|
100 Euro Trojaner (msconfig.dat schuldig?) Jo Leute surf heute nichtsahnend im Web rum plötzlich kommt ein popup und meinen Computer blockierts einfach so... Anscheinend da ich mir Kinderpornographie und illegale Inhalte angeschaut hätte, was aber vollkommener Schwachsinn ist. Nun soll ich 100€ an ein "STAATSKONTO" überweisen... Die Frage ist wie bekomm ich den Trojaner von meinem rechner? Ich habs schonmal geschafft dass ich den Prozess einmalig beenden kann aber nicht komplett... Kann mir jemand helfen? Anschließend das Log-File OTL logfile created on: 25.07.2012 14:44:34 - Run 1 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\T***\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 52,25% Memory free 7,99 Gb Paging File | 5,79 Gb Available in Paging File | 72,46% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 236,27 Gb Total Space | 34,84 Gb Free Space | 14,75% Space Free | Partition Type: NTFS Drive D: | 695,24 Gb Total Space | 321,11 Gb Free Space | 46,19% Space Free | Partition Type: NTFS Computer Name: FAMILY | User Name: T*** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.25 14:43:47 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\T***\Desktop\OTL.exe PRC - [2012.07.12 19:16:10 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe PRC - [2012.06.27 12:29:26 | 001,996,200 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2012.06.17 14:43:47 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.05.08 20:33:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 20:33:17 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 20:33:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.21 22:04:01 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.01.26 19:38:52 | 000,525,768 | ---- | M] (Sony Computer Entertainment Inc.) -- C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe PRC - [2012.01.26 19:38:42 | 002,520,504 | ---- | M] (Sony Computer Entertainment Inc.) -- C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe PRC - [2012.01.03 17:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2011.11.17 07:41:38 | 000,050,176 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\msconfig.dat PRC - [2011.01.20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe PRC - [2010.10.27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009.07.14 03:14:44 | 000,360,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WerFault.exe PRC - [2009.07.14 03:14:42 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\TSTheme.exe PRC - [2009.06.05 09:28:49 | 004,833,792 | ---- | M] () -- C:\Program Files (x86)\Trust\GXT14 Mouse\POINTERGHOST.exe PRC - [2009.05.19 16:22:14 | 000,361,472 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Trust\GXT14 Mouse\RapooV1Process.exe PRC - [2009.05.18 04:37:12 | 000,354,816 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Trust\GXT14 Mouse\GameMouseServiceApp.exe PRC - [2008.10.21 14:53:44 | 001,650,688 | ---- | M] (Conrad Technology, Corp.) -- C:\Program Files (x86)\Conrad\Common\RaUI.exe PRC - [2008.05.29 19:22:32 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Trust\GXT14 Mouse\StartAutorun.exe PRC - [2008.05.13 16:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Conrad\Common\RalinkRegistryWriter.exe ========== Modules (No Company Name) ========== MOD - [2012.07.25 08:37:15 | 000,130,616 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\13001.029\components\AcroFF029.dll MOD - [2012.07.24 18:49:05 | 000,006,400 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\BAcroIEHelpe174.dll MOD - [2012.07.12 19:16:10 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll MOD - [2012.06.17 14:43:47 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011.11.17 07:41:38 | 000,050,176 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\msconfig.dat MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2009.06.05 09:28:49 | 004,833,792 | ---- | M] () -- C:\Program Files (x86)\Trust\GXT14 Mouse\POINTERGHOST.exe MOD - [2009.03.02 06:45:58 | 000,042,496 | ---- | M] () -- C:\Program Files (x86)\Trust\GXT14 Mouse\MouseHook.dll MOD - [2007.03.29 06:17:42 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Trust\GXT14 Mouse\keydll.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.01.17 20:03:54 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.07.12 19:16:10 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.29 23:24:28 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.06.27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.06.17 14:43:47 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.08 20:33:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 20:33:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.21 22:04:01 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.04.03 20:00:12 | 061,913,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SRV - [2010.04.03 20:00:10 | 000,428,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SRV - [2010.04.03 20:00:08 | 000,059,744 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100) SRV - [2010.04.03 12:00:10 | 000,146,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.18 04:37:12 | 000,354,816 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Program Files (x86)\Trust\GXT14 Mouse\GameMouseServiceApp.exe -- (KmGameMouseServiceV1) SRV - [2008.05.13 16:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Conrad\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 20:33:20 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 20:33:20 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.07 19:28:48 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.02.18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.01.17 20:04:19 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.01.17 20:03:52 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2011.01.17 20:03:52 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.01.07 16:02:28 | 000,045,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2010.12.25 13:37:16 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2010.12.17 13:51:34 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2010.09.23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010.09.07 15:02:29 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.09.07 15:02:29 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.09.07 15:02:29 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.09.07 15:02:29 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010.07.23 15:21:28 | 000,120,408 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2010.07.01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc) DRV:64bit: - [2010.07.01 11:01:38 | 000,293,416 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx) DRV:64bit: - [2010.06.23 18:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.05.24 20:07:58 | 000,253,728 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2010.05.15 00:04:16 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2010.05.15 00:04:16 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2010.04.27 17:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid) DRV:64bit: - [2010.04.27 17:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo) DRV:64bit: - [2010.04.27 17:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum) DRV:64bit: - [2010.04.27 15:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore) DRV:64bit: - [2010.04.27 15:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter) DRV:64bit: - [2010.04.27 10:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.04.27 10:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.04.03 11:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150) DRV:64bit: - [2010.03.10 04:03:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) DRV:64bit: - [2010.03.03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.02.27 06:02:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.01.28 12:01:36 | 000,385,072 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adp3132.sys -- (adp3132) DRV:64bit: - [2009.12.21 21:56:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.09.03 17:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB) DRV:64bit: - [2009.07.17 19:24:22 | 000,460,800 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rt73.sys -- (RT73) DRV:64bit: - [2009.07.17 01:51:54 | 000,028,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvamacpi.sys -- (nvamacpi) DRV:64bit: - [2009.07.16 13:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.15 12:01:54 | 000,027,664 | ---- | M] (TechniSat Provide) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MtsHID.sys -- (MtsHID) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.10 17:59:32 | 000,024,576 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RPGMOUSEV1.sys -- (KMWDFILTERV1) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.04.08 15:44:58 | 000,232,464 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2009.02.03 17:40:13 | 000,077,432 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01a.sys -- (sfdrv01a) DRV:64bit: - [2009.02.03 17:37:50 | 000,075,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01.sys -- (sfdrv01) DRV:64bit: - [2008.05.22 18:35:02 | 000,072,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciIsaSerial.sys -- (PciIsaSerial) DRV:64bit: - [2008.05.22 18:33:54 | 000,095,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciPPorts.sys -- (PciPPorts) DRV:64bit: - [2008.05.22 18:32:38 | 000,126,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciSPorts.sys -- (PciSPorts) DRV:64bit: - [2008.02.26 18:17:58 | 000,615,424 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364) DRV:64bit: - [2008.02.20 17:17:44 | 000,124,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SPorts.sys -- (SPorts) DRV:64bit: - [2008.02.20 17:17:22 | 000,095,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PPorts.sys -- (PPorts) DRV:64bit: - [2008.02.20 17:12:56 | 000,072,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ISASerial.sys -- (ISASerial) DRV:64bit: - [2008.02.18 16:57:38 | 000,031,744 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0) DRV:64bit: - [2008.02.06 03:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2007.10.12 03:40:00 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdide64.sys -- (amdide64) DRV:64bit: - [2007.02.08 19:47:24 | 000,107,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfvfs02.sys -- (sfvfs02) DRV:64bit: - [2006.07.10 18:21:22 | 000,022,936 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sfsync02.sys -- (sfsync02) DRV:64bit: - [2006.06.14 16:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2206084 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=66022 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=14947 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 05 F6 47 31 6A CB 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found IE - HKCU\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - No CLSID value found IE - HKCU\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - No CLSID value found IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {75681723-E244-412E-A0B1-FEA11206B46C} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AS-2&o=14944&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=RR&apn_dtid=YYYYYYYYDE&apn_uid=4F1CEC92-56BA-4C06-AC66-A5B3EDE5A111&apn_sauid=34F22B66-DBCB-4806-A6F6-32344D6E37B4 IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = hxxp://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=66022 IE - HKCU\..\SearchScopes\{4E94ADB6-83AA-4C4D-B44D-F6D09BB023A6}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{75681723-E244-412E-A0B1-FEA11206B46C}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms} IE - HKCU\..\SearchScopes\{75DA268F-DB04-4473-88C0-4183516C6FCB}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{A2F3E7AC-D763-4F27-BC02-B9E9B5BD3C8A}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKCU\..\SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}: "URL" = hxxp://search.kikin.com/search/?q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2206084 IE - HKCU\..\SearchScopes\{B1AB8012-A51A-484A-8B0E-C3ACAE4DDE94}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch FF Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2206084&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.0.19 FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.0.100010 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AS-2&o=14944&locale=de_DE&apn_uid=4F1CEC92-56BA-4C06-AC66-A5B3EDE5A111&apn_ptnrs=RR&apn_sauid=34F22B66-DBCB-4806-A6F6-32344D6E37B4&apn_dtid=YYYYYYYYDE&&q=" FF - prefs.js..network.proxy.autoconfig_url: "file:///C:\\Users\\Timo\\AppData\\Local\\Temp\\proxtube.pac" FF - prefs.js..network.proxy.http: "184.22.134.46" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\RAWThumbnailViewer@arcsoft.com.cn: C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2011.11.03 18:57:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 14:43:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.17 18:27:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Timo\AppData\Roaming\13001.029 [2012.07.25 08:37:15 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 14:43:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.17 18:27:37 | 000,000,000 | ---D | M] [2011.01.14 22:12:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timo\AppData\Roaming\mozilla\Extensions [2012.07.12 15:49:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\nkdr3w73.default\extensions [2012.06.28 16:50:23 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\nkdr3w73.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.01.16 23:02:43 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\nkdr3w73.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.03.17 20:54:46 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\nkdr3w73.default\extensions\battlefieldplay4free@ea.com [2011.01.24 20:34:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\nkdr3w73.default\extensions\engine@conduit.com [2012.05.17 18:16:12 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\nkdr3w73.default\extensions\ich@maltegoetz.de [2012.02.04 13:26:15 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\nkdr3w73.default\extensions\toolbar@ask.com [2012.04.06 16:37:35 | 000,002,401 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\nkdr3w73.default\searchplugins\askcom.xml [2010.11.02 17:02:34 | 000,000,941 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\nkdr3w73.default\searchplugins\conduit.xml [2012.07.21 19:27:50 | 000,001,056 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\nkdr3w73.default\searchplugins\icqplugin.xml [2012.06.17 14:43:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.07.25 08:37:15 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\TIMO\APPDATA\ROAMING\13001.029 [2012.06.17 14:43:48 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.17 14:43:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.17 14:43:46 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.17 14:43:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.03.07 22:11:29 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml [2012.06.17 14:43:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.17 14:43:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.17 14:43:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (ToolbarBHO Class) - {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (RAW Thumbnail Viewer) - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D81AF43-DE53-48D0-A199-42C2A226B24C} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_15_Premium\Trayserver.exe (MAGIX AG) O4 - HKLM..\Run: [trustGTX14] C:\Program Files (x86)\Trust\GXT14 Mouse\POINTERGHOST.exe () O4 - HKLM..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" File not found O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [CE8SIIFGSU] C:\Users\Timo\AppData\Local\Temp\Cbe.exe File not found O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [renovator] C:\Users\Timo\AppData\Roaming\Sun\{D6D7B47B-F5BE-4EBF-9AF4-CC26815841E4}\renovator.exe File not found O4 - HKCU..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found O4 - HKCU..\Run: [System] C:\Users\Timo\AppData\Roaming\system.exe File not found O4 - HKCU..\Run: [Userinit] C:\Users\Timo\AppData\Roaming\appconf32.exe () O4 - HKCU..\Run: [Windows Time] rundll32.exe ",EntryPoint File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: EXIF lesen - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm () O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Timo\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Timo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: EXIF lesen - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Timo\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Timo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab (JordanUploader Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 78.42.43.62 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76BB1AD4-11AE-40A2-9B6F-9EAF9F0288ED}: DhcpNameServer = 82.212.62.62 78.42.43.62 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FDA532FB-68AE-4CFC-8E2C-372D7266FB2B}: DhcpNameServer = 192.168.42.129 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (C:\Users\Timo\AppData\Roaming\msconfig.dat) - C:\Users\Timo\AppData\Roaming\msconfig.dat () O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{2e695a8a-8c75-11e1-98ca-4061868e1e6a}\Shell - "" = AutoRun O33 - MountPoints2\{2e695a8a-8c75-11e1-98ca-4061868e1e6a}\Shell\AutoRun\command - "" = J:\CMADownloader.exe O33 - MountPoints2\{50fdfe9d-e830-11e0-8e44-4061868e1e6a}\Shell - "" = AutoRun O33 - MountPoints2\{50fdfe9d-e830-11e0-8e44-4061868e1e6a}\Shell\AutoRun\command - "" = M:\MI.exe O33 - MountPoints2\{5ac02ef3-5c53-11e0-a769-4061868e1e6a}\Shell - "" = AutoRun O33 - MountPoints2\{5ac02ef3-5c53-11e0-a769-4061868e1e6a}\Shell\AutoRun\command - "" = N:\Autorun.exe O33 - MountPoints2\{8e007d8e-489e-11e0-908a-4061868e1e6a}\Shell - "" = AutoRun O33 - MountPoints2\{8e007d8e-489e-11e0-908a-4061868e1e6a}\Shell\AutoRun\command - "" = K:\OblivionLauncher.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.25 14:43:46 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Timo\Desktop\OTL.exe [2012.07.25 08:37:15 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\13001.029 [2012.07.23 21:33:43 | 000,000,000 | ---D | C] -- C:\Users\Timo\Desktop\Minecraft Server [2012.07.23 13:23:27 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\UAs [2012.07.22 22:22:05 | 000,000,000 | ---D | C] -- C:\Users\Timo\Desktop\Free Template - 3D Room in Sony Vegas Pro 8.0 [2012.07.22 21:14:04 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\13001.028 [2012.07.22 21:13:41 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\xmldm [2012.07.22 21:04:02 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\kock [2012.07.22 15:39:06 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\Deshaker [2012.07.15 02:49:52 | 000,000,000 | ---D | C] -- C:\Users\Timo\Desktop\ABBA [2012.07.13 16:56:30 | 000,000,000 | ---D | C] -- C:\Users\Timo\Desktop\London 12 [2012.07.12 23:37:05 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.07.12 23:37:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.07.12 23:37:05 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.07.12 23:37:05 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.07.12 23:37:03 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.07.12 23:37:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.07.12 23:37:03 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.07.12 23:37:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.07.12 23:37:02 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.07.12 23:37:02 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.07.12 23:37:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.07.12 23:37:01 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.07.12 23:37:01 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.07.12 11:43:18 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.08 21:27:02 | 000,000,000 | ---D | C] -- C:\Users\Timo\Desktop\BK [2012.07.08 15:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET [2012.07.08 15:38:40 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\Paint.NET [2012.06.30 20:58:03 | 000,405,144 | ---- | C] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll [2012.06.29 13:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012.06.29 13:04:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2011.07.01 22:27:05 | 000,040,445 | ---- | C] (Beepa Pty Ltd) -- C:\Program Files (x86)\uninstall.exe [2011.01.19 09:51:32 | 000,076,464 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\fraps64.dat [2011.01.19 09:51:28 | 002,538,672 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\fraps.exe [2011.01.19 09:49:02 | 000,163,840 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\frapslcd.dll [2010.12.02 10:08:12 | 000,253,104 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\fraps32.dll [2010.12.02 10:08:12 | 000,197,808 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\fraps64.dll [5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Users\Timo\Desktop\*.tmp files -> C:\Users\Timo\Desktop\*.tmp -> ] [1 C:\Users\Timo\AppData\Roaming\*.tmp files -> C:\Users\Timo\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.25 14:43:47 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Timo\Desktop\OTL.exe [2012.07.25 14:42:14 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.25 14:42:14 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.25 14:38:00 | 000,000,034 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\blckdom.res [2012.07.25 14:37:46 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.25 14:37:35 | 000,000,045 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\msconfig.ini [2012.07.25 14:33:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.25 14:33:46 | 3219,775,488 | -HS- | M] () -- C:\hiberfil.sys [2012.07.25 14:19:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.25 14:16:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.25 08:58:29 | 001,842,550 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.25 08:58:29 | 000,780,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.25 08:58:29 | 000,731,790 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.25 08:58:29 | 000,181,344 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.25 08:58:29 | 000,152,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.24 18:49:05 | 000,268,944 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\AcroIEHelpe174.dll [2012.07.24 18:49:05 | 000,006,400 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\BAcroIEHelpe174.dll [2012.07.23 21:26:50 | 003,879,116 | ---- | M] () -- C:\Users\Timo\Desktop\P1030176.JPG [2012.07.22 18:43:56 | 000,796,962 | ---- | M] () -- C:\Users\Timo\Desktop\Gray Comb Texture.jpg [2012.07.22 12:20:43 | 000,831,248 | ---- | M] () -- C:\Users\Timo\Documents\London 12 Part2.wmv.sfk [2012.07.22 12:20:34 | 561,948,898 | ---- | M] () -- C:\Users\Timo\Documents\London 2012 - Der Film.mp4 [2012.07.22 12:20:34 | 561,948,898 | ---- | M] () -- C:\Users\Timo\Desktop\London 2012 - Der Film.mp4 [2012.07.22 12:20:34 | 430,165,664 | ---- | M] () -- C:\Users\Timo\Desktop\London 2012 - Der Film.avi [2012.07.22 11:42:53 | 106,391,384 | ---- | M] () -- C:\Users\Timo\Documents\London 12 Part2.wmv.sfap0 [2012.07.22 11:22:02 | 404,640,769 | ---- | M] () -- C:\Users\Timo\Documents\London 12 Part2.wmv [2012.07.22 03:35:06 | 000,461,928 | ---- | M] () -- C:\Users\Timo\Documents\London 12 Part1.wmv.sfk [2012.07.22 03:33:31 | 059,118,488 | ---- | M] () -- C:\Users\Timo\Documents\London 12 Part1.wmv.sfap0 [2012.07.22 03:27:16 | 323,631,397 | ---- | M] () -- C:\Users\Timo\Documents\London 12 Part1.wmv [2012.07.22 02:51:26 | 000,461,984 | ---- | M] () -- C:\Users\Timo\Documents\London 12 Remake.mp4.sfk [2012.07.22 02:51:24 | 014,981,553 | ---- | M] () -- C:\Users\Timo\Documents\Ohne Titel.wmv [2012.07.22 02:30:36 | 315,984,214 | ---- | M] () -- C:\Users\Timo\Documents\London 12 Remake.mp4 [2012.07.22 02:02:18 | 316,037,570 | ---- | M] () -- C:\Users\Timo\Documents\London 12.mp4 [2012.07.21 22:36:26 | 064,184,079 | ---- | M] () -- C:\Users\Timo\Documents\Ohne Titel.mp4 [2012.07.13 13:14:27 | 003,145,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.12 19:16:10 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.07.12 19:16:10 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.07.10 14:22:44 | 000,009,728 | ---- | M] () -- C:\Users\Timo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.08 15:39:19 | 000,001,288 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk [2012.07.06 16:33:47 | 084,492,779 | ---- | M] () -- C:\Users\Timo\Documents\Tiesto Bitches.mp4 [2012.06.30 20:58:05 | 000,001,262 | ---- | M] () -- C:\Users\Timo\Desktop\Free YouTube Download.lnk [2012.06.30 14:57:27 | 106,041,645 | ---- | M] () -- C:\Users\Timo\Desktop\candles.rar [2012.06.29 23:33:48 | 000,000,222 | ---- | M] () -- C:\Users\Timo\Desktop\Spec Ops The Line Demo.url [5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Users\Timo\Desktop\*.tmp files -> C:\Users\Timo\Desktop\*.tmp -> ] [1 C:\Users\Timo\AppData\Roaming\*.tmp files -> C:\Users\Timo\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.25 13:07:19 | 000,000,045 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\msconfig.ini [2012.07.25 08:38:21 | 561,948,898 | ---- | C] () -- C:\Users\Timo\Desktop\London 2012 - Der Film.mp4 [2012.07.25 08:38:21 | 430,165,664 | ---- | C] () -- C:\Users\Timo\Desktop\London 2012 - Der Film.avi [2012.07.24 18:49:05 | 000,268,944 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\AcroIEHelpe174.dll [2012.07.24 18:49:05 | 000,006,400 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\BAcroIEHelpe174.dll [2012.07.22 21:13:53 | 000,000,034 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\blckdom.res [2012.07.22 18:43:42 | 000,796,962 | ---- | C] () -- C:\Users\Timo\Desktop\Gray Comb Texture.jpg [2012.07.22 11:50:25 | 561,948,898 | ---- | C] () -- C:\Users\Timo\Documents\London 2012 - Der Film.mp4 [2012.07.22 11:42:53 | 000,831,248 | ---- | C] () -- C:\Users\Timo\Documents\London 12 Part2.wmv.sfk [2012.07.22 11:42:42 | 106,391,384 | ---- | C] () -- C:\Users\Timo\Documents\London 12 Part2.wmv.sfap0 [2012.07.22 04:32:32 | 404,640,769 | ---- | C] () -- C:\Users\Timo\Documents\London 12 Part2.wmv [2012.07.22 03:33:31 | 000,461,928 | ---- | C] () -- C:\Users\Timo\Documents\London 12 Part1.wmv.sfk [2012.07.22 03:33:15 | 059,118,488 | ---- | C] () -- C:\Users\Timo\Documents\London 12 Part1.wmv.sfap0 [2012.07.22 02:54:34 | 323,631,397 | ---- | C] () -- C:\Users\Timo\Documents\London 12 Part1.wmv [2012.07.22 02:49:59 | 014,981,553 | ---- | C] () -- C:\Users\Timo\Documents\Ohne Titel.wmv [2012.07.22 02:44:32 | 000,461,984 | ---- | C] () -- C:\Users\Timo\Documents\London 12 Remake.mp4.sfk [2012.07.22 02:11:12 | 315,984,214 | ---- | C] () -- C:\Users\Timo\Documents\London 12 Remake.mp4 [2012.07.22 00:25:19 | 316,037,570 | ---- | C] () -- C:\Users\Timo\Documents\London 12.mp4 [2012.07.21 22:33:19 | 064,184,079 | ---- | C] () -- C:\Users\Timo\Documents\Ohne Titel.mp4 [2012.07.08 15:39:19 | 000,001,300 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk [2012.07.08 15:39:19 | 000,001,288 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk [2012.07.06 16:16:38 | 084,492,779 | ---- | C] () -- C:\Users\Timo\Documents\Tiesto Bitches.mp4 [2012.06.30 20:58:05 | 000,001,262 | ---- | C] () -- C:\Users\Timo\Desktop\Free YouTube Download.lnk [2012.06.30 13:58:13 | 106,041,645 | ---- | C] () -- C:\Users\Timo\Desktop\candles.rar [2012.06.29 23:33:48 | 000,000,222 | ---- | C] () -- C:\Users\Timo\Desktop\Spec Ops The Line Demo.url [2012.04.15 18:38:41 | 000,000,104 | ---- | C] () -- C:\Windows\MSUTIL.INI [2012.03.13 13:18:38 | 000,000,262 | ---- | C] () -- C:\Windows\FESTO.INI [2012.03.12 21:46:23 | 000,002,048 | -HS- | C] () -- C:\Users\Timo\AppData\Local\eb779564\@ [2012.01.11 20:08:52 | 000,050,176 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\msconfig.dat [2011.12.22 01:03:58 | 000,283,416 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.12.22 01:03:56 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.08.15 23:25:51 | 000,000,081 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.07.03 13:58:16 | 000,005,067 | ---- | C] () -- C:\ProgramData\hvcatrnw.tht [2011.04.30 00:33:45 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll [2011.04.30 00:33:45 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll [2011.04.01 19:48:26 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011.03.17 21:33:04 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2011.03.16 22:30:21 | 000,000,009 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\tabbles_hwnd_quick_link [2011.03.16 22:30:21 | 000,000,008 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\tabbles_hwnd_main [2011.01.24 20:38:10 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2011.01.19 09:35:18 | 000,001,872 | ---- | C] () -- C:\Program Files (x86)\README.HTM [2011.01.17 20:03:55 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.12.21 19:51:50 | 000,000,327 | ---- | C] () -- C:\Windows\DesktopSchneeFree.ini [2010.12.12 19:25:14 | 000,009,728 | ---- | C] () -- C:\Users\Timo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.05 01:35:36 | 027,556,501 | ---- | C] () -- C:\Program Files (x86)\550.PBP [2010.11.07 00:45:08 | 000,000,092 | ---- | C] () -- C:\Users\Timo\AppData\Local\fusioncache.dat [2010.11.07 00:44:13 | 001,823,252 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.10.26 17:36:26 | 000,000,137 | ---- | C] () -- C:\Windows\SIERRA.INI [2010.10.25 17:28:58 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll [2010.10.25 17:27:26 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\NMOCOD.DLL [2010.10.25 17:27:26 | 000,035,328 | ---- | C] () -- C:\Windows\SysWow64\INETWH32.DLL [2010.10.20 15:48:11 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2010.10.12 19:34:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.12.09 17:23:13 | 000,051,664 | RHS- | C] () -- C:\Users\Timo\AppData\Roaming\appconf32.exe ========== LOP Check ========== [2012.06.18 12:55:40 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\.minecraft [2012.07.22 22:14:09 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\13001.028 [2012.07.25 08:37:15 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\13001.029 [2010.12.04 00:13:25 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\ASCOMP Software [2012.04.15 00:09:27 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Blender Foundation [2011.02.11 21:23:22 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Canneverbe Limited [2011.01.16 12:56:02 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\CheckPoint [2011.03.07 19:46:23 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\DAEMON Tools Lite [2011.03.31 18:52:21 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\DarksporeData [2012.06.30 20:58:32 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\DVDVideoSoft [2012.06.30 20:58:16 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\DVDVideoSoftIEHelpers [2011.04.30 15:32:28 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\EAC [2012.03.13 16:58:56 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\FL_SIM_P4_MEC_LAB_D [2010.10.13 19:41:17 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\FreeFLVConverter [2012.04.06 15:15:09 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\GHISLER [2011.02.27 11:25:51 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\ICQ [2011.06.10 12:49:19 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\ImgBurn [2012.06.10 12:35:32 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\IrfanView [2012.07.22 21:04:02 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\kock [2010.10.29 23:10:01 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\LEGO Company [2011.04.15 19:27:08 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\MAGIX [2011.12.30 19:28:12 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\MAXON [2011.01.08 19:50:25 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\MinecraftTools [2012.02.24 01:51:31 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\MotioninJoy [2011.07.03 13:58:42 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\MOVAVI [2012.05.02 22:10:10 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Mp3tag [2011.01.23 21:34:33 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\MPEG Streamclip [2011.10.06 18:35:37 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\OpenOffice.org [2011.01.24 16:56:28 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Opera [2011.06.25 20:16:29 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\PanoramaStudio2 [2010.10.23 20:00:22 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\POINTERGHOSTV1 [2011.01.21 22:52:22 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Publish Providers [2012.07.12 15:46:42 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\RCP 6 [2011.01.09 18:27:49 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Registry Mechanic [2011.07.31 19:43:22 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Screaming Bee [2010.10.27 13:26:59 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\smc [2012.01.14 04:50:50 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Sony [2012.01.17 21:17:14 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Sony Creative Software Inc [2011.03.16 22:30:00 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Tabbles [2011.01.20 21:19:19 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\TeamViewer [2011.07.23 00:12:38 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\TS3Client [2012.07.23 13:23:50 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\UAs [2011.04.02 18:24:56 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Ubisoft [2011.01.15 11:32:08 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Uniblue [2010.11.13 17:10:01 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Unity [2012.07.23 13:24:13 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\xmldm [2012.04.11 19:42:02 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.01.25 19:11:46 | 000,000,282 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> C:\Windows:95A73EAF2F490019 @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C8B8CEBD @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > Ich hoffen mit diesen Infos kann mir jemand helfen, wenn ihr noch was braucht, dann schreibt es bitte ich bin neu hier und kenne mich nicht aus :) Danke im vorraus |
:hallo: Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code: :Processes
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! |
Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 06:08 Uhr. |
Copyright ©2000-2025, Trojaner-Board