000,000 | ---D | C] -- C:\Users\RedWidow\Documents\Arma 3
[2014.03.15 07:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Bohemia Interactive
[2014.03.15 07:52:59 | 000,000,000 | ---D | C] -- C:\Users\RedWidow\AppData\Local\Arma 3
[2014.03.14 20:44:06 | 000,000,000 | ---D | C] -- C:\Users\RedWidow\Desktop\Arma 3
[2014.03.14 14:11:42 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll
[2014.03.14 14:11:41 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2014.03.14 14:11:39 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.03.14 14:11:38 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.03.14 14:11:38 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.03.14 14:11:37 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.03.14 14:11:37 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.03.14 14:11:36 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.03.14 14:11:36 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.03.14 14:11:36 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.03.14 14:11:36 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.03.14 14:11:36 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.03.14 14:11:35 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.03.14 14:11:35 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.03.14 14:11:35 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.03.14 14:11:34 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014.03.14 14:11:34 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.03.14 14:11:34 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.03.14 14:11:34 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.03.14 14:11:33 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.03.14 14:11:33 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.03.14 14:11:33 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.03.14 14:11:33 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.03.14 14:11:32 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014.03.14 14:11:32 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014.03.14 14:11:32 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.03.14 14:09:21 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014.03.14 14:09:21 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014.03.14 14:09:20 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2014.03.20 18:27:13 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.03.20 18:27:13 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.03.20 18:21:02 | 000,000,148 | ---- | M] () -- C:\CLMSServer.ini
[2014.03.20 18:20:49 | 000,000,930 | ---- | M] () -- C:\CLMediaServer.ini
[2014.03.20 18:20:39 | 000,021,504 | ---- | M] () -- C:\MediaServer.db
[2014.03.20 18:20:28 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.03.20 18:20:23 | 000,005,528 | ---- | M] () -- C:\MS_StateVariable.ini
[2014.03.20 18:20:17 | 000,000,029 | ---- | M] () -- C:\GeneralInfo.ini
[2014.03.20 18:19:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.03.20 18:19:48 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2014.03.20 18:19:46 | 4280,897,534 | -HS- | M] () -- C:\hiberfil.sys
[2014.03.20 18:18:41 | 000,000,656 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014.03.20 18:18:41 | 000,000,628 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014.03.20 18:18:41 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014.03.20 18:18:30 | 000,001,379 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014.03.20 17:54:35 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.03.20 17:48:36 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.03.20 17:06:27 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014.03.20 17:06:20 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2014.03.18 19:52:47 | 000,001,272 | ---- | M] () -- C:\Users\RedWidow\Desktop\Snipping Tool.lnk
[2014.03.16 17:09:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\TASKLIST
[2014.03.16 07:51:41 | 000,000,222 | ---- | M] () -- C:\Users\RedWidow\Desktop\Call of Duty Black Ops II - Multiplayer.url
[2014.03.15 20:52:24 | 000,000,056 | ---- | M] () -- C:\Windows\SysWow64\root.dat
[2014.03.15 20:45:58 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014.03.15 20:40:36 | 000,000,178 | ---- | M] () -- C:\Users\RedWidow\Desktop\Skin Installer Ultimate.url
[2014.03.15 15:07:13 | 000,001,354 | ---- | M] () -- C:\Users\RedWidow\Desktop\ROBLOX Player.lnk
[2014.03.15 15:07:13 | 000,001,173 | ---- | M] () -- C:\Users\RedWidow\Desktop\ROBLOX Studio 2013.lnk
[2014.03.15 07:43:25 | 000,000,986 | ---- | M] () -- C:\Users\RedWidow\Desktop\Badministrator - League of Ladies (prod. Thomas Prime) - YouTube.lnk
[2014.03.15 03:20:10 | 000,416,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014.03.14 20:44:07 | 000,000,222 | ---- | M] () -- C:\Users\RedWidow\Desktop\Arma 3.url
[2014.03.14 20:40:51 | 000,000,222 | ---- | M] () -- C:\Users\RedWidow\Desktop\Call of Duty Black Ops II.url
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014.03.20 18:20:24 | 000,021,504 | ---- | C] () -- C:\MediaServer.db
[2014.03.20 18:20:23 | 000,005,528 | ---- | C] () -- C:\MS_StateVariable.ini
[2014.03.20 18:20:17 | 000,001,735 | ---- | C] () -- C:\PCMMediaServer.ini
[2014.03.20 18:20:17 | 000,000,930 | ---- | C] () -- C:\CLMediaServer.ini
[2014.03.20 18:20:17 | 000,000,452 | ---- | C] () -- C:\EncodingProfile.ini
[2014.03.20 18:20:17 | 000,000,148 | ---- | C] () -- C:\CLMSServer.ini
[2014.03.20 18:20:17 | 000,000,029 | ---- | C] () -- C:\GeneralInfo.ini
[2014.03.20 18:18:41 | 000,000,656 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014.03.20 18:18:41 | 000,000,628 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014.03.20 18:18:41 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014.03.20 18:18:30 | 000,001,391 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014.03.20 18:18:30 | 000,001,379 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014.03.20 17:06:27 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014.03.18 19:52:47 | 000,001,272 | ---- | C] () -- C:\Users\RedWidow\Desktop\Snipping Tool.lnk
[2014.03.16 17:09:13 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\TASKLIST
[2014.03.16 07:51:41 | 000,000,222 | ---- | C] () -- C:\Users\RedWidow\Desktop\Call of Duty Black Ops II - Multiplayer.url
[2014.03.15 20:51:20 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\root.dat
[2014.03.15 20:40:36 | 000,000,178 | ---- | C] () -- C:\Users\RedWidow\Desktop\Skin Installer Ultimate.url
[2014.03.15 15:07:11 | 000,001,354 | ---- | C] () -- C:\Users\RedWidow\Desktop\ROBLOX Player.lnk
[2014.03.15 15:05:17 | 000,001,173 | ---- | C] () -- C:\Users\RedWidow\Desktop\ROBLOX Studio 2013.lnk
[2014.03.14 20:44:07 | 000,000,222 | ---- | C] () -- C:\Users\RedWidow\Desktop\Arma 3.url
[2014.03.14 20:40:51 | 000,000,222 | ---- | C] () -- C:\Users\RedWidow\Desktop\Call of Duty Black Ops II.url
[2014.02.28 18:50:50 | 000,000,930 | ---- | C] () -- C:\Users\RedWidow\AppData\Local\_settings.ini
[2014.02.14 15:32:28 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2014.01.02 19:18:18 | 000,007,602 | ---- | C] () -- C:\Users\RedWidow\AppData\Local\Resmon.ResmonCfg
[2013.10.26 21:32:02 | 000,291,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.10.26 21:32:01 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.10.23 19:16:29 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll
[2013.10.22 20:01:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\CLDShowX.ini
[2013.10.08 15:47:57 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2013.10.01 15:24:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.10.01 15:17:02 | 001,592,628 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.10.01 08:57:59 | 000,002,773 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2013.10.01 08:57:59 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini
[2013.10.01 08:57:59 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini
[2013.10.01 08:57:58 | 000,170,496 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013.10.01 08:57:58 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2013.10.01 08:53:54 | 000,046,986 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2013.10.01 08:53:36 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013.10.01 08:53:33 | 000,033,927 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2013.08.31 00:47:50 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013.08.31 00:47:50 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013.08.31 00:04:52 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013.08.31 00:04:52 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013.08.30 18:53:48 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 2560 bytes -> C:\ProgramData\CLDShowX.ini:Update.CL

< End of report >




Mein Problem : Hab ich noch den Keylogger drauf? Spybot usw. sagen nein,ich will mich nicht in meinen LoL-Account einloggen,da er circa 1200 euro wert ist.
Guten Abend noch!

 

Themen zu Keylogger,Wichtig//Wertvolle Datein
adobe, adobe flash player, akamai, antivirus, bho, bluestacks, desktop, downloader, euro, explorer, flash player, format, hotspot, keylogger otllog wichtig, logfile, problem, programme, pup.optional.conduit, pup.optional.conduit.a, pup.optional.installerex, refresh, safer networking, scan, security, software, spotify web helper, thomas, usb


« Windows7: auf Webseiten erscheinen unzählige automatische Links zu Werbeseiten | Windows 8 Habe auf einmal jede Menge Links die zu Nav-Links.com führen »


Ähnliche Themen: Keylogger,Wichtig//Wertvolle Datein


  1. Hintergrund: "Wertvolle Daten verdienen mehr Schutz, nicht weniger"
    Nachrichten - 03.04.2013 (0)
  2. BSI Trojaner februar 2013, datein verschlüsselt mögliche rettung der Datein
    Log-Analyse und Auswertung - 25.02.2013 (9)
  3. Trojan-Dropper.Win32.Injector.firp Befall auf C:\Users\...\DOWNLO~1\Wichtig.zip/Wichtig 10.07.2012
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (9)
  4. Noch 30 infizierte Datein/Programme auf PC inkl: Keylogger und Verschlüsselungstrojaner
    Mülltonne - 11.06.2012 (1)
  5. [Wichtig]Virus
    Plagegeister aller Art und deren Bekämpfung - 10.11.2010 (5)
  6. Keylogger Trojan-Spy.Win32.KeyLogger.cqd in Windows32
    Plagegeister aller Art und deren Bekämpfung - 05.08.2010 (1)
  7. WoW Keylogger: Keylogger : TR\FakeAV.C[Trojan]
    Log-Analyse und Auswertung - 20.01.2010 (11)
  8. Wichtig: ist ein keylogger auf meinen pc
    Log-Analyse und Auswertung - 17.04.2009 (1)
  9. Wichtig!!!
    Mülltonne - 10.02.2008 (0)
  10. Wichtig!
    Plagegeister aller Art und deren Bekämpfung - 03.10.2007 (0)
  11. Wichtig!!! Notfall!!!
    Plagegeister aller Art und deren Bekämpfung - 25.08.2007 (5)
  12. xp advanced keylogger Commercial KeyLogger
    Plagegeister aller Art und deren Bekämpfung - 03.08.2007 (4)
  13. family keylogger Commercial KeyLogger
    Plagegeister aller Art und deren Bekämpfung - 29.03.2006 (17)
  14. logfile (wichtig)
    Log-Analyse und Auswertung - 18.03.2006 (3)
  15. Wichtig!!!!!!
    Mülltonne - 05.09.2005 (0)
  16. HIIIILLLLFFFFEEE! Wichtig!
    Log-Analyse und Auswertung - 05.08.2005 (5)
  17. Wichtig!Hilfe!SOS!
    Log-Analyse und Auswertung - 09.02.2005 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Keylogger,Wichtig//Wertvolle Datein - Hallo,ich habe ein Keylogger auf dem PC. Woher ich das weis - Ein Freund ruft mich an um circa 4 Uhr morgens und sagt: Spielst du wieder WoW.(Meine reaktion kann - Keylogger,Wichtig//Wertvolle Datein...
Archiv
Du betrachtest: Keylogger,Wichtig//Wertvolle Datein auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131