| Bill0815 | 15.06.2012 17:03 |
Windows Verschlüsselungs Trojaner
Hallo liebe Forengemeinde,
auch ich habe ihn mir eingefangen. Keine Ahnung wie, da ich verdächtige Anhänge NIE öffne bzw. unbekannte Email-Abesender direkt lösche. Ich wäre dankbar wenn ihr mir helfen könnt den Trojaner wieder zu entfernen.
Mein Betriebssystem: Windows 7
Hier meine otl.txt: hxxp://www.file-upload.net/download-4445678/OTL.Txt.html Code:
OTL logfile created on: 6/14/2012 10:38:00 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): c:\pagefile.sys 12262 12262 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59.63 Gb Total Space | 4.02 Gb Free Space | 6.74% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 744.04 Gb Free Space | 79.87% Space Free | Partition Type: NTFS
Drive E: | 372.61 Gb Total Space | 96.11 Gb Free Space | 25.79% Space Free | Partition Type: NTFS
Drive F: | 1.86 Gb Total Space | 0.30 Gb Free Space | 16.35% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011/11/28 14:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/09/27 15:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/09/22 12:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/06/07 08:44:16 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/28 13:45:16 | 000,075,136 | ---- | M] () [Auto] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/14 20:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/05/05 06:44:15 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 09:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/03 06:23:52 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/02/07 19:12:04 | 000,097,552 | ---- | M] (SANDBOXIE L.T.D) [Auto] -- D:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2011/12/17 10:38:55 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/10/17 10:12:52 | 000,013,592 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2011/03/01 15:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 04:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/04/25 13:11:25 | 000,088,480 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012/04/25 13:11:25 | 000,046,400 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012/04/18 13:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/04/04 09:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/02/15 05:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/12/17 18:47:51 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/12/08 00:22:36 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2011/12/08 00:22:36 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2011/12/08 00:22:36 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2011/12/08 00:22:28 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/12/08 00:22:28 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/12/08 00:22:28 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011/11/28 13:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/10/15 06:48:08 | 000,291,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2011/09/02 02:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/05/13 09:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/04/09 23:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/02/08 01:30:52 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011/02/08 01:30:52 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/25 22:08:08 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/10/19 11:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/10/14 13:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009/08/21 04:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/19 22:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV - [2012/02/07 19:12:02 | 000,161,432 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand] -- D:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Silvio_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
IE - HKU\Silvio_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Silvio_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Silvio_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Google"
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_2_202_235.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/07 08:44:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/07 08:44:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2011/12/16 15:01:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Silvio\AppData\Roaming\Mozilla\Extensions
[2011/12/16 12:47:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Silvio\AppData\Roaming\Mozilla\Firefox\Profiles\06hbklws.default\extensions
[2012/05/21 11:09:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Silvio\AppData\Roaming\Mozilla\Firefox\Profiles\4l2cf65y.Silvio\extensions
[2011/12/16 12:45:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Silvio\AppData\Roaming\Mozilla\Firefox\Profiles\7l2ohprv.default\extensions
[2011/12/16 12:45:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Silvio\AppData\Roaming\Mozilla\Firefox\Profiles\aw2puda9.default\extensions
[2011/12/16 15:02:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Silvio\AppData\Roaming\Mozilla\Firefox\Profiles\lxhsob26.default\extensions
[2011/12/16 15:02:03 | 000,000,000 | ---D | M] ("SwitchProxy Tool") -- C:\Users\Silvio\AppData\Roaming\Mozilla\Firefox\Profiles\lxhsob26.default\extensions\{27A2FD41-CB23-4518-AB5C-C25BAFFDE531}
[2011/12/16 15:02:03 | 000,000,000 | ---D | M] (NetMoms Toolbar) -- C:\Users\Silvio\AppData\Roaming\Mozilla\Firefox\Profiles\lxhsob26.default\extensions\{3f132697-ce74-40c0-affd-03e77f089a56}
[2011/12/16 15:02:03 | 000,000,000 | ---D | M] ("gTranslate [de]") -- C:\Users\Silvio\AppData\Roaming\Mozilla\Firefox\Profiles\lxhsob26.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2011/12/16 15:02:03 | 000,000,000 | ---D | M] (Fasterfox [de]) -- C:\Users\Silvio\AppData\Roaming\Mozilla\Firefox\Profiles\lxhsob26.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2011/12/16 15:02:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Silvio\AppData\Roaming\Mozilla\Firefox\Profiles\lxhsob26.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2011/12/16 15:02:03 | 000,000,000 | ---D | M] (Mozilla XForms) -- C:\Users\Silvio\AppData\Roaming\Mozilla\Firefox\Profiles\lxhsob26.default\extensions\{cf2812dc-6a7c-4402-b639-4d277dac4c36}
[2011/12/16 15:02:03 | 000,000,000 | ---D | M] (DownThemAll! [de]) -- C:\Users\Silvio\AppData\Roaming\Mozilla\Firefox\Profiles\lxhsob26.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/12/16 15:02:03 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Silvio\AppData\Roaming\Mozilla\Firefox\Profiles\lxhsob26.default\extensions\firebug@software.joehewitt.com
[2011/12/16 15:02:03 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Silvio\AppData\Roaming\Mozilla\Firefox\Profiles\lxhsob26.default\extensions\moveplayer@movenetworks.com
[2011/12/16 15:02:03 | 000,000,000 | ---D | M] (Tab Kit) -- C:\Users\Silvio\AppData\Roaming\Mozilla\Firefox\Profiles\lxhsob26.default\extensions\tabkit@jomel.me.uk
[2011/12/16 15:02:03 | 000,000,000 | ---D | M] (Tabs Open Relative) -- C:\Users\Silvio\AppData\Roaming\Mozilla\Firefox\Profiles\lxhsob26.default\extensions\tabsopenrelative@jomel.me.uk
[2011/12/16 12:45:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Silvio\AppData\Roaming\Mozilla\Firefox\Profiles\lxhsob26.default\extensions\temp
[2011/12/16 15:02:03 | 000,000,000 | ---D | M] ("VideoDownloader") -- C:\Users\Silvio\AppData\Roaming\Mozilla\Firefox\Profiles\lxhsob26.default\extensions\videodowloader@videodownloader.net
[2011/12/16 12:45:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Silvio\AppData\Roaming\Mozilla\Firefox\Profiles\o459c9yh.default\extensions
[2011/12/16 12:45:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Silvio\AppData\Roaming\Mozilla\Firefox\Profiles\r9cpksud.default\extensions
[2011/12/16 12:45:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Silvio\AppData\Roaming\Mozilla\Firefox\Profiles\xbf0aybd.default\extensions
[2011/12/16 12:45:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Silvio\AppData\Roaming\Mozilla\Firefox\Profiles\zf0jir2j.default\extensions
[2012/01/08 06:56:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/07 08:44:16 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/08 06:56:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/01/08 06:56:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/08 06:56:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/01/08 06:56:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/01/08 06:56:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/01/08 06:56:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009/09/26 11:50:26 | 000,002,177 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 hxxp://www.adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 192.150.18.108
O1 - Hosts: 127.0.0.1 activate.adobe.com:443
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 192.150.18.108
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 14 more lines...
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] D:\Programme\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Silvio_ON_C..\Run: [SandboxieControl] D:\Programme\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\UpdatusUser_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] File not found
O4 - HKU\UpdatusUser_ON_C..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Silvio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\System32\acaptuser64.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{55ab961b-2901-11e1-9da0-50e549531b93}\Shell - "" = AutoRun
O33 - MountPoints2\{55ab961b-2901-11e1-9da0-50e549531b93}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{6d376ca2-2813-11e1-9599-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6d376ca2-2813-11e1-9599-806e6f6e6963}\Shell\AutoRun\command - "" = I:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/06/14 13:35:37 | 000,000,000 | ---D | C] -- C:\Users\Silvio\AppData\Roaming\Malwarebytes
[2012/06/14 13:35:33 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/14 13:35:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/14 13:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/14 13:35:03 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Silvio\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/14 12:32:56 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2012/06/14 12:32:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/14 12:32:55 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/14 12:32:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/14 12:32:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/14 12:32:55 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/14 12:32:54 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/14 12:32:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/14 12:32:54 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/14 12:32:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/14 12:32:53 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/14 12:32:53 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2012/06/14 12:32:53 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012/06/14 12:32:53 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/14 11:28:33 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/06/14 11:28:33 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/06/14 11:28:33 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/06/14 11:28:30 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/06/14 11:28:29 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/14 11:28:29 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/11 14:38:31 | 000,000,000 | ---D | C] -- C:\Users\Silvio\AppData\Roaming\Ukwpflqp
[2012/06/10 13:34:06 | 000,000,000 | ---D | C] -- C:\Users\Silvio\Documents\Assassin's Creed Revelations
[2012/05/28 13:45:15 | 000,000,000 | ---D | C] -- C:\Users\Silvio\AppData\Roaming\PunkBuster
[2012/05/22 13:40:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/05/22 13:39:02 | 025,743,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv64.dll
[2012/05/22 13:39:02 | 025,248,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2012/05/22 13:39:02 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/05/22 13:39:02 | 018,044,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dumx.dll
[2012/05/22 13:39:02 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/05/22 13:39:02 | 008,139,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2012/05/22 13:39:02 | 008,105,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012/05/22 13:39:02 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/05/22 13:39:02 | 002,881,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2012/05/22 13:39:02 | 002,681,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2012/05/22 13:39:02 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/05/22 13:39:02 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/05/22 13:39:02 | 002,368,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012/05/22 13:39:02 | 000,818,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012/05/22 13:39:02 | 000,364,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdecodemft.dll
[2012/05/22 13:39:02 | 000,301,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2012/05/22 13:39:02 | 000,246,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvinitx.dll
[2012/05/22 13:39:02 | 000,202,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012/05/22 13:39:02 | 000,188,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda64v.sys
[2012/05/22 13:39:02 | 000,031,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap64.dll
[2012/05/22 13:38:17 | 000,000,000 | ---D | C] -- C:\NVIDIA
========== Files - Modified Within 30 Days ==========
[2012/06/14 14:15:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/14 14:01:24 | 000,654,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/06/14 14:01:24 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/14 14:01:24 | 000,130,022 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/06/14 14:01:24 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/14 13:54:25 | 2134,200,319 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/14 13:35:33 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/14 13:26:38 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Silvio\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/14 13:20:44 | 000,031,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/14 13:20:44 | 000,031,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/14 12:39:49 | 000,293,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/14 11:44:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/10 12:34:44 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2012/06/10 05:26:39 | 000,543,861 | ---- | M] () -- C:\Users\Silvio\Desktop\Programmflyer_NGT2012_neu_27 Kopie .pdf
[2012/05/28 13:45:18 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/05/28 13:45:16 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/05/25 11:27:37 | 000,001,021 | ---- | M] () -- C:\Users\Silvio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/05/25 11:27:34 | 000,000,991 | ---- | M] () -- C:\Users\Silvio\Desktop\Dropbox.lnk
[2012/05/22 13:43:53 | 000,003,794 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012/05/22 13:40:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/05/17 22:06:48 | 002,311,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/05/17 21:58:39 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/05/17 21:58:15 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/05/17 21:55:22 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/05/17 21:55:06 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012/05/17 21:51:49 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2012/05/17 21:47:42 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/05/17 18:45:37 | 001,800,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2012/05/17 18:35:39 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/05/17 18:33:08 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/05/17 18:29:45 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/05/17 18:29:30 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/05/17 18:25:17 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/05/17 18:20:42 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
========== Files Created - No Company Name ==========
[2012/06/14 13:35:33 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/10 05:26:38 | 000,543,861 | ---- | C] () -- C:\Users\Silvio\Desktop\Programmflyer_NGT2012_neu_27 Kopie .pdf
[2012/05/28 13:45:17 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/05/28 13:45:16 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/05/15 13:50:35 | 000,003,584 | ---- | C] () -- C:\Users\Silvio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/14 20:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/03/11 16:38:10 | 000,003,794 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012/02/22 15:46:21 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/02/22 15:46:13 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/02/22 15:46:13 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/02/22 15:46:13 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/01/05 16:05:46 | 000,007,606 | ---- | C] () -- C:\Users\Silvio\AppData\Local\Resmon.ResmonCfg
[2011/12/23 15:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/12/23 15:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/12/23 15:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/12/23 15:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/12/23 15:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/12/17 13:04:00 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2011/12/17 10:55:59 | 000,000,254 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/12/17 10:55:59 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/12/17 10:55:20 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/12/17 10:54:55 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/12/17 10:46:23 | 000,000,080 | ---- | C] () -- C:\Windows\Brownie.ini
[2011/11/23 09:52:09 | 013,356,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/11/23 09:52:09 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/11/23 09:52:09 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/11/23 09:52:09 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/11/23 09:52:09 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/11/23 09:50:37 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011/04/27 09:21:44 | 000,002,048 | ---- | C] () -- C:\Windows\hidcon.exe
[2010/11/20 23:24:49 | 000,252,928 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2009/08/27 03:04:14 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/04/21 05:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\HtmlHelp.dll
========== LOP Check ==========
[2012/05/09 14:42:50 | 000,000,000 | ---D | M] -- C:\Users\Silvio\AppData\Roaming\Antares Design
[2012/06/14 11:52:43 | 000,000,000 | ---D | M] -- C:\Users\Silvio\AppData\Roaming\Avoger
[2011/12/17 18:42:21 | 000,000,000 | ---D | M] -- C:\Users\Silvio\AppData\Roaming\DisplayFusion
[2012/06/11 12:09:08 | 000,000,000 | ---D | M] -- C:\Users\Silvio\AppData\Roaming\Dropbox
[2012/02/21 14:39:33 | 000,000,000 | ---D | M] -- C:\Users\Silvio\AppData\Roaming\Leadertech
[2012/02/17 11:30:05 | 000,000,000 | ---D | M] -- C:\Users\Silvio\AppData\Roaming\Lexware
[2011/12/19 15:31:48 | 000,000,000 | ---D | M] -- C:\Users\Silvio\AppData\Roaming\OpenOffice.org
[2012/03/11 16:45:19 | 000,000,000 | ---D | M] -- C:\Users\Silvio\AppData\Roaming\Origin
[2012/05/28 13:45:15 | 000,000,000 | ---D | M] -- C:\Users\Silvio\AppData\Roaming\PunkBuster
[2012/01/14 10:11:32 | 000,000,000 | ---D | M] -- C:\Users\Silvio\AppData\Roaming\Samsung
[2012/05/15 15:49:01 | 000,000,000 | ---D | M] -- C:\Users\Silvio\AppData\Roaming\Temp
[2012/05/14 14:00:03 | 000,000,000 | ---D | M] -- C:\Users\Silvio\AppData\Roaming\Ubisoft
[2012/06/14 12:41:59 | 000,000,000 | ---D | M] -- C:\Users\Silvio\AppData\Roaming\Udxuod
[2012/06/11 14:38:31 | 000,000,000 | ---D | M] -- C:\Users\Silvio\AppData\Roaming\Ukwpflqp
[2011/12/16 14:35:37 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011/12/16 18:12:31 | 000,000,000 | ---D | M] -- C:\ProgramData\AVAST Software
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011/12/16 14:35:37 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2012/03/12 06:20:36 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core
[2012/03/17 09:12:27 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Logs
[2012/03/12 06:20:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2011/12/16 14:35:37 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012/02/17 11:30:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Lexware
[2012/03/12 06:15:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Origin
[2012/01/14 10:10:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Samsung
[2011/12/16 18:52:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Solidshield
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/12/16 14:35:37 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2012/04/25 13:13:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Tages
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/12/16 16:49:54 | 000,000,000 | ---D | M] -- C:\ProgramData\TP-LINK
[2012/06/10 13:34:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Ubisoft
[2011/12/16 14:35:37 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2012/04/21 16:02:55 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/03/01 12:22:14 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
--- --- ---
Was kann ich tun? :dummguck:
Viele Grüße, Bill |
