Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   detect hat Xtreme Rat auf meinem Rechner gefunden (https://www.trojaner-board.de/161016-detect-hat-xtreme-rat-meinem-rechner-gefunden.html)

capcgn 21.11.2014 09:59
detect hat Xtreme Rat auf meinem Rechner gefunden
 
Ich habe gestern mit dem detect Programm eine Suche auf meinenm ansonsten völlig normal laufendem Rechner gemacht und habe eine Meldung bekommen, das mein Rechner mit Xtrem Rat befallen ist. Ich habe alle Virenscanner und Malewarebytes drüber laufen lassen, es kommt immer noch die Meldung. Nun habe ich wie in einem anderen tread beschrieben Farbar's Recovery Scan Tool drüber laufen lassen, vieleicht kann mir jemand helfen, den Virus loszuwerden, denn mit meinem Rechner muss ich arbeiten.
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-11-2014
Ran by Lange (administrator) on LANGE-PC on 21-11-2014 09:49:36
Running from C:\Users\Lange\Downloads
Loaded Profile: Lange (Available profiles: Lange & Gast)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(ActFax Communication) C:\Program Files\ActiveFax\Server\ActSrvNT.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Gigabyte Technology CO.) C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(ActFax Communication) C:\Program Files\ActiveFax\Client\ActFaxClient.exe
(ActFax Communication) C:\Program Files\ActiveFax\Terminal\TSClientB.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech, Inc.) C:\Program Files\Logitech\FlowScroll\KhalScroll.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro X576dw MFP\Bin\ScanToPCActivationApp.exe
(Spotify Ltd) C:\Users\Lange\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro X576dw MFP\Bin\HPNetworkCommunicatorCom.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro X576dw MFP\Bin\ScanToPCActivationApp.exe
() C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!\FriFon32.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Dropbox, Inc.) C:\Users\Lange\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [ActiveFax Client] => C:\Program Files\ActiveFax\Client\ActFaxClient.exe [1063656 2012-07-12] (ActFax Communication)
HKLM\...\Run: [ActiveFax Terminal Server] => C:\Program Files\ActiveFax\Terminal\TSClientB.exe [560360 2012-07-12] (ActFax Communication)
HKLM\...\Run: [LogiScrollApp] => C:\Program Files\Logitech\FlowScroll\KhalScroll.exe [166680 2012-02-08] (Logitech, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [241789 2009-07-07] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe [286720 2011-09-14] (Intel Corporation)
HKLM-x32\...\Run: [FLxHCIm64] => C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe [47616 2011-10-03] ()
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-09-06] (Western Digital)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-11-20] (AVAST Software)
HKLM\...\RunOnce: [RPMKickstart] => C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe [2552320 2011-03-30] (Gigabyte Technology CO., LTD.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4188070395-693738936-3909245983-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
HKU\S-1-5-21-4188070395-693738936-3909245983-1000\...\Run: [ActiveFax Client] => C:\Program Files\ActiveFax\Client\ActFaxClient.exe [1063656 2012-07-12] (ActFax Communication)
HKU\S-1-5-21-4188070395-693738936-3909245983-1000\...\Run: [HP Officejet Pro X576dw MFP (NET)] => C:\Program Files\HP\HP Officejet Pro X576dw MFP\Bin\ScanToPCActivationApp.exe [3485728 2013-09-11] (Hewlett-Packard Co.)
HKU\S-1-5-21-4188070395-693738936-3909245983-1000\...\Run: [Spotify Web Helper] => C:\Users\Lange\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-03] (Spotify Ltd)
HKU\S-1-5-21-4188070395-693738936-3909245983-1000\...\Run: [HP Officejet Pro X576dw MFP (NET) #2] => C:\Program Files\HP\HP Officejet Pro X576dw MFP\Bin\ScanToPCActivationApp.exe [3485728 2013-09-11] (Hewlett-Packard Co.)
HKU\S-1-5-21-4188070395-693738936-3909245983-1000\...\MountPoints2: {123c1c77-5806-11e3-af04-404e57434401} - H:\LG_PC_Programs.exe
HKU\S-1-5-21-4188070395-693738936-3909245983-1000\...\MountPoints2: {bd0e8a46-ce7a-11e1-8e09-404e57434401} - I:\iStudio.exe
HKU\S-1-5-21-4188070395-693738936-3909245983-1000\...\MountPoints2: {c5ea8e9c-cb82-11e1-94f6-806e6f6e6963} - E:\Run.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bigfoot Networks Killer Network Manager.lnk
ShortcutTarget: Bigfoot Networks Killer Network Manager.lnk -> C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!fon.lnk
ShortcutTarget: FRITZ!fon.lnk -> C:\Program Files (x86)\FRITZ!\FriFon32.exe (AVM Berlin)
Startup: C:\Users\Lange\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lange\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4188070395-693738936-3909245983-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4188070395-693738936-3909245983-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-4188070395-693738936-3909245983-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5B476C91955FCD01
HKU\S-1-5-21-4188070395-693738936-3909245983-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
URLSearchHook: HKU\S-1-5-21-4188070395-693738936-3909245983-1000 - (No Name) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No File
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-4188070395-693738936-3909245983-1000 -> DefaultScope {87DB9809-87A0-4c05-AB06-580A519E1F04} URL = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4188070395-693738936-3909245983-1000 -> {6D88C0D8-C493-417f-AC6B-AAF4E722D343} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
SearchScopes: HKU\S-1-5-21-4188070395-693738936-3909245983-1000 -> {768B26CD-17E3-49af-9475-418372EF93D4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
SearchScopes: HKU\S-1-5-21-4188070395-693738936-3909245983-1000 -> {87DB9809-87A0-4c05-AB06-580A519E1F04} URL = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
BHO: GBHO.BHO -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Logitech Flow Scroll -> {E11DB59D-5008-42ff-9069-535843BC0BE1} -> C:\Program Files\Logitech\FlowScroll\LogiSmooth.dll (Logitech, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Logitech Flow Scroll -> {E11DB59D-5008-42ff-9069-535843BC0BE1} -> C:\Program Files\Logitech\FlowScroll\32-bit\LogiSmooth.dll (Logitech, Inc.)
Toolbar: HKLM - Smart Recovery 2 - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Winsock: Catalog9 01 C:\Windows\SysWOW64\BfLLR.dll [178280] (Bigfoot Networks, Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\BfLLR.dll [178280] (Bigfoot Networks, Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\BfLLR.dll [178280] (Bigfoot Networks, Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\BfLLR.dll [178280] (Bigfoot Networks, Inc.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\BfLLR.dll [178280] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 01 %SYSTEMROOT%\system32\BfLLR.dll [194152] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 02 %SYSTEMROOT%\system32\BfLLR.dll [194152] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 03 %SYSTEMROOT%\system32\BfLLR.dll [194152] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 04 %SYSTEMROOT%\system32\BfLLR.dll [194152] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 15 %SYSTEMROOT%\system32\BfLLR.dll [194152] (Bigfoot Networks, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{6BD2F3B6-C95C-402D-B7B3-2651643441AA}: [NameServer] 31.168.224.100,5.135.12.56

FireFox:
========
FF ProfilePath: C:\Users\Lange\AppData\Roaming\Mozilla\Firefox\Profiles\sumw01jo.default
FF Homepage: https://news.google.de/|https://autoact.mobile.de/autoact/vehicleManagement/;jsessionid=25CCF00911CDDF7F020A4F9CE44A7425.act46-1_c01_3602
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Lange\AppData\Roaming\Mozilla\Firefox\Profiles\sumw01jo.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Lange\AppData\Roaming\Mozilla\Firefox\Profiles\sumw01jo.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
FF Extension: LastPass - C:\Users\Lange\AppData\Roaming\Mozilla\Firefox\Profiles\sumw01jo.default\Extensions\support@lastpass.com [2013-11-10]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Lange\AppData\Roaming\Mozilla\Firefox\Profiles\sumw01jo.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-11-19]
FF Extension: Adblock Plus - C:\Users\Lange\AppData\Roaming\Mozilla\Firefox\Profiles\sumw01jo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-19]
FF HKLM-x32\...\Firefox\Extensions: [{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}] - C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt
FF Extension: Logitech Flow Scroll - C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt [2012-07-17]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-20]
FF Extension: No Name - {5D3F3872-91E9-4d59-AD9F-AA174A3145DD} [Not Found]
FF Extension: No Name - wrc@avast.com [Not Found]

Chrome:
=======
CHR Profile: C:\Users\Lange\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [geooogfhpjdpeiphckpbgkhpbeobcaoi] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-07-17]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ActiveFaxServiceNT; C:\Program Files\ActiveFax\Server\ActSrvNT.exe [2014952 2012-07-12] (ActFax Communication)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-20] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-20] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-20] (Avast Software)
R2 Bigfoot Networks Killer Service; C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe [466944 2011-06-26] () [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-07-11] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-07-11] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [294912 2010-09-30] (Creative Technology Ltd) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)
R2 HPSLPSVC; C:\Users\Lange\AppData\Local\Temp\7zS7457\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [7168 2011-09-14] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed]
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital )

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2014-05-27] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2014-05-27] (LG Electronics Inc.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-09-05] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-20] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-20] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-20] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-20] ()
R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [79872 2009-06-10] (AVM GmbH)
R3 BfEdge7x64; C:\Windows\System32\DRIVERS\Edge7x64.sys [31336 2011-06-26] (Bigfoot Networks, Inc.)
R3 BFN7x64; C:\Windows\System32\DRIVERS\Xeno7x64.sys [157288 2011-06-26] (Bigfoot Networks, Inc.)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [70912 2011-10-04] (Fresco Logic)
R3 FPCIBASE; C:\Windows\System32\DRIVERS\fpcibase.sys [899328 2009-06-10] (AVM Berlin)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2014-11-18] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [23832 2011-09-14] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 RSUSBCCID; C:\Windows\SysWOW64\DRIVERS\RtsUCcid.sys [50176 2009-08-10] (Realtek Semiconductor Corp.)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [222720 2009-08-19] (Realtek Semiconductor Corp.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-20] (Avast Software)
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-21 09:49 - 2014-11-21 09:49 - 02117632 _____ (Farbar) C:\Users\Lange\Downloads\FRST64.exe
2014-11-21 09:49 - 2014-11-21 09:49 - 00030196 _____ () C:\Users\Lange\Downloads\FRST.txt
2014-11-21 09:49 - 2014-11-21 09:49 - 00000000 ____D () C:\FRST
2014-11-20 19:02 - 2014-11-20 19:02 - 00000000 ____D () C:\Windows\ERUNT
2014-11-20 19:01 - 2014-11-20 19:01 - 02140160 _____ () C:\Users\Lange\Downloads\AdwCleaner_4.101(1).exe
2014-11-20 19:01 - 2014-11-20 19:01 - 01707532 _____ (Thisisu) C:\Users\Lange\Downloads\JRT.exe
2014-11-20 18:12 - 2014-11-20 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2014-11-20 18:12 - 2014-11-20 18:12 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2014-11-20 17:50 - 2014-11-20 17:50 - 02953520 _____ (AVAST Software) C:\Users\Lange\Downloads\avast-browser-cleanup.exe
2014-11-20 17:49 - 2014-11-20 17:49 - 00000197 _____ () C:\Windows\system32\2014-11-20-16-49-00.082-AvastVBoxSVC.exe-4792.log
2014-11-20 17:44 - 2014-11-20 17:47 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\3CCE1163.sys
2014-11-20 17:07 - 2014-11-20 17:45 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-11-20 17:05 - 2014-11-20 17:07 - 202853696 _____ () C:\Users\Lange\Downloads\kav15.0.1.415de_6845.exe
2014-11-20 16:57 - 2014-11-20 16:57 - 00000197 _____ () C:\Windows\system32\2014-11-20-15-57-40.021-AvastVBoxSVC.exe-4920.log
2014-11-20 16:44 - 2014-11-20 16:45 - 07403840 _____ () C:\Users\Lange\Downloads\MyPhoneExplorer_Setup_1.8.6.exe
2014-11-20 16:41 - 2014-11-20 16:54 - 00000000 ____D () C:\AdwCleaner
2014-11-20 16:41 - 2014-11-20 16:41 - 02140160 _____ () C:\Users\Lange\Downloads\adwcleaner_4.101.exe
2014-11-20 14:48 - 2014-11-20 14:48 - 00000000 ____D () C:\Users\Lange\AppData\Roaming\LavasoftStatistics
2014-11-20 14:46 - 2014-11-20 14:46 - 01753736 _____ () C:\Users\Lange\Downloads\Adaware114_Installer.exe
2014-11-20 14:27 - 2014-11-20 14:27 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-11-20 14:27 - 2014-11-20 14:27 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-11-20 14:27 - 2014-11-20 14:27 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-11-20 14:27 - 2014-11-20 14:27 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-11-20 14:27 - 2014-11-20 14:27 - 00000000 ____D () C:\Program Files\Java
2014-11-20 14:08 - 2014-11-20 14:08 - 00000247 _____ () C:\Windows\system32\2014-11-20-13-08-11.014-aswFe.exe-9604.log
2014-11-20 14:05 - 2014-11-20 14:08 - 00000247 _____ () C:\Windows\system32\2014-11-20-13-05-22.020-aswFe.exe-11452.log
2014-11-20 14:05 - 2014-11-20 14:05 - 00000197 _____ () C:\Windows\system32\2014-11-20-13-05-19.024-AvastVBoxSVC.exe-10204.log
2014-11-20 14:03 - 2014-11-20 14:03 - 00000000 ____D () C:\Users\Lange\AppData\Roaming\AVAST Software
2014-11-20 14:02 - 2014-11-20 14:02 - 00001979 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk
2014-11-20 14:02 - 2014-11-20 14:02 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-11-20 14:02 - 2014-11-20 14:02 - 00000000 ____D () C:\Windows\system32\vbox
2014-11-20 14:02 - 2014-11-20 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-11-20 14:01 - 2014-11-20 14:03 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-20 14:01 - 2014-11-20 14:01 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-11-20 14:01 - 2014-11-20 14:01 - 00449936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-11-20 14:01 - 2014-11-20 14:01 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-11-20 14:01 - 2014-11-20 14:01 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-20 14:01 - 2014-11-20 14:01 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-20 14:01 - 2014-11-20 14:01 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-11-20 14:01 - 2014-11-20 14:01 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-20 14:01 - 2014-11-20 14:01 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-20 14:01 - 2014-11-20 14:01 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-20 14:01 - 2014-11-20 14:01 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-20 14:01 - 2014-11-20 14:01 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-20 14:01 - 2014-11-20 14:01 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-11-20 13:58 - 2014-11-20 13:58 - 00001755 _____ () C:\Users\Lange\Downloads\License(1).avastlic
2014-11-20 13:57 - 2014-11-20 13:57 - 04978536 _____ (AVAST Software) C:\Users\Lange\Downloads\avast_internet_security_setup_online.exe
2014-11-20 13:57 - 2014-11-20 13:57 - 00001755 _____ () C:\Users\Lange\Downloads\License.avastlic
2014-11-20 11:38 - 2014-11-20 18:57 - 00051252 _____ () C:\Users\Lange\Downloads\detekt.log
2014-11-20 11:37 - 2014-11-20 11:38 - 27810288 _____ () C:\Users\Lange\Downloads\detekt.exe
2014-11-20 11:16 - 2014-11-12 21:46 - 00615624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-11-20 11:15 - 2014-11-13 01:20 - 31893136 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-11-20 11:15 - 2014-11-13 01:20 - 24557712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-11-20 11:15 - 2014-11-13 01:20 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-11-20 11:15 - 2014-11-13 01:20 - 18514616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-11-20 11:15 - 2014-11-13 01:20 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-11-20 11:15 - 2014-11-13 01:20 - 14032984 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-11-20 11:15 - 2014-11-13 01:20 - 13944952 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-11-20 11:15 - 2014-11-13 01:20 - 13213512 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-11-20 11:15 - 2014-11-13 01:20 - 11397744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-11-20 11:15 - 2014-11-13 01:20 - 11336432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-11-20 11:15 - 2014-11-13 01:20 - 04292416 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-11-20 11:15 - 2014-11-13 01:20 - 04011208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-11-20 11:15 - 2014-11-13 01:20 - 02874456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-11-20 11:15 - 2014-11-13 01:20 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434475.dll
2014-11-20 11:15 - 2014-11-13 01:20 - 01540424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434475.dll
2014-11-20 11:15 - 2014-11-13 01:20 - 00964928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-11-20 11:15 - 2014-11-13 01:20 - 00935240 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-11-20 11:15 - 2014-11-13 01:20 - 00923792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-11-20 11:15 - 2014-11-13 01:20 - 00900928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-11-20 11:15 - 2014-11-13 01:20 - 00871648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-11-20 11:15 - 2014-11-13 01:20 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-11-20 11:15 - 2014-11-13 01:20 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-11-20 11:15 - 2014-11-13 01:20 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-11-20 11:15 - 2014-11-13 01:20 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-11-20 10:46 - 2014-11-20 10:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-11-20 10:37 - 2014-11-20 11:08 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-20 10:37 - 2014-11-20 10:40 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-20 10:37 - 2014-11-20 10:37 - 00001400 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-11-20 10:37 - 2014-11-20 10:37 - 00001388 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-11-20 10:37 - 2014-11-20 10:37 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-11-20 10:37 - 2014-11-20 10:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-11-20 10:37 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-11-20 10:36 - 2014-11-20 10:36 - 01125200 _____ () C:\Users\Lange\Downloads\SpyBot Search Destroy - CHIP-Installer(1).exe
2014-11-20 10:10 - 2014-11-21 09:35 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-20 10:09 - 2014-11-20 10:09 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Lange\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-20 10:09 - 2014-11-20 10:09 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-20 10:09 - 2014-11-20 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-20 10:09 - 2014-11-20 10:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-20 10:09 - 2014-11-20 10:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-20 10:09 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-20 10:09 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-20 10:09 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-19 14:33 - 2014-11-19 14:33 - 00001438 _____ () C:\Users\Lange\Downloads\batchStartApp(16).jnlp
2014-11-19 09:31 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 09:31 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 09:31 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 09:31 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 18:48 - 2014-11-18 18:54 - 00000000 ____D () C:\Users\Lange\AppData\Local\paint.net
2014-11-18 18:48 - 2014-11-18 18:48 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2014-11-18 18:48 - 2014-11-18 18:48 - 00001297 _____ () C:\Users\Public\Desktop\paint.net.lnk
2014-11-18 18:48 - 2014-11-18 18:48 - 00000000 ____D () C:\Program Files\paint.net
2014-11-18 18:40 - 2014-11-18 18:42 - 06272852 _____ () C:\Users\Lange\Downloads\paint.net.4.0.3.install.zip
2014-11-18 18:40 - 2014-11-18 18:40 - 01125200 _____ () C:\Users\Lange\Downloads\Paint NET - CHIP-Installer.exe
2014-11-18 18:25 - 2014-11-18 18:25 - 17385800 _____ (Google Inc.) C:\Users\Lange\Downloads\picasa39-setup.exe
2014-11-18 18:10 - 2014-11-18 18:10 - 01125200 _____ () C:\Users\Lange\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2014-11-18 17:53 - 2014-11-18 17:53 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-11-18 17:51 - 2014-11-18 17:51 - 00001522 _____ () C:\Windows\system32\.crusader
2014-11-18 17:46 - 2014-11-18 17:51 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-11-18 17:46 - 2014-11-18 17:47 - 13767767 _____ () C:\Users\Lange\Downloads\hitmanpro379.zip
2014-11-18 17:45 - 2014-11-18 17:45 - 01125200 _____ () C:\Users\Lange\Downloads\Hitman Pro - CHIP-Installer.exe
2014-11-18 17:31 - 2014-11-18 17:31 - 00000896 _____ () C:\Users\Lange\AppData\Local\recently-used.xbel
2014-11-18 17:31 - 2014-11-18 17:31 - 00000000 ____D () C:\Users\Lange\.thumbnails
2014-11-18 17:29 - 2014-11-18 17:31 - 00000000 ____D () C:\Users\Lange\AppData\Local\gtk-2.0
2014-11-18 17:26 - 2014-11-18 17:32 - 00000000 ____D () C:\Users\Lange\.gimp-2.8
2014-11-18 17:26 - 2014-11-18 17:26 - 00000000 ____D () C:\Users\Lange\AppData\Local\gegl-0.2
2014-11-18 17:24 - 2014-11-18 17:25 - 91670064 _____ (The GIMP Team ) C:\Users\Lange\Downloads\gimp-2.8.14-setup.exe
2014-11-17 18:36 - 2014-11-17 18:36 - 00001440 _____ () C:\Users\Lange\Downloads\batchStartApp(15).jnlp
2014-11-16 16:05 - 2014-11-16 16:05 - 00001440 _____ () C:\Users\Lange\Downloads\batchStartApp(14).jnlp
2014-11-15 14:53 - 2014-11-15 14:53 - 00001440 _____ () C:\Users\Lange\Downloads\batchStartApp(13).jnlp
2014-11-14 11:06 - 2014-11-14 11:06 - 00001438 _____ () C:\Users\Lange\Downloads\batchStartApp(12).jnlp
2014-11-13 18:54 - 2014-11-13 18:54 - 00001440 _____ () C:\Users\Lange\Downloads\batchStartApp(11).jnlp
2014-11-12 17:49 - 2014-11-12 17:49 - 00001440 _____ () C:\Users\Lange\Downloads\batchStartApp(10).jnlp
2014-11-12 16:49 - 2014-11-12 16:49 - 00001438 _____ () C:\Users\Lange\Downloads\batchStartApp(9).jnlp
2014-11-12 14:36 - 2014-11-12 14:36 - 00001440 _____ () C:\Users\Lange\Downloads\batchStartApp(8).jnlp
2014-11-12 11:53 - 2014-11-12 11:53 - 00001440 _____ () C:\Users\Lange\Downloads\batchStartApp(7).jnlp
2014-11-12 10:02 - 2014-11-12 10:02 - 00001438 _____ () C:\Users\Lange\Downloads\batchStartApp(6).jnlp
2014-11-12 09:29 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 09:29 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 09:29 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 09:29 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 09:29 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 09:29 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 09:29 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 09:29 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 09:29 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 09:29 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 09:29 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 09:29 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 09:29 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 09:29 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 09:29 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 09:29 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 09:29 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 09:29 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 09:29 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 09:29 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 09:29 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 09:29 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 09:29 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 09:29 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 09:29 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 09:29 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 09:29 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 09:29 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 09:29 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 09:29 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 09:29 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 09:29 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 09:29 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 09:29 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 09:29 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 09:29 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 09:29 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 09:29 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 09:29 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 09:29 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 09:29 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 09:29 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 09:29 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 09:29 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 09:29 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 09:29 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 09:29 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 09:28 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 09:28 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 09:28 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 09:28 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 09:28 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 09:28 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 09:28 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 09:28 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 09:28 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 09:28 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 09:28 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 09:28 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 09:28 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 09:28 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 09:28 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 09:28 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 09:28 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 09:28 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 09:28 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 09:28 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 09:28 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 09:28 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 09:28 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 09:28 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 09:28 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 09:28 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 09:28 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 09:28 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 09:28 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 09:28 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 09:28 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 09:28 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 09:28 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 09:28 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 09:28 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 09:28 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 09:28 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 09:28 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 09:28 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 09:28 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 09:28 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 09:28 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 09:28 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 09:28 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 09:28 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 09:28 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 09:28 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 09:28 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 09:28 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 09:28 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 09:28 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 09:28 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 09:28 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 09:28 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 18:47 - 2014-11-11 18:47 - 00001438 _____ () C:\Users\Lange\Downloads\batchStartApp(5).jnlp
2014-11-11 09:09 - 2014-11-04 01:04 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434465.dll
2014-11-11 09:09 - 2014-11-04 01:04 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434465.dll
2014-11-11 09:00 - 2014-11-11 09:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-10 12:32 - 2014-11-10 12:32 - 00001440 _____ () C:\Users\Lange\Downloads\batchStartApp(4).jnlp
2014-11-10 09:27 - 2014-11-10 09:27 - 00001440 _____ () C:\Users\Lange\Downloads\batchStartApp(3).jnlp
2014-11-08 15:48 - 2014-11-08 15:48 - 00001438 _____ () C:\Users\Lange\Downloads\batchStartApp(2).jnlp
2014-11-08 14:31 - 2014-11-08 14:31 - 00001438 _____ () C:\Users\Lange\Downloads\batchStartApp(1).jnlp
2014-11-08 11:48 - 2014-11-08 11:48 - 00001440 _____ () C:\Users\Lange\Downloads\batchStartApp.jnlp
2014-11-05 09:16 - 2014-10-30 05:53 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434460.dll
2014-11-05 09:16 - 2014-10-30 05:53 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434460.dll
2014-10-30 17:51 - 2014-10-30 17:51 - 00009118 _____ () C:\Users\Lange\Documents\Kosten 300 SE Coupe.xlsx
2014-10-26 11:28 - 2014-10-28 09:02 - 00000000 ____D () C:\Meine Webseiten
2014-10-26 11:27 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll
2014-10-26 11:27 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll
2014-10-24 07:35 - 2014-10-16 17:54 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434448.dll
2014-10-24 07:35 - 2014-10-16 17:54 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434448.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-21 09:49 - 2012-07-11 22:24 - 00000000 ____D () C:\Users\Lange\Documents\Outlook-Dateien
2014-11-21 09:35 - 2009-07-14 18:58 - 00704018 _____ () C:\Windows\system32\perfh007.dat
2014-11-21 09:35 - 2009-07-14 18:58 - 00151156 _____ () C:\Windows\system32\perfc007.dat
2014-11-21 09:35 - 2009-07-14 06:13 - 01632866 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-21 09:35 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-21 09:35 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-21 09:34 - 2013-11-28 09:49 - 00000000 ___RD () C:\Users\Lange\Dropbox
2014-11-21 09:34 - 2013-11-28 09:47 - 00000000 ____D () C:\Users\Lange\AppData\Roaming\Dropbox
2014-11-21 09:34 - 2012-07-11 19:24 - 00000000 ____D () C:\ProgramData\Bigfoot Networks
2014-11-21 09:34 - 2012-07-11 19:13 - 01982060 _____ () C:\Windows\WindowsUpdate.log
2014-11-21 09:33 - 2012-07-12 18:41 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-21 09:33 - 2012-07-11 19:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-21 09:33 - 2012-07-11 19:28 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-11-21 09:28 - 2012-07-26 08:02 - 00123451 _____ () C:\Windows\setupact.log
2014-11-21 09:28 - 2012-07-11 19:34 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-21 09:28 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-20 17:46 - 2012-07-11 19:50 - 00448498 _____ () C:\Windows\PFRO.log
2014-11-20 17:07 - 2013-10-03 11:42 - 00000000 ____D () C:\Users\Gast
2014-11-20 16:55 - 2013-11-22 16:50 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-20 16:54 - 2012-07-13 07:00 - 00000000 ____D () C:\Users\Lange\AppData\Roaming\MyPhoneExplorer
2014-11-20 16:46 - 2012-12-09 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-11-20 16:46 - 2012-07-13 07:00 - 00000000 ____D () C:\Program Files (x86)\MyPhoneExplorer
2014-11-20 16:35 - 2013-12-08 15:32 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\LG PC Suite.Lnk
2014-11-20 16:35 - 2013-12-08 15:24 - 00001115 _____ () C:\Users\Public\Desktop\LG PC Suite.Lnk
2014-11-20 16:35 - 2013-12-08 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG PC Suite
2014-11-20 14:28 - 2012-07-13 07:26 - 00000000 ____D () C:\Users\Lange\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-11-20 14:28 - 2012-07-13 07:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-11-20 14:28 - 2012-07-13 07:25 - 00000000 ____D () C:\Program Files\WinRAR
2014-11-20 13:59 - 2012-07-23 07:29 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-11-20 11:16 - 2014-01-28 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-11-20 11:16 - 2012-07-11 19:37 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-11-19 16:32 - 2012-07-11 19:13 - 00000000 ____D () C:\Users\Lange
2014-11-19 14:33 - 2014-10-13 08:01 - 00000000 ____D () C:\_list
2014-11-19 14:33 - 2012-07-15 16:02 - 00028782 _____ () C:\Users\Lange\ewa_client_0.log
2014-11-19 14:33 - 2012-07-15 16:02 - 00000122 _____ () C:\Users\Lange\.ewanapi_cookie
2014-11-18 18:47 - 2012-07-11 19:32 - 01606210 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-11-18 18:39 - 2012-07-12 18:41 - 00000000 ____D () C:\Users\Lange\AppData\Local\Google
2014-11-18 18:39 - 2012-07-12 18:41 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-18 17:55 - 2014-02-16 15:32 - 00000000 ____D () C:\Program Files (x86)\Convar
2014-11-18 17:51 - 2012-07-13 06:53 - 00000000 ____D () C:\Users\Lange\AppData\Roaming\BitTorrent
2014-11-18 17:18 - 2014-08-26 10:40 - 00000000 ____D () C:\Users\Lange\AppData\Local\Adobe
2014-11-18 17:18 - 2012-07-11 19:31 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-18 17:18 - 2012-07-11 19:31 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-18 17:18 - 2012-07-11 19:31 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-18 16:52 - 2012-07-12 07:55 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-18 16:51 - 2014-08-27 14:26 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-11-18 16:51 - 2012-07-12 07:55 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-16 16:27 - 2012-07-12 10:51 - 00000000 ____D () C:\Temp
2014-11-15 09:40 - 2013-11-28 09:49 - 00001027 _____ () C:\Users\Lange\Desktop\Dropbox.lnk
2014-11-15 09:40 - 2013-11-28 09:47 - 00000000 ____D () C:\Users\Lange\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-14 18:57 - 2012-07-12 18:41 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 18:57 - 2012-07-12 18:41 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 18:57 - 2012-07-12 18:41 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-14 11:28 - 2013-11-14 14:19 - 00000000 ____D () C:\Users\Lange\Desktop\HP SCAN
2014-11-13 10:36 - 2012-07-10 17:31 - 00000000 ____D () C:\Users\Lange\Documents\Buchhaltung Helga
2014-11-13 01:20 - 2014-01-28 13:11 - 16884632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-11-13 01:20 - 2013-02-25 23:32 - 20986592 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-11-13 01:20 - 2013-02-25 23:32 - 19966344 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-11-13 01:20 - 2013-02-25 23:32 - 03262784 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-11-13 01:20 - 2013-02-25 23:32 - 00989056 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-11-13 01:20 - 2012-07-11 19:37 - 00027094 _____ () C:\Windows\system32\nvinfo.pb
2014-11-12 22:56 - 2012-07-11 19:38 - 06897352 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-11-12 22:56 - 2012-07-11 19:38 - 03534152 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-11-12 22:56 - 2012-07-11 19:38 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-11-12 22:56 - 2012-07-11 19:38 - 00934032 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-11-12 22:56 - 2012-07-11 19:38 - 00386368 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-11-12 22:56 - 2012-07-11 19:38 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-11-12 15:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-12 12:33 - 2012-07-11 21:33 - 04918960 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-11-12 09:51 - 2012-07-11 19:30 - 00109280 _____ () C:\Users\Lange\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-12 09:49 - 2009-07-14 05:45 - 00419824 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 09:48 - 2014-05-06 18:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 09:47 - 2012-07-11 21:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 09:44 - 2013-08-14 07:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 09:41 - 2012-07-11 20:24 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 14:39 - 2012-07-10 17:38 - 00000000 ____D () C:\Users\Lange\Documents\Kopfbögen
2014-11-11 12:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-11 12:12 - 2012-07-11 20:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-11 11:29 - 2012-07-11 19:38 - 04100776 _____ () C:\Windows\system32\nvcoproc.bin
2014-11-05 10:52 - 2012-07-10 17:21 - 00000000 ____D () C:\Users\Lange\Car
2014-11-04 14:30 - 2012-07-11 20:10 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-28 09:34 - 2013-11-14 18:56 - 00000000 ____D () C:\Users\Lange\Desktop\Desktop Documente
2014-10-26 10:57 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

Some content of TEMP:
====================
C:\Users\Lange\AppData\Local\Temp\bitool.dll
C:\Users\Lange\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiyfrbx.dll
C:\Users\Lange\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Lange\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Lange\AppData\Local\Temp\nvStInst.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-17 12:10

==================== End Of Log ============================

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-11-2014
Ran by Lange at 2014-11-21 09:50:00
Running from C:\Users\Lange\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.20 - GIGABYTE)
3DPower B11.1027.1 (HKLM-x32\...\{53B0AB03-FC82-46C8-885B-F0A529FAFFAC}) (Version: 1.00.0001 - GIGABYTE)
64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) Hidden
ActiveFax (HKLM\...\ActiveFax) (Version:  - )
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
AVM FRITZ! (HKLM-x32\...\FRITZ! 2.0) (Version:  - AVM Berlin)
Bigfoot Networks Killer Network Manager (HKLM-x32\...\InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}) (Version:  - )
Bigfoot Networks Killer Network Manager (Version: 6.1.0.179 - Bigfoot Networks) Hidden
BitTorrent (HKU\S-1-5-21-4188070395-693738936-3909245983-1000\...\BitTorrent) (Version: 7.9.2.34947 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP640 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series) (Version:  - )
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.02 - Creative Technology Limited)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.02 - Creative Technology Limited)
Dropbox (HKU\S-1-5-21-4188070395-693738936-3909245983-1000\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
Easy Tune 6 B11.1027.3 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B11.1027.3 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
Fresco Logic USB3.0 Host Controller (HKLM\...\{CED739E0-FCE3-46A9-9F0E-C641D8A842C0}) (Version: 3.5.2.0 - Fresco Logic Inc.)
FUJIFILM MyFinePix Studio 4.2 (HKLM-x32\...\MyFinePix Studio_is1) (Version:  - )
Google Apps Migration For Microsoft Outlook® 3.0.19.44 (HKLM\...\{9B832FB8-03F6-4FFB-AA7F-67A733F6BBD7}) (Version: 3.0.19.44 - Google, Inc.)
Google Apps Sync™ for Microsoft Outlook® 3.5.380.1010 (HKLM\...\{AA88BC5C-5507-44B3-80B2-E263A274C1C1}) (Version: 3.5.380.1010 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
gotomaxx PDFMAILER (HKLM-x32\...\{01310914-E3B8-40E8-BCF7-9C42E0639A43}) (Version: 5.1.82 - gotomaxx GmbH)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.)
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.)
Grewe Scanner-Interface Pro 3.0 (HKLM-x32\...\Grewe Scanner-Interface Pro_is1) (Version: 3.0 - Grewe Computertechnik GmbH)
HP Officejet Pro X576dw MFP - Grundlegende Software für das Gerät (HKLM\...\{43716874-F715-41BB-B183-DC7EEE6843AB}) (Version: 32.0.90.45518 - Hewlett-Packard Co.)
HP Officejet Pro X576dw MFP Hilfe (HKLM-x32\...\{82BCDF9D-88ED-4A47-AE59-CE320ED235E3}) (Version: 29.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.21.1134 - Intel Corporation)
Intel(R) Rapid Storage Technology enterprise (HKLM-x32\...\{8B313BF5-9BD5-42a3-94C1-A28AF3AA51CC}) (Version: 3.0.0.1112 - Intel Corporation)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
K-Lite Codec Pack 8.8.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.8.0 - )
LG PC Suite (HKLM-x32\...\LG PC Suite) (Version: 5.3.20.20141013 - LG Electronics)
LG United Mobile Drivers (HKLM-x32\...\{15A5D29A-F209-49FD-BA47-5E4C882FF496}) (Version: 3.12.1.0 - LG Electronics)
LightScribe System Software (HKLM-x32\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
Logitech Flow Scroll 4.0 (HKLM\...\Sn1) (Version: 4.00.33 - Logitech)
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1010 - Marvell)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MPC-HC 1.6.2.4902 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.6.2.4902 - MPC-HC Team)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
Nero Burning ROM 11 (HKLM-x32\...\{05A6B1CD-AA10-46A0-8D5C-6AD2A9EEFC8B}) (Version: 11.2.00400 - Nero AG)
NVIDIA 3D Vision Controller-Treiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
ON_OFF Charge B11.0905.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RAF (HKLM-x32\...\{E6B43401-E818-4961-AFED-118DD8E87642}) (Version: 1.00.0001 - FUJIFILM Corporation)
RAW FILE CONVERTER EX powered by SILKYPIX (HKLM-x32\...\InstallShield_{30B1CCDB-209B-4E94-8311-379F2E6B6B59}) (Version: 3 - Ichikawa Soft Laboratory)
RAW FILE CONVERTER EX powered by SILKYPIX (x32 Version: 3 - Ichikawa Soft Laboratory) Hidden
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30103 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
Smart 6 B11.1026.1 (HKLM-x32\...\{3B35725F-C623-4A1E-B5CC-99C0868679E3}) (Version: 1.00.0000 - GIGABYTE)
Sound Blaster X-Fi (HKLM-x32\...\{5B905D07-5B4E-4332-B735-6FDC5BFD60A4}) (Version: 1.0 - Creative Technology Limited)
Spotify (HKU\S-1-5-21-4188070395-693738936-3909245983-1000\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WD Drive Utilities (HKLM-x32\...\{72E40002-8CEC-47C1-A099-83AC8E173BF0}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{83270912-15C7-4336-822E-E8F1B1BBCA60}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{6FE8A1DA-8CA6-4801-BF0F-0F2FED143FF4}) (Version: 1.6.4.7 - Western Digital Technologies, Inc.)
Windows Deployment Tools (HKLM-x32\...\{BFC9778E-9765-C94C-C082-C2514F8DEB9B}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 (HKLM-x32\...\{F89D69CA-6EE1-E037-DD3B-08CDDE1BED1C}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 wims (HKLM-x32\...\{85F4ACB1-E7DC-C3C6-F4FD-BB936DF2695E}) (Version: 8.59.25584 - Microsoft)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4188070395-693738936-3909245983-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lange\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4188070395-693738936-3909245983-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lange\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4188070395-693738936-3909245983-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lange\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4188070395-693738936-3909245983-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lange\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4188070395-693738936-3909245983-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lange\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4188070395-693738936-3909245983-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lange\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4188070395-693738936-3909245983-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lange\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4188070395-693738936-3909245983-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lange\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4188070395-693738936-3909245983-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lange\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

18-11-2014 16:51:17 Prüfpunkt von HitmanPro
18-11-2014 17:48:18 paint.net v4.0.3
19-11-2014 15:22:08 Windows Update
20-11-2014 09:45:51 Windows Update
20-11-2014 12:59:44 avast! antivirus system restore point
20-11-2014 13:01:59 Gerätetreiber-Paketinstallation: Avast Netzwerkdienst
20-11-2014 13:08:46 Removed AVG 2015
20-11-2014 13:09:41 Removed AVG 2015
20-11-2014 13:46:20 AA11
20-11-2014 15:28:21 AA11

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {13BC62DE-ABA3-4D85-9778-E1D77C6564C0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-12] (Google Inc.)
Task: {614A147C-A9B9-4F23-8898-35390059B940} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-12] (Google Inc.)
Task: {6AC93E36-6941-4594-8745-B00F7C4E8B65} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-18] (Adobe Systems Incorporated)
Task: {8D96C08C-24EC-4CE1-8DEA-AD5926450957} - System32\Tasks\FaxApplications.exe_{EBC3C6BE-A586-4C88-A2B0-0CEECA270F4B} => C:\Program Files\HP\HP Officejet Pro X576dw MFP\Bin\FaxApplications.exe [2013-09-11] (Hewlett-Packard Co.)
Task: {9387BEEF-C370-410D-B93B-03A84CDFBC79} - System32\Tasks\0414bUpdateInfo => C:\ProgramData\Avg_Update_0414b\0414b_AVG-Secure-Search-Update.exe [2014-04-09] ()
Task: {9FDFA2BC-0FE3-47A4-9533-8FB531C09DCE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {AD610D34-BE05-45A9-97DC-A1AC36D441DC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BC05A639-D90A-4BED-BE6E-B062CAC39903} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {BF9C65BF-7F63-4AAF-ABF9-D9CFB25AF500} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-20] (AVAST Software)
Task: {C3B77CDF-5D12-4AB1-9342-155043C628B5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {D6C24CAA-0C74-4579-88BC-E430DBD64F64} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D8207A8B-BD5E-4BFC-8AE5-83E303A9D15A} - System32\Tasks\FaxApplications.exe_{EEBD0817-A0C9-49D6-8FD8-DB4BBA7A45E1} => C:\Program Files\HP\HP Officejet Pro X576dw MFP\Bin\FaxApplications.exe [2013-09-11] (Hewlett-Packard Co.)
Task: {E11FDB14-18E1-46CD-8567-61CFD6EAD57C} - \CloudScout No Task File <==== ATTENTION
Task: C:\Windows\Tasks\0414bUpdateInfo.job => C:\ProgramData\Avg_Update_0414b\0414b_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-07-11 19:38 - 2014-11-12 22:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-07-12 09:49 - 2006-02-23 10:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll
2012-07-12 09:49 - 2006-02-22 09:39 - 00020480 _____ () C:\Windows\System32\FritzPort64.dll
2012-07-24 16:01 - 2010-10-28 20:22 - 00014848 _____ () C:\Windows\System32\gengpmon.dll
2012-07-13 07:18 - 2010-06-17 20:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2011-06-26 06:34 - 2011-06-26 06:34 - 00466944 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe
2011-05-09 18:46 - 2011-05-09 18:46 - 02760192 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\QtCore4.dll
2011-05-09 18:56 - 2011-05-09 18:56 - 09856000 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\QtGui4.dll
2011-05-09 18:47 - 2011-05-09 18:47 - 00416256 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\QtXml4.dll
2011-06-26 06:34 - 2011-06-26 06:34 - 00200192 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\BFCommon.dll
2011-05-10 10:32 - 2011-05-10 10:32 - 00731648 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\qwt5.dll
2011-05-09 18:48 - 2011-05-09 18:48 - 00990720 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\QtNetwork4.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-10-07 10:39 - 2011-10-07 10:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2011-06-26 06:34 - 2011-06-26 06:34 - 00567808 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
2011-06-26 06:34 - 2011-06-26 06:34 - 00403968 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modApplications.dll
2011-06-26 06:34 - 2011-06-26 06:34 - 00036864 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modFeatures.dll
2011-06-26 06:34 - 2011-06-26 06:34 - 00025088 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modFraps.dll
2011-06-26 06:34 - 2011-06-26 06:34 - 00245248 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modGraph.dll
2011-06-26 06:34 - 2011-06-26 06:34 - 00062464 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modlcd.dll
2011-06-26 06:34 - 2011-06-26 06:34 - 00276992 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modNetwork.dll
2011-06-26 06:34 - 2011-06-26 06:34 - 00184832 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modNpu.dll
2011-06-26 06:34 - 2011-06-26 06:34 - 00215040 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modOptions.dll
2011-06-26 06:34 - 2011-06-26 06:34 - 00055808 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modOverview.dll
2011-06-26 06:34 - 2011-06-26 06:34 - 00048640 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modPing.dll
2011-06-26 06:34 - 2011-06-26 06:34 - 00333824 _____ () C:\Program Files\Bigfoot Networks\Killer Network Manager\plugins\modSystemInfo.dll
2014-01-10 06:26 - 2014-01-10 06:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-10-07 08:23 - 2014-09-12 19:15 - 00011536 _____ () C:\Program Files (x86)\TeamViewer\Version9\outlook\ManagedAggregator.dll
2013-02-15 03:36 - 2013-02-15 03:36 - 01554496 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2014-11-20 14:01 - 2014-11-20 14:01 - 02903040 _____ () C:\Program Files\AVAST Software\Avast\defs\14112000\algo.dll
2014-11-21 09:28 - 2014-11-21 09:28 - 02903040 _____ () C:\Program Files\AVAST Software\Avast\defs\14112001\algo.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-20 10:37 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-11-20 10:37 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-11-20 10:37 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-11-20 10:37 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-11-20 10:37 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-10-15 02:39 - 2014-10-15 02:39 - 00019968 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\PSIClient\521f51b04686186c4dcc381316d0c091\PSIClient.ni.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2012-07-11 19:23 - 2009-12-29 15:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2012-07-11 19:23 - 2010-10-04 16:39 - 00183808 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2014-11-21 09:34 - 2014-11-21 09:34 - 00043008 _____ () c:\users\lange\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiyfrbx.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Lange\AppData\Roaming\Dropbox\bin\libcef.dll
2014-01-10 06:28 - 2014-01-10 06:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-11-20 14:01 - 2014-11-20 14:01 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-11-11 09:00 - 2014-11-11 09:00 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-11-10 11:19 - 2013-11-09 03:37 - 01020928 _____ () C:\Users\Lange\AppData\Roaming\Mozilla\Firefox\Profiles\sumw01jo.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Lange\Documents\Bild in Unterschrift.gif:Q30lsldxJoudresxAaaqpcawXc
AlternateDataStreams: C:\Users\Lange\Documents\Bild in Unterschrift.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lange\Documents\Geburtstagscard.jpg:Q30lsldxJoudresxAaaqpcawXc
AlternateDataStreams: C:\Users\Lange\Documents\Geburtstagscard.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lange\Documents\logo.bmp:Q30lsldxJoudresxAaaqpcawXc
AlternateDataStreams: C:\Users\Lange\Documents\logo.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lange\Documents\logo.jpg:Q30lsldxJoudresxAaaqpcawXc
AlternateDataStreams: C:\Users\Lange\Documents\logo.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lange\Documents\logo.klein.1.JPG:Q30lsldxJoudresxAaaqpcawXc
AlternateDataStreams: C:\Users\Lange\Documents\logo.klein.1.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lange\Documents\logo.klein.JPG:Q30lsldxJoudresxAaaqpcawXc
AlternateDataStreams: C:\Users\Lange\Documents\logo.klein.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lange\Documents\logogrossjpeg.jpg:Q30lsldxJoudresxAaaqpcawXc
AlternateDataStreams: C:\Users\Lange\Documents\logogrossjpeg.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Lange\Documents\Unterschriftpic.jpg:Q30lsldxJoudresxAaaqpcawXc
AlternateDataStreams: C:\Users\Lange\Documents\Unterschriftpic.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-4188070395-693738936-3909245983-500 - Administrator - Disabled)
Gast (S-1-5-21-4188070395-693738936-3909245983-501 - Limited - Disabled) => C:\Users\Gast
Lange (S-1-5-21-4188070395-693738936-3909245983-1000 - Administrator - Enabled) => C:\Users\Lange

==================== Faulty Device Manager Devices =============

Name: HP Officejet Pro X576dw MFP
Description: HP Officejet Pro X576dw MFP
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/21/2014 09:34:08 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (11/20/2014 07:08:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (11/21/2014 09:34:08 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe

Error: (11/20/2014 07:08:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3820 CPU @ 3.60GHz
Percentage of memory in use: 21%
Total physical RAM: 16303.27 MB
Available physical RAM: 12767.43 MB
Total Pagefile: 32604.72 MB
Available Pagefile: 28691.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (WINDOWS 7) (Fixed) (Total:238.37 GB) (Free:20.2 GB) NTFS
Drive f: (Load) (Fixed) (Total:465.76 GB) (Free:205.24 GB) NTFS
Drive g: (Sicherung) (Fixed) (Total:931.51 GB) (Free:931.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: AC12337A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 09EBCC84)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=42)

========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 6910534C)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Vielen Dank im Voraus. Andreas

cosinus 21.11.2014 10:16
Hi,

Logs von Malwarebytes und Detekt bitte nachreichen

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

capcgn 21.11.2014 10:23
Hier der log:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 20.11.2014
Scan Time: 14:43:59
Logfile: malwarebyteslog.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.20.04
Rootkit Database: v2014.11.18.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Lange

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 413843
Time Elapsed: 4 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
detect gibt leider keinen log raus.

cosinus 21.11.2014 10:23
Zitat:
detect gibt leider keinen log raus.
Schau auf den Desktop. Wenn dort kein Log von Detekt ist, dann schau ins Verzeichnis, in dem auch die detekt.exe liegt

Hatte MBAM wirklich nichts gefunden? Falls doch, bitte alle Logs mit Funden posten.

capcgn 21.11.2014 10:31
nun habe ich den detect log gefunden:
Code:
2014-11-20 11:38:36,125 - detector - INFO - Starting with process ID 9696
2014-11-20 11:38:36,125 - detector - ERROR - The user is not an Administrator, aborting
2014-11-20 11:40:07,681 - detector - INFO - Starting with process ID 9060
2014-11-20 11:40:07,681 - detector - ERROR - The user is not an Administrator, aborting
2014-11-20 11:42:20,371 - detector - INFO - Starting with process ID 1488
2014-11-20 11:42:20,371 - detector - INFO - Selected Profile Name: Win7SP1x64
2014-11-20 11:42:20,371 - detector - INFO - Selected Driver: C:\Users\Lange\AppData\Local\Temp\_MEI95202\drivers\winpmem64.sys
2014-11-20 11:42:20,371 - detector.service - INFO - Launching service destroyer...
2014-11-20 11:42:20,371 - detector.service - DEBUG - Unable to OpenService: (1060, 'OpenService', 'Der angegebene Dienst ist kein installierter Dienst.')
2014-11-20 11:42:20,387 - detector.service - INFO - Trying to stop the winpmem service...
2014-11-20 11:42:20,387 - detector.service - INFO - Trying to delete the winpmem service...
2014-11-20 11:42:20,387 - detector.service - DEBUG - Unable to delete the service: (6, 'DeleteService', 'Das Handle ist ung\xfcltig.')
2014-11-20 11:42:20,496 - detector.service - INFO - Trying to start the winpmem service...
2014-11-20 11:42:20,558 - detector - INFO - Service started
2014-11-20 11:42:20,558 - detector - INFO - Selected Yara signature file at C:\Users\Lange\AppData\Local\Temp\_MEI95202\rules\signatures.yar
2014-11-20 11:42:20,558 - detector - INFO - Obtaining address space and generating config for volatility
2014-11-20 11:42:21,917 - detector - INFO - Address space: <volatility.plugins.addrspaces.amd64.AMD64PagedMemory object at 0x0A390670>, Base: <volatility.plugins.addrspaces.win32pmem.Win32FileAddressSpace object at 0x08682D70>
2014-11-20 11:42:21,917 - detector - INFO - Profile: <volatility.plugins.overlays.windows.win7.Win7SP1x64 object at 0x0963F130>, DTB: 0x1a7000
2014-11-20 11:42:21,917 - detector - INFO - Starting yara scanner...
2014-11-20 12:01:32,157 - detector - WARNING - Process mbamservice.ex (pid: 2512) matched: Xtreme at address: 0x1A3A2E48, Value:

58 00 74 00 72 00 65 00 6d 00 65 00 4b 00 65 00 X.t.r.e.m.e.K.e.
79 00 6c 00 6f 00 67 00 67 00 65 00 72 00 00 00 y.l.o.g.g.e.r...
ca a8 86 4e 10 00 00 88 63 b3 5e 5c 27 d2 30 0f ...N....c.^\'.0.
27 d2 30 0f 27 d2 30 0f 00 00 00 00 07 00 00 00 '.0.'.0.........
00 00 00 00 00 00 00 00 d5 a8 86 4e 00 00 00 88 ...........N....
65 00 78 00 65 00 00 17 73 00 76 00 63 00 68 00 e.x.e...s.v.c.h.
6f 00 73 00 74 00 2e 00 65 00 78 00 65 00 00 00 o.s.t...e.x.e...
d0 a8 86 4e 00 00 00 88 48 b6 9f 1a 00 00 00 00 ...N....H.......
0a 00 00 00 10 00 00 00 20 00 00 00 27 00 00 00 ............'...
58 10 00 00 00 00 00 00 db a8 86 4e 00 00 00 88 X..........N....
50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 PADDINGXXPADDING
00 00 00 00 07 00 00 00 00 00 30 00 00 00 00 00 ..........0.....
e6 a8 86 4e 00 b2 00 88 38 b4 9f 1a 47 00 53 00 ...N....8...G.S.
56 00 52 00 33 00 32 00 20 00 00 00 27 00 00 00 V.R.3.2.....'...
00 00 00 00 00 00 00 00 e1 a8 86 4e 00 00 00 88 ...........N....
37 30 63 34 33 38 61 62 00 00 00 00 55 8b ec 51 70c438ab....U..Q

2014-11-20 12:01:33,622 - detector - WARNING - Process mbamservice.ex (pid: 2512) matched: Xtreme at address: 0x1AF6C808, Value:

58 00 74 00 72 00 65 00 6d 00 65 00 52 00 41 00 X.t.r.e.m.e.R.A.
54 00 8d 4e 00 00 00 80 f4 1c 00 00 00 00 4f 00 T..N..........O.
0a dd 71 4e 00 00 00 88 68 02 fb 1a 00 00 00 00 ..qN....h.......
07 00 00 00 00 00 00 00 20 00 00 00 27 00 00 00 ............'...
1e 6e 8d 4e 00 00 00 00 05 dd 71 4e 00 d2 00 88 .n.N......qN....
50 45 00 00 4c 01 03 00 00 00 3f 3f 3f 3f 50 45 PE..L.....????PE
43 4f 00 00 00 00 00 00 10 00 00 00 00 00 00 00 CO..............
00 dd 71 4e 00 00 00 88 70 03 fb 1a 00 d2 fa 1a ..qN....p.......
00 00 00 00 00 00 00 00 20 00 00 00 27 00 00 00 ............'...
0f 00 00 00 00 00 00 00 1b dd 71 4e 00 00 00 88 ..........qN....
50 45 00 00 4c 01 03 00 00 00 3f 3f 3f 3f 50 45 PE..L.....????PE
43 4f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CO..............
16 dd 71 4e 00 00 00 88 c8 03 fb 1a 00 00 00 00 ..qN............
0c 6e 8d 4e 00 00 00 80 20 00 00 00 27 00 00 00 .n.N........'...
00 00 00 00 00 00 00 00 11 dd 71 4e 00 00 00 88 ..........qN....
d5 32 96 79 ac 17 3e b3 a4 ab 62 50 a3 c3 e0 3d .2.y..>...bP...=

2014-11-20 12:01:33,622 - detector - WARNING - Process mbamservice.ex (pid: 2512) matched: Xtreme at address: 0x1B090EB0, Value:

58 00 74 00 72 00 65 00 6d 00 65 00 52 00 41 00 X.t.r.e.m.e.R.A.
54 00 76 00 23 00 2e 00 23 00 20 00 2a 00 20 00 T.v.#...#...*...
49 00 6e 00 73 00 74 00 61 00 6c 00 6c 00 61 00 I.n.s.t.a.l.l.a.
74 00 69 00 6f 00 6e 00 2a 00 00 00 00 00 00 00 t.i.o.n.*.......
89 52 5a 4e 00 00 00 88 58 21 00 00 00 00 97 03 .RZN....X!......
58 21 97 03 57 0d 00 00 00 47 6f 6c 64 20 41 6e X!..W....Gold.An
74 69 76 69 72 75 73 00 47 6f 6c 64 20 41 6e 74 tivirus.Gold.Ant
69 76 69 72 75 73 2e 65 78 65 00 6d 73 63 6f 72 ivirus.exe.mscor
6c 69 62 00 72 75 73 00 b0 52 5a 4e 00 00 00 88 lib.rus..RZN....
e8 5b 28 1a 00 00 00 00 00 00 00 00 00 00 00 00 .[(.............
20 00 00 00 27 00 00 00 00 00 00 00 00 00 00 00 ....'...........
50 11 28 1a 00 00 00 00 00 00 00 00 00 00 00 00 P.(.............
20 00 00 00 27 00 00 00 00 00 00 00 00 00 00 00 ....'...........
a7 52 5a 4e 00 00 00 88 90 53 27 1a 00 00 00 00 .RZN.....S'.....
00 00 00 00 00 00 00 00 20 00 00 00 27 00 00 00 ............'...
00 00 00 00 00 00 00 00 f8 f7 28 1a 00 00 00 00 ..........(.....

2014-11-20 12:01:36,401 - detector - WARNING - Process mbamservice.ex (pid: 2512) matched: Xtreme at address: 0x19932E04, Value:

58 74 72 65 6d 65 52 41 54 76 32 2e 39 5c 48 75 XtremeRATv2.9\Hu
6c 6b 6d 6f 64 49 6e 73 74 61 6c 6c 65 72 2e 65 lkmodInstaller.e
78 65 23 23 24 24 23 23 00 6f 66 74 00 3f 70 ef xe##$$##.oft.?p.
b9 68 0d f8 00 00 63 b5 b4 87 1a 95 7f 28 50 c7 .h....c......(P.
43 47 df 3a 20 12 2a fd d7 6d 6b 6d 7b 79 0a 74 CG.:..*..mkm{y.t
8d 80 4c b4 f7 25 af d4 d4 cf 49 5e 98 d2 0c ea ..L..%....I^....
37 bb 03 2b a6 2a fa ce d6 38 9d da 7d b1 d1 e5 7..+.*...8..}...
40 c7 b8 3c 10 75 2d ae 4e 7b 9f f8 4e 33 b5 6e @..<.u-.N{..N3.n
75 6f 8b 1c 11 ec 9c 77 67 1d 9c 91 04 11 e5 f9 uo.....wg.......
01 6e 5a 00 00 2e 46 03 00 f4 f0 a2 63 2a 48 cf .nZ...F.....c*H.
01 54 91 d5 74 2a 48 cf 01 d5 ab db 74 6d fb fa .T..t*H.....tm..
03 b3 88 ff 2b 9f f5 78 8e 35 de ea 0c 78 d2 f9 ....+..x.5...x..
b2 28 9e 55 3f 6a 9f f5 ab a0 24 97 31 b8 23 b1 .(.U?j....$.1.#.
7e 98 5c 08 09 85 f8 d7 b6 84 3c 2e 6f d7 a8 cc ~.\.......<.o...
7d 87 6b a5 b5 2e 24 01 d7 75 2c 70 bb 1d 32 e1 }.k...$..u,p..2.
39 f0 66 47 14 89 ad d9 8f b3 63 4d 00 00 68 00 9.fG......cM..h.

2014-11-20 12:01:36,401 - detector - WARNING - Process mbamservice.ex (pid: 2512) matched: Xtreme at address: 0x19E8B98A, Value:

58 00 74 00 72 00 65 00 6d 00 65 00 52 00 41 00 X.t.r.e.m.e.R.A.
54 00 00 47 35 2e 23 23 40 29 16 60 58 58 58 58 T..G5.##@).`XXXX
e0 61 61 61 9a c6 f7 ff ff ff ff ff ff ff 00 8c .aaa............
76 c5 9c a4 87 53 3e f9 15 31 a4 e9 ea 38 83 92 v....S>..1...8..
26 35 6d 8b ed f7 13 c9 ae f0 53 3c b9 09 3f 3f &5m.......S<..??
3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f ????????????????
3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 38 00 00 00 ????????????8...
00 00 00 00 00 00 00 00 00 00 00 00 00 00 a6 fa ................
fc 4e 00 00 00 88 47 77 00 58 00 58 5a 00 32 7a .N....Gw.X.XZ.2z
00 00 35 00 56 59 52 49 35 45 37 44 77 59 31 4a ..5.VYRI5E7DwY1J
00 00 3e 00 41 00 40 00 ef 00 4c 0e 00 00 00 53 ..>.A.@...L....S
65 72 76 65 72 2e 70 61 63 6b 65 64 2e 70 61 63 erver.packed.pac
6b 65 64 2e 65 78 65 00 53 65 72 76 65 72 2e 70 ked.exe.Server.p
61 63 6b 65 64 2e 00 00 00 00 00 00 00 00 00 00 acked...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

2014-11-20 12:01:52,088 - detector - WARNING - Process mbamservice.ex (pid: 2512) matched: Xtreme at address: 0x1CC66280, Value:

58 00 74 00 72 00 65 00 6d 00 65 00 52 00 41 00 X.t.r.e.m.e.R.A.
54 00 2e 00 65 00 78 00 65 00 00 00 00 00 00 00 T...e.x.e.......
8b 94 b7 4e 00 00 00 88 53 00 6d 00 61 00 72 00 ...N....S.m.a.r.
74 00 54 00 69 00 70 00 3f 00 2e 00 65 00 78 00 t.T.i.p.?...e.x.
65 00 00 00 00 00 00 00 86 94 b7 4e 00 00 00 88 e..........N....
18 bc 83 6a 44 59 81 6a fc b1 82 6a 8d 69 82 6a ...jDY.j...j.i.j
6e 98 00 00 00 00 00 00 00 00 00 00 00 00 00 00 n...............
81 94 b7 4e 00 00 00 88 2a 00 6d 00 77 00 69 00 ...N....*.m.w.i.
6e 00 73 00 65 00 61 00 72 00 63 00 68 00 2a 00 n.s.e.a.r.c.h.*.
00 00 00 00 00 00 00 00 bc 94 b7 4e 00 00 00 88 ...........N....
73 00 65 00 61 00 72 00 63 00 68 00 5f 00 3f 00 s.e.a.r.c.h._.?.
3f 00 2e 00 65 00 78 00 65 00 00 00 00 00 00 00 ?...e.x.e.......
b7 94 b7 4e 00 00 00 88 57 00 54 00 6f 00 6f 00 ...N....W.T.o.o.
6c 00 2e 00 44 00 4c 00 4c 00 00 00 00 00 00 00 l...D.L.L.......
00 00 00 00 00 00 00 00 b2 94 b7 4e 00 00 00 88 ...........N....
57 00 54 00 6f 00 6f 00 6c 00 5f 00 44 00 41 00 W.T.o.o.l._.D.A.

2014-11-20 12:01:52,088 - detector - WARNING - Process mbamservice.ex (pid: 2512) matched: Xtreme at address: 0x1CEB1078, Value:

58 00 74 00 72 00 65 00 6d 00 65 00 52 00 41 00 X.t.r.e.m.e.R.A.
54 00 2a 00 2e 00 65 00 78 00 65 00 00 00 00 00 T.*...e.x.e.....
44 ef a2 4e 00 00 00 88 72 00 65 00 64 00 70 00 D..N....r.e.d.p.
6f 00 77 00 65 00 72 00 00 00 00 00 00 00 00 00 o.w.e.r.........
00 00 00 00 00 00 00 00 4f ef a2 4e 00 00 00 88 ........O..N....
4b 00 65 00 79 00 4c 00 6f 00 67 00 67 00 65 00 K.e.y.L.o.g.g.e.
72 00 20 00 3f 00 3f 00 2e 00 00 00 00 00 00 00 r...?.?.........
4a ef a2 4e 00 00 00 88 41 6c 70 68 61 30 2e 70 J..N....Alpha0.p
67 6d 2c 41 6c 70 68 61 31 2e 70 67 6d 00 00 00 gm,Alpha1.pgm...
00 00 00 00 00 00 00 00 75 ef a2 4e 00 00 00 88 ........u..N....
8d 35 3f 3f 3f 3f 40 00 6a 3f 3f 59 f3 3f 3f ff .5????@.j??Y.??.
57 fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 W...............
70 ef a2 4e 00 00 00 88 66 63 33 44 53 65 78 56 p..N....fc3DSexV
69 6c 6c 61 2e 64 6c 6c 00 00 00 00 00 00 00 00 illa.dll........
00 00 00 00 00 00 00 00 7b ef a2 4e 00 00 00 88 ........{..N....
46 00 72 00 65 00 65 00 43 00 6f 00 64 00 65 00 F.r.e.e.C.o.d.e.

2014-11-20 12:02:35,387 - detector - WARNING - Process mbamservice.ex (pid: 2512) matched: Xtreme at address: 0x2504FFDA, Value:

58 00 74 00 72 00 65 00 6d 00 65 00 52 00 41 00 X.t.r.e.m.e.R.A.
54 00 00 00 00 00 4d 5a 00 00 00 01 00 00 a0 28 T.....MZ.......(
4d 73 00 39 00 88 54 00 72 00 6f 00 6a 00 61 00 Ms.9..T.r.o.j.a.
6e 00 2e 00 44 00 72 00 6f 00 70 00 70 00 65 00 n...D.r.o.p.p.e.
72 00 2e 00 58 00 4d 00 4c 00 00 00 00 00 1e 39 r...X.M.L......9
00 00 00 01 00 00 59 17 4d 73 00 ae 00 88 54 00 ......Y.Ms....T.
72 00 6f 00 6a 00 61 00 6e 00 2e 00 44 00 72 00 r.o.j.a.n...D.r.
6f 00 70 00 70 00 65 00 72 00 2e 00 58 00 4d 00 o.p.p.e.r...X.M.
4c 00 00 00 00 00 80 51 0b 00 00 10 00 00 52 17 L......Q......R.
4d 73 00 39 00 80 fe 1c 83 05 69 00 ce 05 14 00 Ms.9......i.....
01 07 02 00 11 00 00 38 37 2c 36 35 2c 32 33 2e .......87,65,23.
65 78 65 00 38 37 2c 36 35 2c 32 33 00 3c 4d 6f exe.87,65,23.<Mo
64 75 6c 65 3e 00 4b 17 4d 73 00 af 00 88 54 00 dule>.K.Ms....T.
72 00 6f 00 6a 00 61 00 6e 00 2e 00 41 00 67 00 r.o.j.a.n...A.g.
65 00 6e 00 74 00 2e 00 4d 00 53 00 4c 00 00 00 e.n.t...M.S.L...
04 00 15 00 00 00 50 14 00 00 10 00 00 00 44 17 ......P.......D.

2014-11-20 12:02:35,387 - detector - WARNING - Process mbamservice.ex (pid: 2512) matched: Xtreme at address: 0x2510AE7A, Value:

58 00 74 00 72 00 65 00 6d 00 65 00 52 00 41 00 X.t.r.e.m.e.R.A.
54 00 73 69 64 65 6e 74 2e 70 64 62 00 00 ec ea T.sident.pdb....
4c 72 81 01 00 80 fb 06 72 76 65 72 00 43 6f 6d Lr......rver.Com
70 69 6c 61 74 69 6f 6e 52 65 6c 61 78 61 74 69 pilationRelaxati
6f 6e 73 00 00 00 e7 ea 4c 72 00 00 00 80 37 07 ons.....Lr....7.
61 64 5f 63 70 6c 2e 63 70 6c 00 43 50 6c 41 70 ad_cpl.cpl.CPlAp
70 6c 65 74 00 2e 65 78 65 00 65 00 44 00 e2 ea plet..exe.e.D...
4c 72 00 00 00 80 23 07 00 20 20 00 00 65 67 6c Lr....#......egl
61 63 2e 65 78 65 00 6e 52 65 6c 61 78 61 74 69 ac.exe.nRelaxati
6f 6e 73 00 0b 25 dd ea 4c 72 00 00 00 80 0a 07 ons..%..Lr......
65 72 76 65 72 2e 65 78 65 00 6d 73 63 6f 72 6c erver.exe.mscorl
69 62 00 67 61 6b 70 68 71 00 5c 00 00 00 d8 ea ib.gakphq.\.....
4c 72 00 96 00 80 c9 06 71 68 6b 2e 64 6c 6c 00 Lr......qhk.dll.
48 6f 6f 6b 4b 42 00 00 00 00 00 00 00 00 18 00 HookKB..........
00 00 81 01 00 00 d3 ea 4c 72 e0 01 00 88 00 77 ........Lr.....w
2e 65 78 65 00 77 00 4d 69 63 72 6f 73 6f 66 74 .exe.w.Microsoft

2014-11-20 12:02:35,388 - detector - WARNING - Process mbamservice.ex (pid: 2512) matched: Xtreme at address: 0x2510AFBA, Value:

58 00 74 00 72 00 65 00 6d 00 65 00 52 00 41 00 X.t.r.e.m.e.R.A.
54 00 00 d7 0b 25 00 00 00 00 00 00 00 00 c4 ea T....%..........
4c 72 00 00 00 80 e2 06 65 72 74 79 00 31 32 33 Lr......erty.123
34 35 00 6a 65 73 75 73 00 65 6c 61 78 61 74 69 45.jesus.elaxati
6f 6e 73 00 00 25 3f e9 4c 72 00 00 00 80 39 00 ons..%?.Lr....9.
73 70 2d 61 74 74 30 31 2e 70 6f 70 33 2e 72 75 sp-att01.pop3.ru
2f 6f 72 6b 5f 72 65 74 2e 6a 70 67 00 00 3a e9 /ork_ret.jpg..:.
4c 72 00 96 00 80 32 07 69 74 68 68 66 64 64 67 Lr....2.ithhfddg
66 64 2e 64 6c 6c 00 61 63 6b 49 00 74 61 6c 6c fd.dll.ackI.tall
2e 65 78 65 00 00 35 e9 4c 72 c9 00 00 80 0f 07 .exe..5.Lr......
00 6d 73 63 6f 72 6c 69 62 00 4d 69 63 72 6f 73 .mscorlib.Micros
6f 66 74 00 00 70 00 68 00 70 00 3f 00 00 30 e9 oft..p.h.p.?..0.
4c 72 81 01 00 80 19 07 53 32 63 73 49 78 4e 52 Lr......S2csIxNR
4f 55 42 33 70 54 6c 6b 39 00 64 2e 65 78 65 00 OUB3pTlk9.d.exe.
00 00 00 00 00 00 2b e9 4c 72 00 00 00 80 1e 07 ......+.Lr......
75 62 2e 65 78 65 00 53 74 75 62 00 6d 73 63 6f ub.exe.Stub.msco

2014-11-20 12:02:35,388 - detector - WARNING - Process mbamservice.ex (pid: 2512) matched: Xtreme at address: 0x251DA874, Value:

58 00 54 00 52 00 45 00 4d 00 45 00 55 00 50 00 X.T.R.E.M.E.U.P.
44 00 41 00 54 00 45 00 00 00 00 5a 00 25 53 79 D.A.T.E....Z.%Sy
73 74 65 6d 52 6f 6f 74 25 25 5c 73 79 73 74 65 stemRoot%%\syste
6d 33 32 5c 62 74 77 5f 6f 6b 6f 2e 64 6c 6c 00 m32\btw_oko.dll.
00 37 00 37 00 37 00 37 00 00 00 00 07 02 4e 73 .7.7.7.7......Ns
00 00 00 88 54 64 26 00 06 00 00 00 00 00 eb 42 ....Td&........B
ff ff 00 00 10 00 00 00 01 00 00 00 10 37 9a 25 .............7.%
38 37 9a 25 40 37 9a 25 74 2e 63 70 05 00 00 00 87.%@7.%t.cp....
00 00 00 00 98 7e 1e 25 00 00 00 00 68 27 1a 01 .....~.%....h'..
ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 3c 02 4e 73 00 00 00 88 5f 78 5f 58 ....<.Ns...._x_X
5f 50 41 53 53 57 4f 52 44 4c 49 53 54 5f 58 5f _PASSWORDLIST_X_
78 5f 00 72 79 70 74 6f 72 5f 62 79 5f 6d 65 5c x_.ryptor_by_me\
52 65 6c 65 61 73 65 5c 53 74 75 62 2e 70 64 62 Release\Stub.pdb
00 4f 49 50 2e 61 62 63 00 4f 58 00 00 00 00 00 .OIP.abc.OX.....
00 00 00 00 00 00 00 00 00 00 00 00 31 02 4e 73 ............1.Ns

2014-11-20 12:02:36,776 - detector - WARNING - Process mbamservice.ex (pid: 2512) matched: Xtreme at address: 0x2583309A, Value:

58 00 74 00 72 00 65 00 6d 00 65 00 52 00 41 00 X.t.r.e.m.e.R.A.
54 00 65 74 45 6e 76 69 72 6f 6e 6d 0f 53 29 fb T.etEnvironm.S).
8f 5d 02 1f 73 57 17 43 6f 6d 6d 61 6e 64 4c 11 .]..sW.CommandL.
07 db 3e 76 65 41 10 54 69 63 6b 14 75 36 4d 6f ..>veA.Tick.u6Mo
e6 ef 75 b7 64 63 65 48 21 6c 1f 65 63 6d 70 95 ..u.dceH!l.ecmp.
00 a0 b5 57 43 76 32 f6 dc ac dd 7a 4c 43 4d 9a ...WCv2....zLCM.
54 18 a3 4d 6e b7 db ed 62 72 9f 79 41 35 45 78 T..Mn...br.yA5Ex
26 54 68 12 61 64 d6 b9 9b db 19 43 06 33 45 76 &Th.ad.....C.3Ev
82 27 53 5c 7e 6c 6b bf 3e 50 6f 36 14 72 a3 56 .'S\~lk.>Po6.r.V
65 72 73 69 db ed b9 56 33 9a 38 bf 6f 63 c1 73 ersi...V3.8.oc.s
b7 ef 2f 60 88 31 4e 61 6d 8a 4c 1b 61 6c d7 7d ../`.1Nam.L.al.}
db 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 a6 a7 ................
81 75 00 00 00 89 6d 79 20 70 68 6f 74 6f 4c 6f .u....my.photoLo

2014-11-20 12:05:37,500 - detector - WARNING - Process WDRulesEngine. (pid: 3028) matched: Xtreme at address: 0x3B2C98A, Value:

58 00 74 00 72 00 65 00 6d 00 65 00 52 00 41 00 X.t.r.e.m.e.R.A.
54 00 00 47 35 2e 23 23 40 29 16 60 58 58 58 58 T..G5.##@).`XXXX
e0 61 61 61 9a c6 f7 ff ff ff ff ff ff ff 00 8c .aaa............
76 c5 9c a4 87 53 3e f9 15 31 a4 e9 ea 38 83 92 v....S>..1...8..
26 35 6d 8b ed f7 13 c9 ae f0 53 3c b9 09 3f 3f &5m.......S<..??
3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f ????????????????
3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 38 00 00 00 ????????????8...
00 00 00 00 00 00 00 00 00 00 00 00 00 00 a6 fa ................
fc 4e 00 00 00 88 47 77 00 58 00 58 5a 00 32 7a .N....Gw.X.XZ.2z
00 00 35 00 56 59 52 49 35 45 37 44 77 59 31 4a ..5.VYRI5E7DwY1J
00 00 3e 00 41 00 40 00 ef 00 4c 0e 00 00 00 53 ..>.A.@...L....S
65 72 76 65 72 2e 70 61 63 6b 65 64 2e 70 61 63 erver.packed.pac
6b 65 64 2e 65 78 65 00 53 65 72 76 65 72 2e 70 ked.exe.Server.p
61 63 6b 65 64 2e 00 00 00 00 00 00 00 00 00 00 acked...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

2014-11-20 12:05:44,359 - detector - WARNING - Process WDRulesEngine. (pid: 3028) matched: Xtreme at address: 0x6964FE48, Value:

58 00 74 00 72 00 65 00 6d 00 65 00 4b 00 65 00 X.t.r.e.m.e.K.e.
79 00 6c 00 6f 00 67 00 67 00 65 00 72 00 00 00 y.l.o.g.g.e.r...
ca a8 86 4e 10 00 00 88 63 b3 5e 5c 27 d2 30 0f ...N....c.^\'.0.
27 d2 30 0f 27 d2 30 0f 00 00 00 00 07 00 00 00 '.0.'.0.........
00 00 00 00 00 00 00 00 d5 a8 86 4e 00 00 00 88 ...........N....
65 00 78 00 65 00 00 17 73 00 76 00 63 00 68 00 e.x.e...s.v.c.h.
6f 00 73 00 74 00 2e 00 65 00 78 00 65 00 00 00 o.s.t...e.x.e...
d0 a8 86 4e 00 00 00 88 48 b6 9f 1a 00 00 00 00 ...N....H.......
0a 00 00 00 10 00 00 00 20 00 00 00 27 00 00 00 ............'...
58 10 00 00 00 00 00 00 db a8 86 4e 00 00 00 88 X..........N....
50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 PADDINGXXPADDING
00 00 00 00 07 00 00 00 00 00 30 00 00 00 00 00 ..........0.....
e6 a8 86 4e 00 b2 00 88 38 b4 9f 1a 47 00 53 00 ...N....8...G.S.
56 00 52 00 33 00 32 00 20 00 00 00 27 00 00 00 V.R.3.2.....'...
00 00 00 00 00 00 00 00 e1 a8 86 4e 00 00 00 88 ...........N....
37 30 63 34 33 38 61 62 00 00 00 00 55 8b ec 51 70c438ab....U..Q

2014-11-20 12:05:50,171 - detector - WARNING - Process WDRulesEngine. (pid: 3028) matched: Xtreme at address: 0x6AFBDE04, Value:

58 74 72 65 6d 65 52 41 54 76 32 2e 39 5c 48 75 XtremeRATv2.9\Hu
6c 6b 6d 6f 64 49 6e 73 74 61 6c 6c 65 72 2e 65 lkmodInstaller.e
78 65 23 23 24 24 23 23 00 6f 66 74 00 3f 70 ef xe##$$##.oft.?p.
b9 68 0d f8 00 00 63 b5 b4 87 1a 95 7f 28 50 c7 .h....c......(P.
43 47 df 3a 20 12 2a fd d7 6d 6b 6d 7b 79 0a 74 CG.:..*..mkm{y.t
8d 80 4c b4 f7 25 af d4 d4 cf 49 5e 98 d2 0c ea ..L..%....I^....
37 bb 03 2b a6 2a fa ce d6 38 9d da 7d b1 d1 e5 7..+.*...8..}...
40 c7 b8 3c 10 75 2d ae 4e 7b 9f f8 4e 33 b5 6e @..<.u-.N{..N3.n
75 6f 8b 1c 11 ec 9c 77 67 1d 9c 91 04 11 e5 f9 uo.....wg.......
01 6e 5a 00 00 2e 46 03 00 f4 f0 a2 63 2a 48 cf .nZ...F.....c*H.
01 54 91 d5 74 2a 48 cf 01 d5 ab db 74 6d fb fa .T..t*H.....tm..
03 b3 88 ff 2b 9f f5 78 8e 35 de ea 0c 78 d2 f9 ....+..x.5...x..
b2 28 9e 55 3f 6a 9f f5 ab a0 24 97 31 b8 23 b1 .(.U?j....$.1.#.
7e 98 5c 08 09 85 f8 d7 b6 84 3c 2e 6f d7 a8 cc ~.\.......<.o...
7d 87 6b a5 b5 2e 24 01 d7 75 2c 70 bb 1d 32 e1 }.k...$..u,p..2.
39 f0 66 47 14 89 ad d9 8f b3 63 4d 00 00 68 00 9.fG......cM..h.

2014-11-20 13:01:53,936 - detector - INFO - Scanning finished
2014-11-20 13:01:53,936 - detector.service - INFO - Trying to stop the winpmem service...
2014-11-20 13:01:53,936 - detector.service - INFO - Trying to delete the winpmem service...
2014-11-20 13:01:53,936 - detector - INFO - Service stopped
2014-11-20 13:01:53,936 - detector - INFO - Analysis finished
2014-11-20 16:36:41,930 - detector - INFO - Starting with process ID 3960
2014-11-20 16:36:41,938 - detector - INFO - Selected Profile Name: Win7SP1x64
2014-11-20 16:36:41,940 - detector - INFO - Selected Driver: C:\Users\Lange\AppData\Local\Temp\_MEI58402\drivers\winpmem64.sys
2014-11-20 16:36:41,940 - detector.service - INFO - Launching service destroyer...
2014-11-20 16:36:41,943 - detector.service - DEBUG - Unable to OpenService: (1060, 'OpenService', 'Der angegebene Dienst ist kein installierter Dienst.')
2014-11-20 16:36:41,943 - detector.service - INFO - Trying to stop the winpmem service...
2014-11-20 16:36:41,943 - detector.service - INFO - Trying to delete the winpmem service...
2014-11-20 16:36:41,944 - detector.service - DEBUG - Unable to delete the service: (6, 'DeleteService', 'Das Handle ist ung\xfcltig.')
2014-11-20 16:36:42,026 - detector.service - INFO - Trying to start the winpmem service...
2014-11-20 16:36:42,089 - detector - INFO - Service started
2014-11-20 16:36:42,091 - detector - INFO - Selected Yara signature file at C:\Users\Lange\AppData\Local\Temp\_MEI58402\rules\signatures.yar
2014-11-20 16:36:42,092 - detector - INFO - Obtaining address space and generating config for volatility
2014-11-20 16:36:43,490 - detector - INFO - Address space: <volatility.plugins.addrspaces.amd64.AMD64PagedMemory object at 0x0B095610>, Base: <volatility.plugins.addrspaces.win32pmem.Win32FileAddressSpace object at 0x0A2C9F70>
2014-11-20 16:36:43,490 - detector - INFO - Profile: <volatility.plugins.overlays.windows.win7.Win7SP1x64 object at 0x041A8030>, DTB: 0x1a7000
2014-11-20 16:36:43,492 - detector - INFO - Starting yara scanner...
2014-11-20 16:58:02,941 - detector - INFO - Starting with process ID 6876
2014-11-20 16:58:02,941 - detector - INFO - Selected Profile Name: Win7SP1x64
2014-11-20 16:58:02,941 - detector - INFO - Selected Driver: C:\Users\Lange\AppData\Local\Temp\_MEI39322\drivers\winpmem64.sys
2014-11-20 16:58:02,941 - detector.service - INFO - Launching service destroyer...
2014-11-20 16:58:02,941 - detector.service - INFO - Trying to stop the winpmem service...
2014-11-20 16:58:02,941 - detector.service - INFO - Trying to delete the winpmem service...
2014-11-20 16:58:03,036 - detector.service - INFO - Trying to start the winpmem service...
2014-11-20 16:58:03,066 - detector - INFO - Service started
2014-11-20 16:58:03,066 - detector - INFO - Selected Yara signature file at C:\Users\Lange\AppData\Local\Temp\_MEI39322\rules\signatures.yar
2014-11-20 16:58:03,066 - detector - INFO - Obtaining address space and generating config for volatility
2014-11-20 16:58:04,181 - detector - INFO - Address space: <volatility.plugins.addrspaces.amd64.AMD64PagedMemory object at 0x0B1B6610>, Base: <volatility.plugins.addrspaces.win32pmem.Win32FileAddressSpace object at 0x0A3AAFF0>
2014-11-20 16:58:04,181 - detector - INFO - Profile: <volatility.plugins.overlays.windows.win7.Win7SP1x64 object at 0x0A3AAF70>, DTB: 0x1a7000
2014-11-20 16:58:04,181 - detector - INFO - Starting yara scanner...
2014-11-20 17:12:08,220 - detector - WARNING - Process mbamservice.ex (pid: 2776) matched: Xtreme at address: 0x1D0160A, Value:

58 00 74 00 72 00 65 00 6d 00 65 00 52 00 41 00 X.t.r.e.m.e.R.A.
54 00 65 74 45 6e 76 69 72 6f 6e 6d 0f 53 29 fb T.etEnvironm.S).
8f 5d 02 1f 73 57 17 43 6f 6d 6d 61 6e 64 4c 11 .]..sW.CommandL.
07 db 3e 76 65 41 10 54 69 63 6b 14 75 36 4d 6f ..>veA.Tick.u6Mo
e6 ef 75 b7 64 63 65 48 21 6c 1f 65 63 6d 70 95 ..u.dceH!l.ecmp.
00 a0 b5 57 43 76 32 f6 dc ac dd 7a 4c 43 4d 9a ...WCv2....zLCM.
54 18 a3 4d 6e b7 db ed 62 72 9f 79 41 35 45 78 T..Mn...br.yA5Ex
26 54 68 12 61 64 d6 b9 9b db 19 43 06 33 45 76 &Th.ad.....C.3Ev
82 27 53 5c 7e 6c 6b bf 3e 50 6f 36 14 72 a3 56 .'S\~lk.>Po6.r.V
65 72 73 69 db ed b9 56 33 9a 38 bf 6f 63 c1 73 ersi...V3.8.oc.s
b7 ef 2f 60 88 31 4e 61 6d 8a 4c 1b 61 6c d7 7d ../`.1Nam.L.al.}
db 00 00 00 00 00 33 36 30 c9 b1 b6 be 00 00 00 ......360.......
00 00 33 36 30 73 64 2e 65 78 65 00 00 00 c8 f0 ..360sd.exe.....
d0 c7 c9 b1 b6 be 00 00 00 00 52 61 76 4d 6f 6e ..........RavMon
44 2e 65 78 65 00 64 79 05 00 49 2f 00 00 4d 71 D.exe.dy..I/..Mq
1a 02 00 00 00 89 4f 55 54 42 52 4f 57 53 45 31 ......OUTBROWSE1

2014-11-20 17:13:20,740 - detector - WARNING - Process mbamservice.ex (pid: 2776) matched: Xtreme at address: 0x1AD28510, Value:

58 00 74 00 72 00 65 00 6d 00 65 00 52 00 41 00 X.t.r.e.m.e.R.A.
54 00 65 00 6d 73 63 6f 72 6c 69 62 00 00 00 00 T.e.mscorlib....
7c a0 ad 3c 00 00 00 88 08 26 b6 1a 00 00 00 00 |..<.....&......
00 00 00 00 00 00 00 00 20 00 00 00 27 00 00 00 ............'...
00 00 00 00 00 00 00 00 71 a0 ad 3c 00 00 00 88 ........q..<....
50 45 00 00 4c 01 03 00 00 00 3f 3f 3f 3f 50 45 PE..L.....????PE
43 4f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CO..............
6a a0 ad 3c 00 00 00 88 10 27 b6 1a d5 81 48 5d j..<.....'....H]
d5 81 48 5d d5 81 48 5d 20 00 00 00 27 00 00 00 ..H]..H]....'...
00 00 00 00 00 00 00 00 6f a0 ad 3c 00 00 00 88 ........o..<....
50 45 00 00 4c 01 03 00 00 00 3f 3f 3f 3f 50 45 PE..L.....????PE
43 4f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CO..............
60 a0 ad 3c 00 00 00 88 68 27 b6 1a 81 ce 80 e4 `..<....h'......
81 ce 80 e4 81 ce 80 e4 20 00 00 00 27 00 00 00 ............'...
00 00 00 00 00 00 00 00 65 a0 ad 3c 00 00 00 88 ........e..<....
d5 32 96 79 ac 17 3e b3 a4 ab 62 50 a3 c3 e0 3d .2.y..>...bP...=

2014-11-20 17:13:20,742 - detector - WARNING - Process mbamservice.ex (pid: 2776) matched: Xtreme at address: 0x1AD44848, Value:

58 00 74 00 72 00 65 00 6d 00 65 00 52 00 41 00 X.t.r.e.m.e.R.A.
54 00 76 00 23 00 2e 00 23 00 20 00 2a 00 20 00 T.v.#...#...*...
49 00 6e 00 73 00 74 00 61 00 6c 00 6c 00 61 00 I.n.s.t.a.l.l.a.
74 00 69 00 6f 00 6e 00 2a 00 00 00 00 00 00 00 t.i.o.n.*.......
73 3a aa 3c 00 00 00 88 58 21 00 00 00 00 97 03 s:.<....X!......
58 21 97 03 57 0d 00 00 00 47 6f 6c 64 20 41 6e X!..W....Gold.An
74 69 76 69 72 75 73 00 47 6f 6c 64 20 41 6e 74 tivirus.Gold.Ant
69 76 69 72 75 73 2e 65 78 65 00 6d 73 63 6f 72 ivirus.exe.mscor
6c 69 62 00 72 75 73 00 78 3a aa 3c 00 00 00 88 lib.rus.x:.<....
a0 60 39 1a 00 00 00 00 00 00 00 00 00 00 00 00 .`9.............
20 00 00 00 27 00 00 00 00 00 00 00 00 00 00 00 ....'...........
58 62 39 1a 00 00 00 00 00 00 00 00 00 00 00 00 Xb9.............
20 00 00 00 27 00 00 00 00 00 00 00 00 00 00 00 ....'...........
41 3a aa 3c 00 00 00 88 40 6a 39 1a 00 00 00 00 A:.<....@j9.....
00 00 00 00 00 00 00 00 20 00 00 00 27 00 00 00 ............'...
00 00 00 00 00 00 00 00 78 66 39 1a 00 00 00 00 ........xf9.....

2014-11-20 17:14:17,286 - detector - WARNING - Process mbamservice.ex (pid: 2776) matched: Xtreme at address: 0x19A89D28, Value:

58 00 74 00 72 00 65 00 6d 00 65 00 4b 00 65 00 X.t.r.e.m.e.K.e.
79 00 6c 00 6f 00 67 00 67 00 65 00 72 00 00 00 y.l.o.g.g.e.r...
db 62 af 3c 00 00 00 88 38 0b 72 1a 63 00 72 00 .b.<....8.r.c.r.
6f 00 3f 00 6f 00 66 00 20 00 00 00 27 00 00 00 o.?.o.f.....'...
6f 73 6f 66 00 00 00 00 dc 62 af 3c 03 00 00 88 osof.....b.<....
72 00 65 00 76 00 69 00 65 00 77 00 6e 00 73 00 r.e.v.i.e.w.n.s.
00 00 00 00 07 00 00 00 45 00 00 00 00 00 00 00 ........E.......
c1 62 af 3c 00 00 00 88 4a c7 bc f4 0e a6 d2 a7 .b.<....J.......
0e a6 d2 a7 0e a6 d2 a7 00 00 32 00 38 00 00 00 ..........2.8...
00 00 32 00 00 00 00 00 ca 62 af 3c 08 00 00 88 ..2......b.<....
50 00 45 00 53 00 48 00 69 00 45 00 4c 00 44 00 P.E.S.H.i.E.L.D.
00 00 00 00 07 00 00 00 00 00 00 00 00 00 00 00 ................
cf 62 af 3c 00 00 00 88 25 00 55 00 4e 00 4b 00 .b.<....%.U.N.K.
4e 00 4f 00 57 00 4e 00 25 00 00 00 07 00 00 00 N.O.W.N.%.......
07 00 00 00 00 00 00 00 b0 62 af 3c 07 00 00 88 .........b.<....
8b 6b 71 ec cf 0a 1f bf cf 0a 1f bf cf 0a 1f bf .kq.............

2014-11-20 17:14:36,539 - detector - WARNING - Process mbamservice.ex (pid: 2776) matched: Xtreme at address: 0x1BDAE098, Value:

58 00 74 00 72 00 65 00 6d 00 65 00 52 00 41 00 X.t.r.e.m.e.R.A.
54 00 2e 00 65 00 78 00 65 00 00 00 00 00 00 00 T...e.x.e.......
1d 2c f8 3c 00 00 00 88 53 00 6d 00 61 00 72 00 .,.<....S.m.a.r.
74 00 54 00 69 00 70 00 3f 00 2e 00 65 00 78 00 t.T.i.p.?...e.x.
65 00 00 00 00 00 00 00 16 2c f8 3c 00 00 00 88 e........,.<....
18 bc 83 6a 44 59 81 6a fc b1 82 6a 8d 69 82 6a ...jDY.j...j.i.j
6e 98 00 00 00 00 00 00 00 00 00 00 00 00 00 00 n...............
2b 2c f8 3c 00 00 00 88 2a 00 6d 00 77 00 69 00 +,.<....*.m.w.i.
6e 00 73 00 65 00 61 00 72 00 63 00 68 00 2a 00 n.s.e.a.r.c.h.*.
00 00 00 00 00 00 00 00 2c 2c f8 3c 00 00 00 88 ........,,.<....
73 00 65 00 61 00 72 00 63 00 68 00 5f 00 3f 00 s.e.a.r.c.h._.?.
3f 00 2e 00 65 00 78 00 65 00 00 00 00 00 00 00 ?...e.x.e.......
21 2c f8 3c 00 00 00 88 57 00 54 00 6f 00 6f 00 !,.<....W.T.o.o.
6c 00 2e 00 44 00 4c 00 4c 00 00 00 00 00 00 00 l...D.L.L.......
00 00 00 00 00 00 00 00 3a 2c f8 3c 00 00 00 88 ........:,.<....
57 00 54 00 6f 00 6f 00 6c 00 5f 00 44 00 41 00 W.T.o.o.l._.D.A.

2014-11-20 17:14:36,542 - detector - WARNING - Process mbamservice.ex (pid: 2776) matched: Xtreme at address: 0x1C000E90, Value:

58 00 74 00 72 00 65 00 6d 00 65 00 52 00 41 00 X.t.r.e.m.e.R.A.
54 00 2a 00 2e 00 65 00 78 00 65 00 00 00 00 00 T.*...e.x.e.....
24 4a 77 3c 00 00 00 88 72 00 65 00 64 00 70 00 $Jw<....r.e.d.p.
6f 00 77 00 65 00 72 00 00 00 00 00 00 00 00 00 o.w.e.r.........
00 00 00 00 00 00 00 00 29 4a 77 3c 00 00 00 88 ........)Jw<....
4b 00 65 00 79 00 4c 00 6f 00 67 00 67 00 65 00 K.e.y.L.o.g.g.e.
72 00 20 00 3f 00 3f 00 2e 00 00 00 00 00 00 00 r...?.?.........
12 4a 77 3c 00 00 00 88 41 6c 70 68 61 30 2e 70 .Jw<....Alpha0.p
67 6d 2c 41 6c 70 68 61 31 2e 70 67 6d 00 00 00 gm,Alpha1.pgm...
00 00 00 00 00 00 00 00 17 4a 77 3c 00 00 00 88 .........Jw<....
8d 35 3f 3f 3f 3f 40 00 6a 3f 3f 59 f3 3f 3f ff .5????@.j??Y.??.
57 fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 W...............
18 4a 77 3c 00 00 00 88 66 63 33 44 53 65 78 56 .Jw<....fc3DSexV
69 6c 6c 61 2e 64 6c 6c 00 00 00 00 00 00 00 00 illa.dll........
00 00 00 00 00 00 00 00 1d 4a 77 3c 00 00 00 88 .........Jw<....
46 00 72 00 65 00 65 00 43 00 6f 00 64 00 65 00 F.r.e.e.C.o.d.e.

2014-11-20 17:15:34,407 - detector - WARNING - Process mbamservice.ex (pid: 2776) matched: Xtreme at address: 0x24D5CC84, Value:

58 74 72 65 6d 65 52 41 54 76 32 2e 39 5c 48 75 XtremeRATv2.9\Hu
6c 6b 6d 6f 64 49 6e 73 74 61 6c 6c 65 72 2e 65 lkmodInstaller.e
78 65 23 23 24 24 23 23 00 00 00 00 94 3e 96 06 xe##$$##.....>..
00 00 00 80 7d 03 66 00 38 00 36 00 36 00 32 00 ....}.f.8.6.6.2.
38 00 38 00 35 00 35 00 36 00 37 00 62 00 66 00 8.8.5.5.6.7.b.f.
30 00 36 00 61 00 33 00 66 00 39 00 31 00 64 00 0.6.a.3.f.9.1.d.
30 00 65 00 31 00 36 00 66 00 62 00 31 00 30 00 0.e.1.6.f.b.1.0.
32 00 32 00 00 00 32 00 34 00 58 00 6e 00 62 00 2.2...2.4.X.n.b.
70 00 00 00 a3 3e 96 06 00 49 00 88 31 2e 30 2e p....>...I..1.0.
30 2e 30 00 00 29 01 00 24 35 34 65 39 31 36 61 0.0..)..$54e916a
37 2d 36 62 37 63 2d 34 39 61 39 2d 61 65 39 65 7-6b7c-49a9-ae9e
2d 35 33 63 38 62 35 38 38 38 39 64 62 00 00 17 -53c8b58889db...
01 00 12 43 6f 70 79 72 69 67 68 74 20 c2 a9 20 ...Copyright....
20 32 30 31 34 00 58 00 45 00 00 00 ae 3e 96 06 .2014.X.E....>..
00 00 00 80 93 03 31 00 37 00 62 00 61 00 38 00 ......1.7.b.a.8.
62 00 65 00 32 00 36 00 35 00 66 00 36 00 35 00 b.e.2.6.5.f.6.5.

2014-11-20 17:15:34,407 - detector - WARNING - Process mbamservice.ex (pid: 2776) matched: Xtreme at address: 0x24F48C3A, Value:

58 00 74 00 72 00 65 00 6d 00 65 00 52 00 41 00 X.t.r.e.m.e.R.A.
54 00 73 69 64 65 6e 74 2e 70 64 62 00 00 d9 ee T.sident.pdb....
99 06 00 00 00 80 d4 0f 72 76 65 72 00 43 6f 6d ........rver.Com
70 69 6c 61 74 69 6f 6e 52 65 6c 61 78 61 74 69 pilationRelaxati
6f 6e 73 00 00 00 c2 ee 99 06 00 00 00 80 10 10 ons.............
61 64 5f 63 70 6c 2e 63 70 6c 00 43 50 6c 41 70 ad_cpl.cpl.CPlAp
70 6c 65 74 00 2e 65 78 65 00 65 00 44 00 c7 ee plet..exe.e.D...
99 06 00 00 00 80 fc 0f 00 20 20 00 00 65 67 6c .............egl
61 63 2e 65 78 65 00 6e 52 65 6c 61 78 61 74 69 ac.exe.nRelaxati
6f 6e 73 00 00 00 c8 ee 99 06 00 00 00 80 e3 0f ons.............
65 72 76 65 72 2e 65 78 65 00 6d 73 63 6f 72 6c erver.exe.mscorl
69 62 00 67 61 6b 70 68 71 00 5c 00 00 00 cd ee ib.gakphq.\.....
99 06 00 00 00 80 a2 0f 71 68 6b 2e 64 6c 6c 00 ........qhk.dll.
48 6f 6f 6b 4b 42 00 00 00 00 00 00 00 00 00 00 HookKB..........
00 00 00 00 00 00 f6 ee 99 06 00 00 00 80 bb 0f ................
65 72 76 65 72 2e 65 78 65 00 6d 73 63 6f 72 6c erver.exe.mscorl

2014-11-20 17:15:34,407 - detector - WARNING - Process mbamservice.ex (pid: 2776) matched: Xtreme at address: 0x24F48D7A, Value:

58 00 74 00 72 00 65 00 6d 00 65 00 52 00 41 00 X.t.r.e.m.e.R.A.
54 00 00 00 00 00 00 00 00 00 00 00 00 00 e1 ee T...............
99 06 00 00 00 80 c5 0f 65 72 74 79 00 31 32 33 ........erty.123
34 35 00 6a 65 73 75 73 00 65 6c 61 78 61 74 69 45.jesus.elaxati
6f 6e 73 00 00 00 ea ee 99 06 00 00 00 80 12 09 ons.............
73 70 2d 61 74 74 30 31 2e 70 6f 70 33 2e 72 75 sp-att01.pop3.ru
2f 6f 72 6b 5f 72 65 74 2e 6a 70 67 00 00 ef ee /ork_ret.jpg....
99 06 00 00 00 80 0b 10 69 74 68 68 66 64 64 67 ........ithhfddg
66 64 2e 64 6c 6c 00 61 63 6b 49 00 74 61 6c 6c fd.dll.ackI.tall
2e 65 78 65 00 00 90 ee 99 06 00 00 00 80 e8 0f .exe............
00 6d 73 63 6f 72 6c 69 62 00 4d 69 63 72 6f 73 .mscorlib.Micros
6f 66 74 00 00 70 00 68 00 70 00 3f 00 00 95 ee oft..p.h.p.?....
99 06 00 00 00 80 f2 0f 53 32 63 73 49 78 4e 52 ........S2csIxNR
4f 55 42 33 70 54 6c 6b 39 00 64 2e 65 78 65 00 OUB3pTlk9.d.exe.
00 00 00 00 00 00 9e ee 99 06 00 00 00 80 82 1b ................
75 62 2e 65 78 65 00 53 74 75 62 00 6d 73 63 6f ub.exe.Stub.msco

2014-11-20 17:15:34,408 - detector - WARNING - Process mbamservice.ex (pid: 2776) matched: Xtreme at address: 0x24FBB052, Value:

58 00 74 00 72 00 65 00 6d 00 65 00 52 00 41 00 X.t.r.e.m.e.R.A.
54 00 00 47 35 2e 23 23 40 29 16 60 58 58 58 58 T..G5.##@).`XXXX
e0 61 61 61 9a c6 f7 ff ff ff ff ff ff ff 00 8c .aaa............
76 c5 9c a4 87 53 3e f9 15 31 a4 e9 ea 38 83 92 v....S>..1...8..
26 35 6d 8b ed f7 13 c9 ae f0 53 3c b9 09 3f 3f &5m.......S<..??
3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f ????????????????
3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 38 00 00 00 ????????????8...
00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 ca ................
ac 06 00 00 00 88 47 77 00 58 00 58 5a 00 32 7a ......Gw.X.XZ.2z
00 00 35 00 56 59 52 49 35 45 37 44 77 59 31 4a ..5.VYRI5E7DwY1J
00 00 3e 00 41 00 40 00 ef 00 4c 0e 00 00 00 53 ..>.A.@...L....S
65 72 76 65 72 2e 70 61 63 6b 65 64 2e 70 61 63 erver.packed.pac
6b 65 64 2e 65 78 65 00 53 65 72 76 65 72 2e 70 ked.exe.Server.p
61 63 6b 65 64 2e 00 00 00 00 00 00 00 00 00 00 acked...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

2014-11-20 17:15:34,410 - detector - WARNING - Process mbamservice.ex (pid: 2776) matched: Xtreme at address: 0x24F95E2C, Value:

58 00 54 00 52 00 45 00 4d 00 45 00 55 00 50 00 X.T.R.E.M.E.U.P.
44 00 41 00 54 00 45 00 00 00 00 5a 00 25 53 79 D.A.T.E....Z.%Sy
73 74 65 6d 52 6f 6f 74 25 25 5c 73 79 73 74 65 stemRoot%%\syste
6d 33 32 5c 62 74 77 5f 6f 6b 6f 2e 64 6c 6c 00 m32\btw_oko.dll.
00 37 00 37 00 37 00 37 00 00 00 00 e5 97 ac 06 .7.7.7.7........
00 00 00 88 31 39 35 2e 32 35 2e 31 39 30 2e 31 ....195.25.190.1
38 30 2f 70 63 6c 74 67 2f 66 72 2f 31 2e 65 78 80/pcltg/fr/1.ex
65 00 74 2e 70 68 70 00 5c 49 64 48 54 54 50 2e e.t.php.\IdHTTP.
70 61 73 00 00 10 00 00 00 00 6a 00 ff 15 98 f8 pas.......j.....
09 10 cc cc 00 38 35 36 62 65 31 36 33 38 30 66 .....856be16380f
30 30 34 00 f0 97 ac 06 00 00 00 80 a9 03 63 64 004...........cd
6a 69 77 6d 63 73 8b c0 55 8b ec 81 c4 04 f0 ff jiwmcs..U.......
ff 50 81 c4 00 72 6b 00 6e 6f 66 64 6f 67 7a 00 .P...rk.nofdogz.
72 74 4b 65 79 4c 6f 67 48 6f 6f 6b 69 6e 67 00 rtKeyLogHooking.
53 74 6f 70 4b 65 79 4c 6f 67 48 6f 6f 6b 69 6e StopKeyLogHookin
67 00 32 00 9c fe 1b 9d 6d 0e 79 00 cf 97 ac 06 g.2.....m.y.....

2014-11-20 17:49:31,029 - detector - INFO - Starting with process ID 4984
2014-11-20 17:49:31,029 - detector - INFO - Selected Profile Name: Win7SP1x64
2014-11-20 17:49:31,029 - detector - INFO - Selected Driver: C:\Users\Lange\AppData\Local\Temp\_MEI86042\drivers\winpmem64.sys
2014-11-20 17:49:31,029 - detector.service - INFO - Launching service destroyer...
2014-11-20 17:49:31,029 - detector.service - INFO - Trying to stop the winpmem service...
2014-11-20 17:49:31,029 - detector.service - INFO - Trying to delete the winpmem service...
2014-11-20 17:49:31,341 - detector.service - INFO - Trying to start the winpmem service...
2014-11-20 17:49:31,388 - detector - INFO - Service started
2014-11-20 17:49:31,388 - detector - INFO - Selected Yara signature file at C:\Users\Lange\AppData\Local\Temp\_MEI86042\rules\signatures.yar
2014-11-20 17:49:31,388 - detector - INFO - Obtaining address space and generating config for volatility
2014-11-20 17:49:32,792 - detector - INFO - Address space: <volatility.plugins.addrspaces.amd64.AMD64PagedMemory object at 0x0AEBC5D0>, Base: <volatility.plugins.addrspaces.win32pmem.Win32FileAddressSpace object at 0x0A0EBD10>
2014-11-20 17:49:32,792 - detector - INFO - Profile: <volatility.plugins.overlays.windows.win7.Win7SP1x64 object at 0x0A0F1190>, DTB: 0x1a7000
2014-11-20 17:49:32,792 - detector - INFO - Starting yara scanner...
2014-11-20 18:04:48,691 - detector - WARNING - Process mbamservice.ex (pid: 3124) matched: Xtreme at address: 0x1ADFE678, Value:

58 00 74 00 72 00 65 00 6d 00 65 00 52 00 41 00 X.t.r.e.m.e.R.A.
54 00 23 00 00 00 00 00 00 00 00 00 00 00 00 00 T.#.............
17 df 11 59 00 00 00 88 88 06 da 1a 00 00 00 00 ...Y............
00 00 00 00 00 00 00 00 20 00 00 00 27 00 00 00 ............'...
00 00 00 00 00 00 00 00 1c df 11 59 00 00 00 88 ...........Y....
50 45 00 00 4c 01 03 00 00 00 3f 3f 3f 3f 50 45 PE..L.....????PE
43 4f 00 00 07 00 00 00 00 00 00 00 00 00 00 00 CO..............
19 df 11 59 00 00 00 88 90 07 da 1a 00 00 00 00 ...Y............
00 00 00 00 00 00 00 00 20 00 00 00 27 00 00 00 ............'...
00 00 00 00 00 00 00 00 26 df 11 59 00 00 00 88 ........&..Y....
50 45 00 00 4c 01 03 00 00 00 3f 3f 3f 3f 50 45 PE..L.....????PE
43 4f 00 00 07 00 00 00 00 00 00 00 00 00 00 00 CO..............
23 df 11 59 00 00 00 88 e8 07 da 1a 00 00 00 00 #..Y............
00 00 00 00 00 00 00 00 20 00 00 00 27 00 00 00 ............'...
00 00 00 00 00 00 00 00 28 df 11 59 00 00 00 88 ........(..Y....
d5 32 96 79 ac 17 3e b3 a4 ab 62 50 a3 c3 e0 3d .2.y..>...bP...=

2014-11-20 18:04:48,693 - detector - WARNING - Process mbamservice.ex (pid: 3124) matched: Xtreme at address: 0x1AED30D0, Value:

58 00 74 00 72 00 65 00 6d 00 65 00 52 00 41 00 X.t.r.e.m.e.R.A.
54 00 76 00 23 00 2e 00 23 00 20 00 2a 00 20 00 T.v.#...#...*...
49 00 6e 00 73 00 74 00 61 00 6c 00 6c 00 61 00 I.n.s.t.a.l.l.a.
74 00 69 00 6f 00 6e 00 2a 00 00 00 00 00 00 00 t.i.o.n.*.......
06 2a f2 59 00 00 00 88 58 21 00 00 00 00 97 03 .*.Y....X!......
58 21 97 03 57 0d 00 00 00 47 6f 6c 64 20 41 6e X!..W....Gold.An
74 69 76 69 72 75 73 00 47 6f 6c 64 20 41 6e 74 tivirus.Gold.Ant
69 76 69 72 75 73 2e 65 78 65 00 6d 73 63 6f 72 ivirus.exe.mscor
6c 69 62 00 72 75 73 00 0f 2a f2 59 00 00 00 88 lib.rus..*.Y....
80 f3 04 1a 00 00 00 00 00 00 00 00 00 00 00 00 ................
20 00 00 00 27 00 00 00 00 00 00 00 00 00 00 00 ....'...........
68 c4 04 1a 00 00 00 00 00 00 00 00 00 00 00 00 h...............
20 00 00 00 27 00 00 00 00 00 00 00 00 00 00 00 ....'...........
10 2a f2 59 00 00 00 88 c8 44 03 1a 00 00 00 00 .*.Y.....D......
00 00 00 00 00 00 00 00 20 00 00 00 27 00 00 00 ............'...
00 00 00 00 00 00 00 00 d8 fe 04 1a 00 00 00 00 ................

2014-11-20 18:04:51,424 - detector - WARNING - Process mbamservice.ex (pid: 3124) matched: Xtreme at address: 0x19951DC8, Value:

58 00 74 00 72 00 65 00 6d 00 65 00 4b 00 65 00 X.t.r.e.m.e.K.e.
79 00 6c 00 6f 00 67 00 67 00 65 00 72 00 00 00 y.l.o.g.g.e.r...
51 e5 93 59 00 00 00 88 a0 e7 58 1a 44 00 2e 00 Q..Y......X.D...
45 00 58 00 45 00 00 00 20 00 00 00 27 00 00 00 E.X.E.......'...
65 00 78 00 00 00 00 00 2e e5 93 59 07 00 00 88 e.x........Y....
a8 e8 58 1a 45 f8 33 c5 89 45 e4 53 56 57 50 8d ..X.E.3..E.SVWP.
20 00 00 00 27 00 00 00 00 00 00 00 00 00 00 00 ....'...........
2b e5 93 59 00 00 00 88 37 30 63 34 33 38 61 62 +..Y....70c438ab
00 00 00 00 55 8b ec 51 c6 45 ff 02 8a 45 ff 59 ....U..Q.E...E.Y
00 00 25 00 00 00 00 00 20 e5 93 59 07 00 00 88 ..%........Y....
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 32 00 38 00 00 00 00 00 5a 00 42 00 00 00 ..2.8.....Z.B...
3d e5 93 59 00 00 00 88 d3 9d 61 26 97 fc 0f 75 =..Y......a&...u
97 fc 0f 75 97 fc 0f 75 00 00 00 00 07 00 00 00 ...u...u........
00 00 00 00 00 00 00 00 3a e5 93 59 00 00 00 88 ........:..Y....
d8 00 7e 19 30 00 30 00 30 00 33 00 30 00 30 00 ..~.0.0.0.3.0.0.

2014-11-20 18:04:55,693 - detector - WARNING - Process mbamservice.ex (pid: 3124) matched: Xtreme at address: 0x1BED62D0, Value:

58 00 74 00 72 00 65 00 6d 00 65 00 52 00 41 00 X.t.r.e.m.e.R.A.
54 00 2e 00 65 00 78 00 65 00 00 00 00 00 00 00 T...e.x.e.......
1a 86 8e 5a 00 00 00 88 53 00 6d 00 61 00 72 00 ...Z....S.m.a.r.
74 00 54 00 69 00 70 00 3f 00 2e 00 65 00 78 00 t.T.i.p.?...e.x.
65 00 00 00 00 00 00 00 27 86 8e 5a 00 00 00 88 e.......'..Z....
18 bc 83 6a 44 59 81 6a fc b1 82 6a 8d 69 82 6a ...jDY.j...j.i.j
6e 98 00 00 00 00 00 00 00 00 00 00 00 00 00 00 n...............
2c 86 8e 5a 00 00 00 88 2a 00 6d 00 77 00 69 00 ,..Z....*.m.w.i.
6e 00 73 00 65 00 61 00 72 00 63 00 68 00 2a 00 n.s.e.a.r.c.h.*.
00 00 00 00 00 00 00 00 29 86 8e 5a 00 00 00 88 ........)..Z....
73 00 65 00 61 00 72 00 63 00 68 00 5f 00 3f 00 s.e.a.r.c.h._.?.
3f 00 2e 00 65 00 78 00 65 00 00 00 00 00 00 00 ?...e.x.e.......
36 86 8e 5a 00 00 00 88 57 00 54 00 6f 00 6f 00 6..Z....W.T.o.o.
6c 00 2e 00 44 00 4c 00 4c 00 00 00 00 00 00 00 l...D.L.L.......
00 00 00 00 00 00 00 00 33 86 8e 5a 00 00 00 88 ........3..Z....
57 00 54 00 6f 00 6f 00 6c 00 5f 00 44 00 41 00 W.T.o.o.l._.D.A.

2014-11-20 18:04:55,693 - detector - WARNING - Process mbamservice.ex (pid: 3124) matched: Xtreme at address: 0x1C1110C8, Value:

58 00 74 00 72 00 65 00 6d 00 65 00 52 00 41 00 X.t.r.e.m.e.R.A.
54 00 2a 00 2e 00 65 00 78 00 65 00 00 00 00 00 T.*...e.x.e.....
59 09 71 5a 00 00 00 88 72 00 65 00 64 00 70 00 Y.qZ....r.e.d.p.
6f 00 77 00 65 00 72 00 00 00 00 00 00 00 00 00 o.w.e.r.........
00 00 00 00 00 00 00 00 66 09 71 5a 00 00 00 88 ........f.qZ....
4b 00 65 00 79 00 4c 00 6f 00 67 00 67 00 65 00 K.e.y.L.o.g.g.e.
72 00 20 00 3f 00 3f 00 2e 00 00 00 00 00 00 00 r...?.?.........
63 09 71 5a 00 00 00 88 41 6c 70 68 61 30 2e 70 c.qZ....Alpha0.p
67 6d 2c 41 6c 70 68 61 31 2e 70 67 6d 00 00 00 gm,Alpha1.pgm...
00 00 00 00 00 00 00 00 68 09 71 5a 00 00 00 88 ........h.qZ....
8d 35 3f 3f 3f 3f 40 00 6a 3f 3f 59 f3 3f 3f ff .5????@.j??Y.??.
57 fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 W...............
75 09 71 5a 00 00 00 88 66 63 33 44 53 65 78 56 u.qZ....fc3DSexV
69 6c 6c 61 2e 64 6c 6c 00 00 00 00 00 00 00 00 illa.dll........
00 00 00 00 00 00 00 00 72 09 71 5a 00 00 00 88 ........r.qZ....
46 00 72 00 65 00 65 00 43 00 6f 00 64 00 65 00 F.r.e.e.C.o.d.e.

2014-11-20 18:05:18,529 - detector - WARNING - Process mbamservice.ex (pid: 3124) matched: Xtreme at address: 0x1EE71DFC, Value:

58 74 72 65 6d 65 52 41 54 76 32 2e 39 5c 48 75 XtremeRATv2.9\Hu
6c 6b 6d 6f 64 49 6e 73 74 61 6c 6c 65 72 2e 65 lkmodInstaller.e
78 65 23 23 24 24 23 23 00 00 00 00 a1 6d 9d 5c xe##$$##.....m.\
00 00 00 80 7c 12 77 2e 77 69 73 64 6f 6d 34 38 ....|.w.wisdom48
39 39 2e 6e 65 74 3a 32 30 31 33 00 3d 00 46 00 99.net:2013.=.F.
4f 00 55 00 4e 00 44 00 2e 00 30 00 30 00 37 00 O.U.N.D...0.0.7.
2e 00 65 00 78 00 65 00 3f 51 51 6c 6f 67 0f 0e ..e.x.e.?QQlog..
31 0f 5c 2b 00 c0 03 00 00 90 00 15 00 53 48 44 1.\+.........SHD
6f 00 00 00 b4 6d 9d 5c 00 00 00 88 46 44 53 77 o....m.\....FDSw
68 72 33 33 37 36 37 39 35 72 33 34 6a 6b 6f 68 hr3376795r34jkoh
35 6f 69 33 68 35 33 34 69 2e 63 70 6c 00 43 50 5oi3h534i.cpl.CP
6c 41 70 70 6c 65 74 00 6c 41 70 70 6c 65 74 00 lApplet.lApplet.
00 c0 14 00 0c 00 00 00 bd 31 00 00 00 00 74 00 .........1....t.
4e 00 61 00 00 2a 86 48 86 00 00 00 bf 6d 9d 5c N.a..*.H.....m.\
00 00 00 88 43 72 79 70 74 65 64 00 43 72 79 70 ....Crypted.Cryp
74 65 64 2e 65 78 65 00 6d 73 63 6f 72 6c 69 62 ted.exe.mscorlib

2014-11-20 18:05:47,605 - detector - WARNING - Process mbamservice.ex (pid: 3124) matched: Xtreme at address: 0x2590DBE2, Value:

58 00 74 00 72 00 65 00 6d 00 65 00 52 00 41 00 X.t.r.e.m.e.R.A.
54 00 65 74 45 6e 76 69 72 6f 6e 6d 0f 53 29 fb T.etEnvironm.S).
8f 5d 02 1f 73 57 17 43 6f 6d 6d 61 6e 64 4c 11 .]..sW.CommandL.
07 db 3e 76 65 41 10 54 69 63 6b 14 75 36 4d 6f ..>veA.Tick.u6Mo
e6 ef 75 b7 64 63 65 48 21 6c 1f 65 63 6d 70 95 ..u.dceH!l.ecmp.
00 a0 b5 57 43 76 32 f6 dc ac dd 7a 4c 43 4d 9a ...WCv2....zLCM.
54 18 a3 4d 6e b7 db ed 62 72 9f 79 41 35 45 78 T..Mn...br.yA5Ex
26 54 68 12 61 64 d6 b9 9b db 19 43 06 33 45 76 &Th.ad.....C.3Ev
82 27 53 5c 7e 6c 6b bf 3e 50 6f 36 14 72 a3 56 .'S\~lk.>Po6.r.V
65 72 73 69 db ed b9 56 33 9a 38 bf 6f 63 c1 73 ersi...V3.8.oc.s
b7 ef 2f 60 88 31 4e 61 6d 8a 4c 1b 61 6c d7 7d ../`.1Nam.L.al.}
db 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 33 ...............3
f4 62 00 00 00 89 6d 79 20 70 68 6f 74 6f 4c 6f .b....my.photoLo

2014-11-20 18:05:53,723 - detector - WARNING - Process mbamservice.ex (pid: 3124) matched: Xtreme at address: 0x25121C14, Value:

58 00 54 00 52 00 45 00 4d 00 45 00 55 00 50 00 X.T.R.E.M.E.U.P.
44 00 41 00 54 00 45 00 00 00 00 5a 00 25 53 79 D.A.T.E....Z.%Sy
73 74 65 6d 52 6f 6f 74 25 25 5c 73 79 73 74 65 stemRoot%%\syste
6d 33 32 5c 62 74 77 5f 6f 6b 6f 2e 64 6c 6c 00 m32\btw_oko.dll.
00 37 00 37 00 37 00 37 00 00 00 00 08 f9 6f 62 .7.7.7.7......ob
00 00 00 80 ef 2a 6f 64 75 6c 65 3e 00 43 53 47 .....*odule>.CSG
4f 20 69 74 65 6d 20 67 65 6e 65 72 61 74 6f 72 O.item.generator
20 32 30 31 34 2e 65 78 65 00 50 72 6f 67 72 61 .2014.exe.Progra
6d 00 4a 74 53 67 71 63 45 6b 6e 72 65 6d 52 68 m.JtSgqcEknremRh
45 58 63 00 54 67 4f 4b 71 44 66 46 78 53 52 50 EXc.TgOKqDfFxSRP
00 00 00 00 13 f9 6f 62 00 00 00 88 5f 78 5f 58 ......ob...._x_X
5f 50 41 53 53 57 4f 52 44 4c 49 53 54 5f 58 5f _PASSWORDLIST_X_
78 5f 00 72 79 70 74 6f 72 5f 62 79 5f 6d 65 5c x_.ryptor_by_me\
52 65 6c 65 61 73 65 5c 53 74 75 62 2e 70 64 62 Release\Stub.pdb
00 4f 49 50 2e 61 62 63 00 4f 58 00 00 da 04 00 .OIP.abc.OX.....
04 00 00 00 90 ad 00 00 00 25 13 25 26 f9 6f 62 .........%.%&.ob

2014-11-20 18:05:55,160 - detector - WARNING - Process mbamservice.ex (pid: 3124) matched: Xtreme at address: 0x251F7DC2, Value:

58 00 74 00 72 00 65 00 6d 00 65 00 52 00 41 00 X.t.r.e.m.e.R.A.
54 00 73 69 64 65 6e 74 2e 70 64 62 00 00 58 55 T.sident.pdb..XU
6e 62 00 00 00 80 29 10 72 76 65 72 00 43 6f 6d nb....).rver.Com
70 69 6c 61 74 69 6f 6e 52 65 6c 61 78 61 74 69 pilationRelaxati
6f 6e 73 00 00 00 25 55 6e 62 00 00 00 80 65 10 ons...%Unb....e.
61 64 5f 63 70 6c 2e 63 70 6c 00 43 50 6c 41 70 ad_cpl.cpl.CPlAp
70 6c 65 74 00 2e 65 78 65 00 65 00 44 00 22 55 plet..exe.e.D."U
6e 62 00 00 00 80 51 10 00 20 20 00 00 65 67 6c nb....Q......egl
61 63 2e 65 78 65 00 6e 52 65 6c 61 78 61 74 69 ac.exe.nRelaxati
6f 6e 73 00 00 00 2f 55 6e 62 00 00 00 80 38 10 ons.../Unb....8.
65 72 76 65 72 2e 65 78 65 00 6d 73 63 6f 72 6c erver.exe.mscorl
69 62 00 67 61 6b 70 68 71 00 5c 00 00 00 34 55 ib.gakphq.\...4U
6e 62 00 00 00 80 f7 0f 71 68 6b 2e 64 6c 6c 00 nb......qhk.dll.
48 6f 6f 6b 4b 42 00 00 00 00 00 00 00 00 00 00 HookKB..........
00 00 00 00 00 00 31 55 6e 62 00 00 00 80 10 10 ......1Unb......
65 72 76 65 72 2e 65 78 65 00 6d 73 63 6f 72 6c erver.exe.mscorl

2014-11-20 18:05:55,160 - detector - WARNING - Process mbamservice.ex (pid: 3124) matched: Xtreme at address: 0x251F7F02, Value:

58 00 74 00 72 00 65 00 6d 00 65 00 52 00 41 00 X.t.r.e.m.e.R.A.
54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 T..............U
6e 62 00 00 00 80 1a 10 65 72 74 79 00 31 32 33 nb......erty.123
34 35 00 6a 65 73 75 73 00 65 6c 61 78 61 74 69 45.jesus.elaxati
6f 6e 73 00 00 00 0d 55 6e 62 00 00 00 80 67 09 ons....Unb....g.
73 70 2d 61 74 74 30 31 2e 70 6f 70 33 2e 72 75 sp-att01.pop3.ru
2f 6f 72 6b 5f 72 65 74 2e 6a 70 67 00 00 0a 55 /ork_ret.jpg...U
6e 62 00 00 00 80 60 10 69 74 68 68 66 64 64 67 nb....`.ithhfddg
66 64 2e 64 6c 6c 00 61 63 6b 49 00 74 61 6c 6c fd.dll.ackI.tall
2e 65 78 65 00 00 17 55 6e 62 00 00 00 80 3d 10 .exe...Unb....=.
00 6d 73 63 6f 72 6c 69 62 00 4d 69 63 72 6f 73 .mscorlib.Micros
6f 66 74 00 00 70 00 68 00 70 00 3f 00 00 1c 55 oft..p.h.p.?...U
6e 62 00 00 00 80 47 10 53 32 63 73 49 78 4e 52 nb....G.S2csIxNR
4f 55 42 33 70 54 6c 6b 39 00 64 2e 65 78 65 00 OUB3pTlk9.d.exe.
00 00 00 00 00 00 19 55 6e 62 00 00 00 80 d7 1b .......Unb......
75 62 2e 65 78 65 00 53 74 75 62 00 6d 73 63 6f ub.exe.Stub.msco

2014-11-20 18:05:55,160 - detector - WARNING - Process mbamservice.ex (pid: 3124) matched: Xtreme at address: 0x25252CE2, Value:

58 00 74 00 72 00 65 00 6d 00 65 00 52 00 41 00 X.t.r.e.m.e.R.A.
54 00 00 47 35 2e 23 23 40 29 16 60 58 58 58 58 T..G5.##@).`XXXX
e0 61 61 61 9a c6 f7 ff ff ff ff ff ff ff 00 8c .aaa............
76 c5 9c a4 87 53 3e f9 15 31 a4 e9 ea 38 83 92 v....S>..1...8..
26 35 6d 8b ed f7 13 c9 ae f0 53 3c b9 09 3f 3f &5m.......S<..??
3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f ????????????????
3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 38 00 00 00 ????????????8...
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 3e ...............>
57 0d fa ae ad 08 98 f8 7b 23 c0 02 18 25 0e 00 W.......{#...%..

2014-11-20 18:57:38,144 - detector - INFO - Scanning finished
2014-11-20 18:57:38,144 - detector.service - INFO - Trying to stop the winpmem service...
2014-11-20 18:57:38,145 - detector.service - INFO - Trying to delete the winpmem service...
2014-11-20 18:57:38,147 - detector - INFO - Service stopped
2014-11-20 18:57:38,147 - detector - INFO - Analysis finished
2014-11-21 10:13:35,200 - detector - INFO - Starting with process ID 8916
2014-11-21 10:13:35,200 - detector - INFO - Selected Profile Name: Win7SP1x64
2014-11-21 10:13:35,200 - detector - INFO - Selected Driver: C:\Users\Lange\AppData\Local\Temp\_MEI93562\drivers\winpmem64.sys
2014-11-21 10:13:35,200 - detector.service - INFO - Launching service destroyer...
2014-11-21 10:13:35,200 - detector.service - DEBUG - Unable to OpenService: (1060, 'OpenService', 'Der angegebene Dienst ist kein installierter Dienst.')
2014-11-21 10:13:35,200 - detector.service - INFO - Trying to stop the winpmem service...
2014-11-21 10:13:35,200 - detector.service - INFO - Trying to delete the winpmem service...
2014-11-21 10:13:35,200 - detector.service - DEBUG - Unable to delete the service: (6, 'DeleteService', 'Das Handle ist ung\xfcltig.')
2014-11-21 10:13:35,246 - detector.service - INFO - Trying to start the winpmem service...
2014-11-21 10:13:35,293 - detector - INFO - Service started
2014-11-21 10:13:35,293 - detector - INFO - Selected Yara signature file at C:\Users\Lange\AppData\Local\Temp\_MEI93562\rules\signatures.yar
2014-11-21 10:13:35,293 - detector - INFO - Obtaining address space and generating config for volatility
2014-11-21 10:13:36,713 - detector - INFO - Address space: <volatility.plugins.addrspaces.amd64.AMD64PagedMemory object at 0x0B9AB610>, Base: <volatility.plugins.addrspaces.win32pmem.Win32FileAddressSpace object at 0x049EFAF0>
2014-11-21 10:13:36,713 - detector - INFO - Profile: <volatility.plugins.overlays.windows.win7.Win7SP1x64 object at 0x049EFBF0>, DTB: 0x1a7000
2014-11-21 10:13:36,713 - detector - INFO - Starting yara scanner...
MBAM hat keine Einträge in den Scanlogs

cosinus 21.11.2014 10:43
Code:
XtremeRATv2.9\HulkmodInstaller.exe
detekt findet immer wieder diesen String in verschiedenen Prozessen, hauptsächlich in der mbamservice.exe :wtf:

Sagt dir das irgendwas? Hulkmod? Ist das ein Mod für GTA? :wtf:

capcgn 21.11.2014 11:11
Das sagt mir leider gar nichts, ich habe den normalen Nvidia Grafiktreiber installiert. Keine Spiele installiert.....

cosinus 21.11.2014 12:06
Warum der das in den Prozessen sieht weiß ich auch so noch nicht :confused: :wtf: :balla:

Ich mal was ausprobieren:

Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
    Code:
    :filefind
    *hulkmod*
    *xtreme*

    :folderfind
    *hulkmod*
    *xtreme*

    :regfind
    hulkmod
    xtreme
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.


capcgn 21.11.2014 12:14
Hier der log
Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 12:09 on 21/11/2014 by Lange
Administrator - Elevation successful

========== filefind ==========

Searching for "*hulkmod*"
No files found.

Searching for "*xtreme*"
C:\Program Files (x86)\Google\Google Earth\client\res\flightsim\controller\logitech_extreme_3d.ini        --a---- 473 bytes        [19:21 07/10/2013]        [19:21 07/10/2013] B4A9D7DC0F337A0F4FEEBEA6E8341F09
C:\Program Files (x86)\Google\Google Earth\plugin\res\flightsim\controller\logitech_extreme_3d.ini        --a---- 473 bytes        [19:21 07/10/2013]        [19:21 07/10/2013] B4A9D7DC0F337A0F4FEEBEA6E8341F09
C:\Users\Lange\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6321QR5R\Profil_Wintrac-xtreme[1].jpg        --a---- 29260 bytes        [10:38 29/01/2013]        [10:38 29/01/2013] BB95F2DB95F7E1C9290D35FAD7FC5835
C:\Users\Lange\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\data\icons\dynasty_warriors_8_xtreme_legends.png        --a---- 6781 bytes        [11:53 20/11/2014]        [11:53 20/11/2014] 0E7F04FF6315850AC4448BEF214B9459
C:\Users\Lange\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\data\translations\dynasty_warriors_8_xtreme_legends.translation        --a---- 63043 bytes        [11:53 20/11/2014]        [11:53 20/11/2014] 0E13F078679CAED186F48F40860ABD51
C:\Users\Lange\AppData\Local\Temp\_MEI39322\rules\xtreme.yar        --a---- 703 bytes        [15:57 20/11/2014]        [15:57 20/11/2014] EFB8BEF3B3E7FEB62F60AF88E0F2C2B8
C:\Users\Lange\AppData\Local\Temp\_MEI58402\rules\xtreme.yar        --a---- 703 bytes        [15:36 20/11/2014]        [15:36 20/11/2014] EFB8BEF3B3E7FEB62F60AF88E0F2C2B8

========== folderfind ==========

Searching for "*hulkmod*"
No folders found.

Searching for "*xtreme*"
C:\Users\Lange\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\data\wrappers\dynasty_warriors_8_xtreme_legends        d------        [08:40 12/11/2014]

========== regfind ==========

Searching for "hulkmod"
No data found.

Searching for "xtreme"
[HKEY_CURRENT_USER\Control Panel\PowerCfg\PowerPolicies\5]
"Description"="This scheme is extremely aggressive for saving power."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\b06bdrv]
"DisplayName"="Broadcom NetXtreme II VBD"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\b57nd60a]
"DisplayName"="Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ebdrv]
"DisplayName"="Broadcom NetXtreme II 10 GigE VBD"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\b06bdrv]
"DisplayName"="Broadcom NetXtreme II VBD"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\b57nd60a]
"DisplayName"="Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\ebdrv]
"DisplayName"="Broadcom NetXtreme II 10 GigE VBD"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\b06bdrv]
"DisplayName"="Broadcom NetXtreme II VBD"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\b57nd60a]
"DisplayName"="Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ebdrv]
"DisplayName"="Broadcom NetXtreme II 10 GigE VBD"
[HKEY_USERS\S-1-5-19\Control Panel\PowerCfg\PowerPolicies\5]
"Description"="This scheme is extremely aggressive for saving power."
[HKEY_USERS\S-1-5-20\Control Panel\PowerCfg\PowerPolicies\5]
"Description"="This scheme is extremely aggressive for saving power."
[HKEY_USERS\S-1-5-21-4188070395-693738936-3909245983-1000\Control Panel\PowerCfg\PowerPolicies\5]
"Description"="This scheme is extremely aggressive for saving power."

Searching for "        "
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon\WIA\Devices\MP640 series]
"ProductId"="MP640          "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\ASPEncoder]
"Description"="
        <h3>Das Kernstück Ihres HD-Videoerlebnisses</h3>
        <p>Der Codec, der die Videowelt revolutioniert hat, wurde weiter optimiert. Wir bezeichnen diese Version als „Pro“, da sie zudem fantastische fortschrittliche Encoding-Einstellungen bietet, mit denen Sie mit Drittanbietersoftware hochwertige DivX-Video generieren können, die auf jedem beliebigen DivX Certified®-Gerät wiedergegeben werden können.</p>
        <h3>Gute Gründe für den DivX Codec</h3>
        <ul>
            <li>Erstellen Sie mit Drittanbietersoftware oder mit dem DivX Converter hochwertige, stark komprimierte DivX-Videos.</li>
            <li>Wir garantieren, dass Ihre Videos abgesehen von Deinem PC auch auf DivX Certified-DVD-Playern, Mobiltelefonen, Spielekonsolen uvm. abgespielt werden können.</li>
            <li>Optimieren Sie Ihre Videos mit den fortschrittlichen Encoding-Einstellungen, um hochwertigere Dateien zu erhalten.</li>
        </ul>"
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Converter]
"Description"="
          <p>Konvertiere Filmmaterial ganz einfach in DivX-Videos, um sie auf mehr als 1 Milliarde DivX-Geräten wiederzugeben.</p>
          <ul>
              <li>Erstelle DivX-Videos in hoher Qualität, z. B. DivX HEVC-Videos mit einer Auflösung von bis zu 4K</li>
              <li>Passe Deine Codierung mit AviSynth-Unterstützung individuell an</li>
              <li>Drehe, kombiniere und füge Untertitel und Audio zu Deinen Videos hinzu</li>
          </ul>
          <br/>
          <p><i>*DivX HEVC-Plugin erforderlich</i></p>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\HEVCCodec]
"Description"="
          <p>Hole Dir das kostenlose DivX HEVC-Plugin und erlebe den neuesten Videostandard für Qualität und Komprimierung</p>
          <ul>
              <li>In DivX Converter, Player und Web Player werden neue DivX HEVC-Profile unterstützt</li>
              <li>Erstelle DivX HEVC-Videos mit einer geringeren Dateigröße als bei H.264</li>
              <li>Schaue DivX HEVC-Videos an  - auf jedem Computer, in Deinem Lieblings-Browser</li>
          </ul>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Player]
"Description"="
          <p>Hochwertige Wiedergabe von DivX, DivX Plus HD und DivX HEVC-Video bis zu 4K</p>
          <ul>
              <li>Optimiert für die Wiedergabe der beliebtesten Videoformate im Internet</li>
              <li>DivX Media Server streamt MKV zur PS3, Xbox und anderen Geräten</li>
              <li>Experimenteller DLNA-Controller für die Wiedergabe von DivX-Videos auf lokalen Geräten</li>
          </ul>
          <br/>
          <p><i>*DivX HEVC-Plugin erforderlich</i></p>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\BundleGroups\divx.com]
"BundleGroupDescription"="
        <p>Spiele, erstelle und streame DivX-Videos in hoher Qualität, z. B. HEVC* mit einer Auflösung von bis zu 4K. Das beste DivX Video-Erlebnis erhältst Du, <i>wenn Du alle Komponenten installierst.</i></p>
                <!-- Leave the 1st <p> tag line, because it is used on other installer page. -->
                <p>Eine neue Version von DivX (10.2.3) ist verfügbar. Hierist eine vollständige Liste mit allen <a href="hxxp://go.divx.com/WhatsNew/de" target="_blank">Neuerungen</a>:</p>
          <ul>
            <li>Player unterstützt externe SAMI (.SMI)-Untertitel</li>
            <li>Player kann zwei Untertitel gleichzeitig anzeigen</li>
                        <li>Problem mit auf dem Kopf stehenden Bildern, welches bei der Wiedergabe auf einigen Geräten bestand, wurde behoben</li>
            <li>Problem mit langen Ladezeiten für HEVC-Videos mit DTS-Audio wurde behoben</li>
            <li>Keine Probleme mehr bei der Unterstützung von mit FFMPEG erste
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\InstallGroups\FiltersAndCodecs]
"Description"="
          <p>Mit dem DivX® Codec Pack kannst Du DivX®-Videos mit Deinen Lieblingsanwendungen abspielen und erstellen.</p>
          <ul>
              <li>DivX- und DivX Plus-Videos auf jedem beliebigen Media-Player abspielen (wie beispielsweise Windows Media Player, QuickTime, Media Player Classic)</li>
              <li>Ausgabe von AVI-Videos mit Deiner Lieblingsbearbeitungssoftware (z. B. Sony Vegas, Virtual Dub)</li>
              <li>Konvertieren in DivX und MKV mithilfe von DivX Converter und Tools von Drittanbietern – unbegrenzt und kostenlos</li>
          </ul>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\InstallGroups\SharedLibraries]
"Description"="
          <ul>
              <li>Das DivX VOD-Plug-in sorgt für besseres Erlebnis für Kunden, die Filme von DivX VOD - Shops beziehen.</li>
          </ul>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\WebPlayer]
"Description"="
          <p>Effizientes, reibungsloses MKV-Streaming in Deinem Browser</p>
          <ul>
            <li>Adaptives Bitrate-Streaming mit experimenteller Unterstützung für DivX HEVC*-Streams</li>
            <li>Problemlose Wiedergabe des FF/RW-Formats, Abschnittsmarkierungen, Unterstützung mehrerer Untertitel und Tonspuren</li>
            <li>Weniger CPU- und Akkuverbrauch mit H.264-DXVA-Hardwarebeschleunigung</li>
          </ul>
          <br/>
          <p><i>*DivX HEVC-Plugin erforderlich</i></p>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="            <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" >                <InitializationParameters>                    <Param Name="PSVersion" Value="2.0"/>                </InitializationParameters>                <Resources>                    <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                        <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                        <Capability Type="Shell"/>                    </Resource>                </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" >                        <InitializationParameters>                            <Param Name="PSVersion" Value="2.0"/>                        </InitializationParameters>                        <Resources>                            <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true">                                <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                               
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.70#000A2700229A3B4D&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.70#000A2700229A6CA7&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.70#000A2700229A3B4D&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.70#000A2700229A6CA7&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.70#000A2700229A3B4D&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.70#000A2700229A6CA7&0#]
"DeviceDesc"="iPod            "

-= EOF =-
Ich habe euch gerade eine kleine Spende zukommen lassen....... Dank im Voraus

cosinus 21.11.2014 12:22
Danke!

Eine neue Suche bitte, fütter mal Systemlook hiermit:

Code:
:filefind
*btw_oko*

:folderfind
*btw_oko*

:regfind
btw_oko

capcgn 21.11.2014 16:22
hier der log:
Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 16:20 on 21/11/2014 by Lange
Administrator - Elevation successful

========== filefind ==========

Searching for "*btw_oko*"
No files found.

========== folderfind ==========

Searching for "*btw_oko*"
No folders found.

========== regfind ==========

Searching for "btw_oko"
No data found.

Searching for "      "
[HKEY_CURRENT_USER\Software\Gabest\Media Player Classic\Shaders]
"11"="procamp|ps_2_0|sampler s0 : register(s0);\nfloat4 p0 :  register(c0);\nfloat4 p1 :  register(c1);\n\n#define width  (p0[0])\n#define height  (p0[1])\n#define counter (p0[2])\n#define clock  (p0[3])\n#define one_over_width  (p1[0])\n#define one_over_height (p1[1])\n\n#define PI acos(-1)\n\nstatic float4x4 r2y = {\n\t 0.299,  0.587,  0.114, 0.000,\n\t-0.147, -0.289,  0.437, 0.000,\n\t 0.615, -0.515, -0.100, 0.000,\n\t 0.000,  0.000,  0.000, 0.000\n};\n\nstatic float4x4 y2r = {\n\t1.000,  0.000,  1.140, 0.000,\n\t1.000, -0.394, -0.581, 0.000,\n\t1.000,  2.028,  0.000, 0.000,\n\t0.000,  0.000,  0.000, 0.000\n};\n\n#define ymin ( 16.0 / 255)\n#define ymax (235.0 / 255)\n\n// Brightness: -1.0 to 1.0, default 0.0\n// Contrast: 0.0 to 10.0, default 1.0\n// Hue: -180.0 to +180.0, default 0.0\n// Saturation: 0.0 to 10.0, default 1.0\n\n#define Brightness 0.0\n#define Contrast  1.0\n#define Hue        0.0\n#define Saturation 1.0\n\n// tv -> pc sc
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon\WIA\Devices\MP640 series]
"ProductId"="MP640          "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\ASPEncoder]
"Description"="
        <h3>Das Kernstück Ihres HD-Videoerlebnisses</h3>
        <p>Der Codec, der die Videowelt revolutioniert hat, wurde weiter optimiert. Wir bezeichnen diese Version als „Pro“, da sie zudem fantastische fortschrittliche Encoding-Einstellungen bietet, mit denen Sie mit Drittanbietersoftware hochwertige DivX-Video generieren können, die auf jedem beliebigen DivX Certified®-Gerät wiedergegeben werden können.</p>
        <h3>Gute Gründe für den DivX Codec</h3>
        <ul>
            <li>Erstellen Sie mit Drittanbietersoftware oder mit dem DivX Converter hochwertige, stark komprimierte DivX-Videos.</li>
            <li>Wir garantieren, dass Ihre Videos abgesehen von Deinem PC auch auf DivX Certified-DVD-Playern, Mobiltelefonen, Spielekonsolen uvm. abgespielt werden können.</li>
            <li>Optimieren Sie Ihre Videos mit den fortschrittlichen Encoding-Einstellungen, um hochwertigere Dateien zu erhalten.</li>
        </ul>"
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Converter]
"Description"="
          <p>Konvertiere Filmmaterial ganz einfach in DivX-Videos, um sie auf mehr als 1 Milliarde DivX-Geräten wiederzugeben.</p>
          <ul>
              <li>Erstelle DivX-Videos in hoher Qualität, z. B. DivX HEVC-Videos mit einer Auflösung von bis zu 4K</li>
              <li>Passe Deine Codierung mit AviSynth-Unterstützung individuell an</li>
              <li>Drehe, kombiniere und füge Untertitel und Audio zu Deinen Videos hinzu</li>
          </ul>
          <br/>
          <p><i>*DivX HEVC-Plugin erforderlich</i></p>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\HEVCCodec]
"Description"="
          <p>Hole Dir das kostenlose DivX HEVC-Plugin und erlebe den neuesten Videostandard für Qualität und Komprimierung</p>
          <ul>
              <li>In DivX Converter, Player und Web Player werden neue DivX HEVC-Profile unterstützt</li>
              <li>Erstelle DivX HEVC-Videos mit einer geringeren Dateigröße als bei H.264</li>
              <li>Schaue DivX HEVC-Videos an  - auf jedem Computer, in Deinem Lieblings-Browser</li>
          </ul>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Player]
"Description"="
          <p>Hochwertige Wiedergabe von DivX, DivX Plus HD und DivX HEVC-Video bis zu 4K</p>
          <ul>
              <li>Optimiert für die Wiedergabe der beliebtesten Videoformate im Internet</li>
              <li>DivX Media Server streamt MKV zur PS3, Xbox und anderen Geräten</li>
              <li>Experimenteller DLNA-Controller für die Wiedergabe von DivX-Videos auf lokalen Geräten</li>
          </ul>
          <br/>
          <p><i>*DivX HEVC-Plugin erforderlich</i></p>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\BundleGroups\divx.com]
"BundleGroupDescription"="
        <p>Spiele, erstelle und streame DivX-Videos in hoher Qualität, z. B. HEVC* mit einer Auflösung von bis zu 4K. Das beste DivX Video-Erlebnis erhältst Du, <i>wenn Du alle Komponenten installierst.</i></p>
                <!-- Leave the 1st <p> tag line, because it is used on other installer page. -->
                <p>Eine neue Version von DivX (10.2.3) ist verfügbar. Hierist eine vollständige Liste mit allen <a href="hxxp://go.divx.com/WhatsNew/de" target="_blank">Neuerungen</a>:</p>
          <ul>
            <li>Player unterstützt externe SAMI (.SMI)-Untertitel</li>
            <li>Player kann zwei Untertitel gleichzeitig anzeigen</li>
                        <li>Problem mit auf dem Kopf stehenden Bildern, welches bei der Wiedergabe auf einigen Geräten bestand, wurde behoben</li>
            <li>Problem mit langen Ladezeiten für HEVC-Videos mit DTS-Audio wurde behoben</li>
            <li>Keine Probleme mehr bei der Unterstützung von mit FFMPEG erste
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\InstallGroups\FiltersAndCodecs]
"Description"="
          <p>Mit dem DivX® Codec Pack kannst Du DivX®-Videos mit Deinen Lieblingsanwendungen abspielen und erstellen.</p>
          <ul>
              <li>DivX- und DivX Plus-Videos auf jedem beliebigen Media-Player abspielen (wie beispielsweise Windows Media Player, QuickTime, Media Player Classic)</li>
              <li>Ausgabe von AVI-Videos mit Deiner Lieblingsbearbeitungssoftware (z. B. Sony Vegas, Virtual Dub)</li>
              <li>Konvertieren in DivX und MKV mithilfe von DivX Converter und Tools von Drittanbietern – unbegrenzt und kostenlos</li>
          </ul>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\InstallGroups\SharedLibraries]
"Description"="
          <ul>
              <li>Das DivX VOD-Plug-in sorgt für besseres Erlebnis für Kunden, die Filme von DivX VOD - Shops beziehen.</li>
          </ul>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\WebPlayer]
"Description"="
          <p>Effizientes, reibungsloses MKV-Streaming in Deinem Browser</p>
          <ul>
            <li>Adaptives Bitrate-Streaming mit experimenteller Unterstützung für DivX HEVC*-Streams</li>
            <li>Problemlose Wiedergabe des FF/RW-Formats, Abschnittsmarkierungen, Unterstützung mehrerer Untertitel und Tonspuren</li>
            <li>Weniger CPU- und Akkuverbrauch mit H.264-DXVA-Hardwarebeschleunigung</li>
          </ul>
          <br/>
          <p><i>*DivX HEVC-Plugin erforderlich</i></p>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="            <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" >                <InitializationParameters>                    <Param Name="PSVersion" Value="2.0"/>                </InitializationParameters>                <Resources>                    <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                        <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                        <Capability Type="Shell"/>                    </Resource>                </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" >                        <InitializationParameters>                            <Param Name="PSVersion" Value="2.0"/>                        </InitializationParameters>                        <Resources>                            <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true">                                <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                               
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MPDEV]
"MPIOSupportedDeviceList"="Vendor 8Product      16"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.70#000A2700229A3B4D&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.70#000A2700229A6CA7&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_MATSHITA&PROD_DMC-FS11&REV_0100#0000000000000000000X1500150171&0#]
"DeviceDesc"="DMC-FS11        "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msdsm\Parameters]
"DsmSupportedDeviceList"="Vendor 8Product      16"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\MPDEV]
"MPIOSupportedDeviceList"="Vendor 8Product      16"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.70#000A2700229A3B4D&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.70#000A2700229A6CA7&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_MATSHITA&PROD_DMC-FS11&REV_0100#0000000000000000000X1500150171&0#]
"DeviceDesc"="DMC-FS11        "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\msdsm\Parameters]
"DsmSupportedDeviceList"="Vendor 8Product      16"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MPDEV]
"MPIOSupportedDeviceList"="Vendor 8Product      16"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.70#000A2700229A3B4D&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.70#000A2700229A6CA7&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_MATSHITA&PROD_DMC-FS11&REV_0100#0000000000000000000X1500150171&0#]
"DeviceDesc"="DMC-FS11        "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\msdsm\Parameters]
"DsmSupportedDeviceList"="Vendor 8Product      16"
[HKEY_USERS\S-1-5-21-4188070395-693738936-3909245983-1000\Software\Gabest\Media Player Classic\Shaders]
"11"="procamp|ps_2_0|sampler s0 : register(s0);\nfloat4 p0 :  register(c0);\nfloat4 p1 :  register(c1);\n\n#define width  (p0[0])\n#define height  (p0[1])\n#define counter (p0[2])\n#define clock  (p0[3])\n#define one_over_width  (p1[0])\n#define one_over_height (p1[1])\n\n#define PI acos(-1)\n\nstatic float4x4 r2y = {\n\t 0.299,  0.587,  0.114, 0.000,\n\t-0.147, -0.289,  0.437, 0.000,\n\t 0.615, -0.515, -0.100, 0.000,\n\t 0.000,  0.000,  0.000, 0.000\n};\n\nstatic float4x4 y2r = {\n\t1.000,  0.000,  1.140, 0.000,\n\t1.000, -0.394, -0.581, 0.000,\n\t1.000,  2.028,  0.000, 0.000,\n\t0.000,  0.000,  0.000, 0.000\n};\n\n#define ymin ( 16.0 / 255)\n#define ymax (235.0 / 255)\n\n// Brightness: -1.0 to 1.0, default 0.0\n// Contrast: 0.0 to 10.0, default 1.0\n// Hue: -180.0 to +180.0, default 0.0\n// Saturation: 0.0 to 10.0, default 1.0\n\n#define Brightness 0.0\n#define Contrast  1.0\n#define Hue        0.0\n#

-= EOF =-
Dank im Voraus....

cosinus 22.11.2014 02:37
Bleibt nur eins festzustellen: detekt ist in dieser Form für die Tonne! Und verunsiert nur jeden Benutzer! :twak:

capcgn 22.11.2014 11:38
Darf ich davon ausgehen, dass meinem Rechner nichts fehlt ??????:dankeschoen:

cosinus 22.11.2014 18:33
detekt in dieser Version/Form ist mal richtig für den Arsch :lmaa: . Lass dich nicht verarschen. Und auch nicht verunsichern.

Natürlich gibt es keine 100 % Sicherheit aber nach dem jetzigen Stand ist alles ok auf deinem Rechner.


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:02 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19