Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: BKA/Ukash-Trojaner/Virus und seine Folgen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.12.2011, 03:55   #1
Anubis2019
 
BKA/Ukash-Trojaner/Virus und seine Folgen - Standard

BKA/Ukash-Trojaner/Virus und seine Folgen



Hallo,

vor ca. zwei Stunden habe ich mir den lästigen BKA-Trojaner eingefangen. Mithilfe des Abgesicherten Modus und dem löschen einer kryptischen *.exe in meinem Benutzerfolder, könnte ich mein System wieder normal starten.


Auch wenn jetzt alles wieder normal wirkt, heißt dies ja bekanntlich nicht das auch alles wieder in Normalzustand ist. Daher wollte ich mir gerne euren Rat anhören, welche weiteren Schritte ich durchführen muss um das Ärgernis zu 99,9% zu beseitigen und ihn und seinen Freunden daran zu hindern wieder auf mein System zu gelangen.

OTL.txt war zu groß, deswegen habe ich die in das Archiv gepackt.

Vielen Dank für eure Hilfe

Alt 25.12.2011, 03:59   #2
kira
/// Helfer-Team
 
BKA/Ukash-Trojaner/Virus und seine Folgen - Standard

BKA/Ukash-Trojaner/Virus und seine Folgen



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

Ich habe zwei Vorschläge: :

1.
Wenn du glaubst zu kennen die Zeitpunkt wo dein System noch einwandfrei funktioniert hat, die Systemwiederherstellung ist einen Versuch Wert!:

- Gibt es einen "relativ einfachen Weg",wenn eine frische Infektion vorliegt, oder mal bestimmte Probleme bekommt man auch gelöst, was man sogleich ausprobieren sollte. Dies bietet Dir die Möglichkeit, Systemänderungen am Computer ohne Auswirkung auf persönliche Dateien, wie z. B. E-Mails, Dokumente oder Fotos, rückgängig zu machen.
Zitat:
-> Systemwiederherstellung
► Bitte wähle das älteste verfügbare Datum für die Wiederherstellung von Windows aus, wo dein Rechner noch einwandfrei funktioniert hat!
  • Du musst dich als Administrator oder als Benutzer mit Administratorrechten anmelden.
  • Die Systemwiederherstellung lässt sich unter Windows Vista/XP/7 wie folgt aufrufen:
  • StartAlle ProgrammeZubehörSystemprogrammeSystemwiederherstellung
->Eine Schritt-für-Schritt-Anleitung zum Einsatz der Systemwiederherstellung unter Windows XP
->Systemwiederherstellung unter Windows Vista
->Unter Win 7
Falls nötig, kannst Du es im abgesicherten Modus auch tun - (Link bitte unbedingt anklicken & lesen!)
Die Systemwiederherstellung ist nur ein "Notlösung", das Problem wird damit nie 100%ig beseitigt, da dem Zeitpunkt des Eindringen des Trojaners nicht mehr feststellen kann. Aber man kann damit die Funktionsfähigkeit eines Computersystems erhöhen.
(Kannst noch immer bis zum heutigen Zeitpunkt rückgängig machen, falls liefert nicht das gewünschte Ergebnis)

berichte mir auch, ob die SWH funktioniert hat, bzw ob Du das System auf einen früheren Wiederherstellungspunkt zurückstellen können?

2.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

3.
Systemscan mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.


  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira
__________________

__________________

Alt 25.12.2011, 17:48   #3
Anubis2019
 
BKA/Ukash-Trojaner/Virus und seine Folgen - Standard

BKA/Ukash-Trojaner/Virus und seine Folgen



OTL.txt
OTL Logfile:
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL logfile created on: 25.12.2011 14:34:52 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Andreas\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 38,12% Memory free
7,99 Gb Paging File | 5,30 Gb Available in Paging File | 66,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,80 Gb Total Space | 3,00 Gb Free Space | 5,37% Space Free | Partition Type: NTFS
Drive D: | 372,61 Gb Total Space | 26,79 Gb Free Space | 7,19% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 753,60 Gb Free Space | 80,90% Space Free | Partition Type: NTFS
Drive H: | 931,51 Gb Total Space | 637,24 Gb Free Space | 68,41% Space Free | Partition Type: NTFS
 
Computer Name: ANDREAS-PC | User Name: Andreas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.25 03:25:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe
PRC - [2011.12.23 03:42:24 | 003,621,040 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2011.12.23 03:42:14 | 002,779,824 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
PRC - [2011.12.08 22:21:05 | 000,419,624 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011.12.05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.11.09 16:29:12 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.10.30 15:11:27 | 000,490,448 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\program files (x86)\avira\antivir desktop\avscan.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.10.11 13:59:36 | 000,306,128 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\program files (x86)\avira\antivir desktop\avcenter.exe
PRC - [2011.08.31 17:00:48 | 001,047,208 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.03 10:17:40 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Spiele\Steam\Steam.exe
PRC - [2011.02.22 20:52:54 | 000,086,016 | ---- | M] () -- C:\Programme\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
PRC - [2011.02.10 10:00:58 | 000,091,432 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe
PRC - [2010.11.22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe
PRC - [2010.11.11 13:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010.11.11 13:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010.11.11 13:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010.11.01 17:09:12 | 000,802,816 | ---- | M] (Sphinx Software) -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe
PRC - [2010.11.01 16:49:58 | 000,401,408 | ---- | M] (Sphinx Software) -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe
PRC - [2010.01.19 03:31:26 | 000,072,304 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe
PRC - [2009.12.21 08:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
PRC - [2007.09.25 09:10:50 | 002,007,088 | ---- | M] (FlashGet.com) -- C:\Program Files (x86)\FlashGet\flashget.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.13 16:57:48 | 000,071,680 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\gecko8\WINNT_x86-msvc\SSSLauncher.dll
MOD - [2011.12.08 22:21:03 | 014,410,024 | ---- | M] () -- D:\Spiele\Steam\bin\libcef.dll
MOD - [2011.12.08 22:21:01 | 000,194,344 | ---- | M] () -- D:\Spiele\Steam\bin\chromehtml.dll
MOD - [2011.12.08 22:20:59 | 000,091,432 | ---- | M] () -- D:\Spiele\Steam\bin\avutil-50.dll
MOD - [2011.12.08 22:20:57 | 000,155,432 | ---- | M] () -- D:\Spiele\Steam\bin\avformat-52.dll
MOD - [2011.12.08 22:20:55 | 000,914,216 | ---- | M] () -- D:\Spiele\Steam\bin\avcodec-52.dll
MOD - [2011.11.09 16:29:12 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.10.11 13:59:51 | 000,398,288 | ---- | M] () -- C:\program files (x86)\avira\antivir desktop\sqlite3.dll
MOD - [2011.03.01 14:08:25 | 006,053,536 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2007.06.15 07:35:38 | 000,626,688 | ---- | M] () -- C:\Program Files (x86)\FlashGet\FGBTCORE.dll
MOD - [2007.06.14 11:52:06 | 001,327,184 | ---- | M] () -- C:\Program Files (x86)\FlashGet\FGEMCORE.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.05.03 13:12:03 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011.02.22 20:52:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe -- (mi-raysat_3dsmax2012_64)
SRV:64bit: - [2010.09.29 02:51:08 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008.07.29 12:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2011.12.23 03:42:32 | 001,148,632 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe -- (ST2012_Svc)
SRV - [2011.12.08 22:21:05 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.02.10 10:00:58 | 000,091,432 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe -- (FreeAgentGoFlex Service)
SRV - [2010.11.22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2010.11.11 13:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010.11.11 13:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010.11.11 13:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010.11.01 16:49:58 | 000,401,408 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService)
SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.19 03:31:26 | 000,072,304 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.25 02:45:08 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2)
DRV:64bit: - [2011.12.09 12:44:42 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010.12.07 14:33:34 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.11.11 13:49:12 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010.11.11 13:49:00 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010.11.11 13:47:12 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010.11.11 13:47:00 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010.11.11 12:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010.11.11 10:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010.11.11 10:04:52 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2010.11.11 10:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2010.09.29 03:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.09.29 02:14:48 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.03.22 10:57:20 | 000,347,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.01.27 09:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010.01.27 04:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010.01.27 03:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2009.12.31 11:04:57 | 000,360,712 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009.11.20 12:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009.11.20 12:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.10.29 12:04:28 | 000,172,544 | ---- | M] (OMNIKEY) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cxbu0x64.sys -- (cxbu0x64)
DRV:64bit: - [2009.09.23 02:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009.09.23 02:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009.09.23 02:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009.09.16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:64bit: - [2009.08.21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007.01.24 16:24:12 | 000,046,616 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcblan.sys -- (RemoteControl-USBLAN)
DRV - [2010.12.12 15:43:23 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2010.12.12 15:43:07 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010.08.19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.11.14 02:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60747
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 CA 13 AA 0F BF CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Google.de"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.5.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: H:\PROGRA~1\Visio\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: H:\PROGRA~1\Visio\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files (x86)\Crawler\Toolbar\firefox\ [2011.12.25 02:45:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.09 16:29:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.31 11:46:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.21 17:59:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2010.12.05 23:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions
[2010.12.05 23:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.12.18 14:20:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions
[2011.12.15 21:13:10 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010.12.05 22:56:58 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.06.30 11:11:29 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2009.07.01 13:19:32 | 000,000,894 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8e7gwvkr.default\searchplugins\conduit.xml
[2011.11.27 20:44:15 | 000,002,101 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8e7gwvkr.default\searchplugins\googlede.xml
[2011.11.09 16:29:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{9D1F059C-CADA-4111-9696-41A62D64E3BA}.XPI
() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.11.09 16:29:12 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.03 19:04:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.03 19:04:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2007.07.26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml
[2011.10.03 19:04:56 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.03 19:04:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.03 19:04:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.03 19:04:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Webpage Screenshot Chrome Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\plugin/np.dll
CHR - plugin: Screen Capture Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\plugin/npcapture.dll
CHR - plugin: FireShot Chrome Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\legfpnnmhhnhjgekmmbkilmijnjoehne\0.92_0\plugin/npfireshot.dll
CHR - plugin: FireShot Chrome Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\legfpnnmhhnhjgekmmbkilmijnjoehne\0.92_0\plugin/npfshtml.dll
CHR - plugin: Harmony Firefox Plugin (Enabled) = C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.4.6.3_0\
CHR - Extension: Google-Suche = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Plugin helper for chrome = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\
CHR - Extension: Click to change the icon's color = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\legfpnnmhhnhjgekmmbkilmijnjoehne\0.92_0\
CHR - Extension: Google Mail = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File not found
O2 - BHO: (&Crawler Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - H:\Programme\Visio\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Program Files (x86)\FireShot for IE\FSAddin-0.92.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKLM..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Flashget] C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows7FirewallControl] C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
O4 - HKCU..\Run: [Update] C:\Users\Andreas\AppData\Roaming\0.9445476154460077.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8:64bit: - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O8:64bit: - Extra context menu item: Crawler Search - tbr:iemenu File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O8 - Extra context menu item: Crawler Search - tbr:iemenu File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE1D4120-E5ED-479C-AE53-79338240EB6A}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB7DE6DF-2830-42C0-A30E-F3928516262A}: NameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\tbr - No CLSID value found
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.10.06 17:32:15 | 000,000,000 | ---D | M] - H:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{50945162-941b-11e0-a18b-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{50945162-941b-11e0-a18b-005056c00008}\Shell\AutoRun\command - "" = G:\iStudio.exe
O33 - MountPoints2\{7aa50e66-5319-11e0-ad73-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{7aa50e66-5319-11e0-ad73-005056c00008}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell - "" = AutoRun
O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell\install\command - "" = E:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.25 12:16:31 | 003,562,624 | ---- | C] (Piriform Ltd) -- C:\Users\Andreas\Desktop\ccsetup314.exe
[2011.12.25 12:01:08 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.12.25 12:00:57 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Malwarebytes
[2011.12.25 12:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.25 12:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.25 12:00:49 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.12.25 12:00:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.12.25 11:59:37 | 009,852,544 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Andreas\Desktop\mbam-setup-1.51.2.1300.exe
[2011.12.25 03:25:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe
[2011.12.25 02:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar
[2011.12.25 02:45:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Crawler
[2011.12.25 02:45:08 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2011.12.25 02:45:05 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Spyware Terminator
[2011.12.25 02:45:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2011.12.25 02:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2011.12.25 02:44:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[2011.12.25 02:42:23 | 000,799,832 | ---- | C] (Crawler.com                                                 ) -- C:\Users\Andreas\Desktop\Spyware30050TerminatorSetup.exe
[2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Adobe
[2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Adobe
[2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011.12.22 18:55:19 | 000,750,440 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPM5312.dll
[2011.12.22 18:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011.12.22 18:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011.12.22 18:55:14 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011.12.22 18:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011.12.22 18:54:19 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\HP
[2011.12.18 18:41:39 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Documents\Nexus Mod Manager
[2011.12.18 18:41:39 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Black_Tree_Gaming
[2011.12.18 18:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
[2011.12.18 18:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\Nexus Mod Manager
[2011.12.16 13:58:24 | 000,000,000 | R--D | C] -- C:\Users\Andreas\Dropbox
[2011.12.16 13:57:30 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011.12.16 13:56:46 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Dropbox
[2011.12.15 00:41:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011.12.15 00:41:18 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.12.15 00:41:18 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.12.15 00:41:18 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.12.15 00:41:18 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.12.15 00:41:18 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.12.15 00:41:18 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.12.15 00:41:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.12.15 00:41:18 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.12.15 00:41:18 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.12.15 00:41:18 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.12.15 00:41:18 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.12.15 00:41:18 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.12.15 00:41:18 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.12.15 00:41:18 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.12.15 00:41:18 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.12.15 00:41:04 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011.12.15 00:41:04 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011.12.09 13:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2011.12.09 13:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2011.12.09 13:37:42 | 000,210,432 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmml118.dll
[2011.12.09 13:37:42 | 000,193,592 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hppdcompio.dll
[2011.12.09 13:37:42 | 000,182,784 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmpm081.dll
[2011.12.09 13:37:42 | 000,167,480 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysWow64\hppccompio.dll
[2011.12.09 13:37:42 | 000,157,696 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmja118.dll
[2011.12.09 13:37:42 | 000,155,648 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmtp118.dll
[2011.12.09 13:37:42 | 000,067,584 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmpw081.dll
[2011.12.09 13:37:39 | 000,511,488 | ---- | C] (HP) -- C:\Windows\SysWow64\hpcdmc32.dll
[2011.12.09 13:37:39 | 000,311,808 | ---- | C] (Hewlett-Packard Corporation) -- C:\Windows\SysNative\hpcpn118.dll
[2011.12.09 13:36:29 | 000,000,000 | ---D | C] -- C:\HP Universal Print Driver
[2011.12.05 14:00:41 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallJammer Registry
[2011.12.05 14:00:36 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Application Data
[2011.12.05 14:00:31 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GmoteServer
[2011.12.05 14:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GmoteServer
[2011.12.05 14:00:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GmoteServer
[2011.12.05 13:39:42 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Desktop\vp71
[2011.12.05 13:33:52 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\vlc
[2011.12.05 13:33:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.12.05 13:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011.12.04 00:41:53 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Skyrim
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.25 14:11:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2744733067-2877928380-3086995166-1000UA.job
[2011.12.25 12:16:34 | 003,562,624 | ---- | M] (Piriform Ltd) -- C:\Users\Andreas\Desktop\ccsetup314.exe
[2011.12.25 12:01:08 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.12.25 12:00:52 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.25 11:59:37 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Andreas\Desktop\mbam-setup-1.51.2.1300.exe
[2011.12.25 11:58:30 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.25 11:58:30 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.25 11:56:37 | 001,771,670 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.25 11:56:37 | 000,759,010 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.25 11:56:37 | 000,702,730 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.25 11:56:37 | 000,174,268 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.25 11:56:37 | 000,141,122 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.25 11:51:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.25 11:51:16 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.25 04:09:56 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2011.12.25 03:49:23 | 000,034,731 | ---- | M] () -- C:\Users\Andreas\Desktop\OTL.zip
[2011.12.25 03:48:15 | 000,013,856 | ---- | M] () -- C:\Users\Andreas\Desktop\Extras.zip
[2011.12.25 03:25:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe
[2011.12.25 03:21:40 | 000,000,020 | ---- | M] () -- C:\Users\Andreas\defogger_reenable
[2011.12.25 03:21:05 | 000,050,477 | ---- | M] () -- C:\Users\Andreas\Desktop\Defogger.exe
[2011.12.25 02:45:08 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2011.12.25 02:45:04 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2011.12.25 02:42:25 | 000,799,832 | ---- | M] (Crawler.com                                                 ) -- C:\Users\Andreas\Desktop\Spyware30050TerminatorSetup.exe
[2011.12.22 21:49:02 | 000,468,444 | ---- | M] () -- C:\Users\Andreas\Desktop\Unbenannt-1.psd
[2011.12.22 18:55:18 | 000,002,224 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk
[2011.12.22 18:55:18 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk
[2011.12.22 18:55:18 | 000,001,224 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk
[2011.12.22 18:55:18 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk
[2011.12.21 17:11:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2744733067-2877928380-3086995166-1000Core.job
[2011.12.18 18:48:44 | 000,001,478 | ---- | M] () -- C:\Users\Andreas\Desktop\Skyrim.lnk
[2011.12.16 13:58:24 | 000,001,043 | ---- | M] () -- C:\Users\Andreas\Desktop\Dropbox.lnk
[2011.12.16 13:57:34 | 000,001,023 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.12.15 10:53:45 | 000,323,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.14 11:22:09 | 000,002,010 | -H-- | M] () -- C:\Users\Andreas\Documents\Default.rdp
[2011.12.13 15:32:53 | 001,440,354 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-13_153242.tif
[2011.12.13 15:28:14 | 000,175,439 | ---- | M] () -- C:\Users\Andreas\AppData\Local\debuggee.mdmp
[2011.12.09 16:38:14 | 000,265,294 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-09_163808.jpg
[2011.12.09 13:37:55 | 000,000,000 | ---- | M] () -- C:\Windows\HPMProp.INI
[2011.12.09 12:44:42 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.05 13:39:22 | 001,101,819 | ---- | M] () -- C:\Users\Andreas\Desktop\vp71.zip
[2011.12.05 13:33:31 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.25 12:00:52 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.25 03:49:23 | 000,034,731 | ---- | C] () -- C:\Users\Andreas\Desktop\OTL.zip
[2011.12.25 03:48:15 | 000,013,856 | ---- | C] () -- C:\Users\Andreas\Desktop\Extras.zip
[2011.12.25 03:21:40 | 000,000,020 | ---- | C] () -- C:\Users\Andreas\defogger_reenable
[2011.12.25 03:21:04 | 000,050,477 | ---- | C] () -- C:\Users\Andreas\Desktop\Defogger.exe
[2011.12.25 02:45:04 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2011.12.22 21:49:02 | 000,468,444 | ---- | C] () -- C:\Users\Andreas\Desktop\Unbenannt-1.psd
[2011.12.22 18:55:22 | 000,000,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
[2011.12.22 18:55:18 | 000,002,224 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk
[2011.12.22 18:55:18 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk
[2011.12.22 18:55:18 | 000,001,224 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk
[2011.12.22 18:55:18 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk
[2011.12.18 18:48:50 | 000,001,478 | ---- | C] () -- C:\Users\Andreas\Desktop\Skyrim.lnk
[2011.12.16 13:58:24 | 000,001,043 | ---- | C] () -- C:\Users\Andreas\Desktop\Dropbox.lnk
[2011.12.16 13:57:34 | 000,001,023 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.12.13 15:32:53 | 001,440,354 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-13_153242.tif
[2011.12.09 16:38:14 | 000,265,294 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-09_163808.jpg
[2011.12.09 13:37:55 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2011.12.09 13:37:39 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\hpcc3118.dll
[2011.12.05 13:39:19 | 001,101,819 | ---- | C] () -- C:\Users\Andreas\Desktop\vp71.zip
[2011.12.05 13:33:31 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.11.04 01:03:36 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
[2011.11.01 15:10:20 | 000,175,439 | ---- | C] () -- C:\Users\Andreas\AppData\Local\debuggee.mdmp
[2011.10.08 14:28:17 | 001,995,776 | ---- | C] () -- C:\Windows\SysWow64\cxcore200.dll
[2011.10.08 14:28:17 | 001,623,040 | ---- | C] () -- C:\Windows\SysWow64\cv200.dll
[2011.10.08 14:28:16 | 001,174,467 | ---- | C] () -- C:\Windows\unins000.exe
[2011.10.08 14:28:16 | 000,010,123 | ---- | C] () -- C:\Windows\unins000.dat
[2011.10.07 14:31:05 | 000,000,316 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.07.10 14:41:28 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI
[2011.05.24 22:06:22 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.05.08 16:50:42 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2011.05.08 16:50:13 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.12.29 23:37:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2010.12.22 19:07:26 | 000,000,551 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\AutoGK.ini
[2010.12.15 13:18:38 | 000,010,752 | ---- | C] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.13 16:29:32 | 000,000,600 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\winscp.rnd
[2010.12.10 17:07:57 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.12.10 14:11:50 | 001,752,372 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.08 14:12:55 | 000,002,063 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat
[2010.12.08 14:11:47 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010.12.05 23:05:05 | 000,007,605 | ---- | C] () -- C:\Users\Andreas\AppData\Local\resmon.resmoncfg
[2010.12.05 21:31:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.12.05 21:30:09 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.12.05 20:56:15 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2010.12.05 20:53:29 | 000,072,304 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe
[2010.12.05 20:49:53 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010.01.27 03:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009.08.27 08:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.01.25 22:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.01.09 00:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2002.10.15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2002.09.17 23:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe
 
========== LOP Check ==========
 
[2011.01.05 17:01:49 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\.minecraft
[2011.12.22 18:47:09 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ALFBanCo4
[2011.05.03 12:27:23 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Autodesk
[2010.12.09 21:55:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\BITS
[2011.09.04 21:30:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Braid
[2011.08.11 15:41:21 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Brawsome
[2011.01.10 18:03:20 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Broken Rules
[2010.12.08 16:51:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Canneverbe Limited
[2010.12.13 00:46:56 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Cherry
[2010.12.08 11:10:02 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DAEMON Tools Lite
[2011.01.10 22:23:00 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DocClockGame
[2011.12.25 11:55:08 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Dropbox
[2011.08.13 19:16:42 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DVDVideoSoft
[2011.08.13 12:35:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.10 20:00:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FireShot
[2010.12.10 13:43:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FlashGet
[2010.12.08 14:11:41 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FlashGetBHO
[2011.11.12 13:29:30 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\fotw
[2010.12.12 04:23:52 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Foxit Software
[2011.07.10 14:45:43 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Fujitsu
[2011.03.06 18:42:08 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\gtk-2.0
[2010.12.22 15:18:46 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\HandBrake
[2011.11.05 12:40:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Heinz Nixdorf Institut
[2011.03.07 15:03:55 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\JavaEditor
[2011.08.21 22:43:59 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\LucasArts
[2011.11.13 22:47:26 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Nicalis
[2011.02.27 21:18:55 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Nokia
[2011.01.07 14:12:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\OpenOffice.org
[2011.07.10 14:47:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PFU
[2010.12.13 22:49:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PMS
[2011.02.24 16:45:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Processing
[2010.12.05 21:41:45 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\QIP
[2011.12.25 02:45:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Spyware Terminator
[2011.10.07 14:53:59 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Subversion
[2011.08.11 00:03:46 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\System
[2010.12.17 15:35:28 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Systweak
[2010.12.05 23:34:20 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Thunderbird
[2011.11.20 18:55:00 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TS3Client
[2011.02.13 19:25:39 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Tunngle
[2011.11.04 01:03:50 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\VDownloader
[2011.11.14 00:08:17 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Wargaming.net
[2011.08.11 00:10:53 | 000,000,000 | -HSD | M] -- C:\Users\Andreas\AppData\Roaming\wyUpdate AU
[2011.12.03 11:46:51 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

--- --- ---

[/Code]

Extra.txt
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 25.12.2011 14:34:52 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Andreas\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 38,12% Memory free
7,99 Gb Paging File | 5,30 Gb Available in Paging File | 66,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,80 Gb Total Space | 3,00 Gb Free Space | 5,37% Space Free | Partition Type: NTFS
Drive D: | 372,61 Gb Total Space | 26,79 Gb Free Space | 7,19% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 753,60 Gb Free Space | 80,90% Space Free | Partition Type: NTFS
Drive H: | 931,51 Gb Total Space | 637,24 Gb Free Space | 68,41% Space Free | Partition Type: NTFS
 
Computer Name: ANDREAS-PC | User Name: Andreas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de
"{197B3774-B7E6-4D50-AD0D-7F99B1E264D2}" = Microsoft SQL Server System CLR Types (x64)
"{1D5F34D0-6329-4D92-B81A-E24E9028910C}" = Crystal Reports Basic Runtime German Language Pack for Visual Studio 2008 (x64)
"{1DD03A94-C815-46EF-A43A-B36694002A7C}" = TortoiseSVN 1.6.16.21511 (64 bit)
"{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{29421E62-F88F-45F1-8686-8EAE6748AE59}" = Turbo Squid Tentacles 3ds Max 2009 64-bit
"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{391ED0B2-B886-A6D0-B1A6-C25A7FE5B452}" = ATI AVIVO64 Codecs
"{47BA3A3A-6B4E-307F-A43B-724079FE90C6}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{5D068141-189F-39E2-A052-E40D4B561256}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60A95961-E9F4-17C6-2A91-578C34ED9A0C}" = ATI Catalyst Install Manager
"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
"{64A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24 (64-bit)
"{6DF41AAD-B5F7-84BE-37F5-4C93184F5FBE}" = ccc-utility64
"{723C8298-C7B0-0407-A1B6-C3BA6F3FFAB1}" = Autodesk 3ds Max 2012 64-bit - German
"{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7ECA1AEA-2B61-3DE6-8276-6A9A2693F111}" = Microsoft Device Emulator (64 Bit) Version 3.0 - DEU
"{83ED5086-5D6B-698F-5CD4-2F631DA8FD69}" = AMD Drag and Drop Transcoding
"{8583E7E3-2237-4981-B957-E28E5E9AB678}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools
"{AC888A60-9557-3B74-B52B-F353D01BD544}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - deu
"{ACD875CC-A146-3125-8F99-D3766F46FD86}" = Visual Studio .NET Prerequisites - English
"{B49673F8-7AB6-4A14-8213-C8A7BE370010}" = UltraMon
"{BC741628-0AFC-405C-8946-DD46D1005A0A}" = 64 Bit HP CIO Components Installer
"{C31A4909-9C18-3121-AAD4-EAD92013B6E5}" = Microsoft Visual Studio 2008 Remote Debugger - DEU
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E0FE1E14-3A7A-4DB0-9FFA-0DD945AE84DB}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät
"{EA234BC3-39FE-4734-B72F-076086889F6D}" = Composite 2012 64-bit
"{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"Autodesk 3ds Max 2012 64-bit - German" = Autodesk 3ds Max 2012 64-bit - German
"Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit" = Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit
"GPL Ghostscript 9.02" = GPL Ghostscript
"GSview 4.9" = GSview 4.9
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2008 Remote Debugger - DEU" = Microsoft Visual Studio 2008 Remote Debugger - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{07BFA98D-6DB0-6D9C-95D5-7EF347AF587B}" = HydraVision
"{08DA8E46-ED67-451A-9246-50E0FF6959C9}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}" = Visual C++ 2008 x64 Runtime - (v9.0.30729)
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01" = Visual C++ 2008 x64 Runtime - v9.0.30729.01
"{105E14C1-C2C6-486F-81B0-3217DFDA1086}" = QAliber VS 2008 Plugin
"{11477E2B-84F7-4ED6-AA41-BFEEE3925A02}" = NVIDIA Developer Tools Software Activation
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{14469957-C777-49D6-B937-69F31F756A66}" = ScanSnap
"{18E1FD72-60FA-3E10-A66B-640970B5559F}" = Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1C3ADB5F-750E-4453-AC98-B75C5323845C}" = Microsoft SQL Server Compact 3.5 for Devices DEU
"{1D33BBA9-75E5-7B82-9776-277DEA2C4BA2}" = Catalyst Control Center Graphics Previews Vista
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.7
"{20D197D0-8E7B-42A5-B58E-8E510350F352}" = QAliber Test Builder
"{2198B991-FCB1-F74E-26C9-5F7127B9DB0F}" = ccc-core-static
"{22E23C71-C27A-3F30-8849-BB6129E50679}" = Visual C++ 2008 IA64 Runtime - (v9.0.30729)
"{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01" = Visual C++ 2008 IA64 Runtime - v9.0.30729.01
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{2FB04107-7BC2-449C-915A-530B29B5E0FE}" = UE3Redist
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3924C3E7-C440-4B23-9740-9A9EC0545F21}" = Crystal Reports Basic German Language Pack for Visual Studio 2008
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3A880920-8CCB-4847-A1BD-A97644FD18B3}_is1" = QAliber Test Suite 1.0
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2012.0.0
"{3F0BBF8C-9BAF-5F16-A2BF-B513D528F1B9}" = Catalyst Control Center Graphics Previews Common
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3F8D9A47-9C50-3F46-8F12-B92DD5CA0A2E}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.6161)
"{3F8D9A47-9C50-3F46-8F12-B92DD5CA0A2E}.vc_x86runtime_30729_6161" = Visual C++ 2008 x86 Runtime - v9.0.30729.6161
"{445174EA-3D3A-308E-84AD-446127E71441}" = Microsoft Visual Studio 2008 Professional Edition - DEU
"{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"{45410935-B52C-468A-A836-0D1000038201}" = BulletStorm
"{45410935-B52C-468A-A836-0D1000058201}" = BulletStorm
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}" = Microsoft Document Explorer 2008 Language Pack - DEU
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5DB161C0-7C9C-41D7-8DA1-CB112F60946B}" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"{5FFEC1CA-DD48-43C4-8BA1-01A82B2C8837}" = QIP 2010 4444 Jeak-Edition
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{60E2C8C9-6CF3-4B1A-9618-E304946C94E6}" = Python 2.4.4
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1" = Java-Editor 9.19b, 2010.01.31
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{6B6383FE-C0CE-479A-BDDF-BD34579B676A}" = NVIDIA FX Composer 2.5
"{6D1496ED-3150-FCD5-CA3B-4C08B89D00D0}" = Catalyst Control Center Localization All
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{721B5CF0-D220-4955-BB6F-EBCFB1096DE7}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{7B33F480-496D-334A-BAC2-205DEC0CBC2D}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)
"{7B33F480-496D-334A-BAC2-205DEC0CBC2D}.vc_x86runtime_30729_4148" = Visual C++ 2008 x86 Runtime - v9.0.30729.4148
"{7C3228AC-BDE5-448E-8C01-E39BB0782DE8}" = Motorola Software Update
"{803910CC-3A39-45E3-A594-0D5512A60A86}" = Microsoft Silverlight 4 SDK - Deutsch
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{84F3557A-A7F2-47D7-9242-5DC623261213}" = ScanSnap Organizer
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Hilfe
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0407-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (German) 2007
"{90120000-0021-0407-0000-0000000FF1CE}_VisualWebDeveloper_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.VISIOR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.VISIOR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.VISIOR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.VISIOR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{91DDF870-EE18-44D8-9D93-F4C122B80908}" = Seagate Drive Settings Installer
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{990DB057-BB98-4FD8-8442-ACFCB0DB5CAF}" = GLEE
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{A0855EE1-F653-3A5A-C7AF-D6CC3BF7A506}" = Catalyst Control Center InstallProxy
"{A0D2B948-BB85-589F-D283-2145A54BB11B}" = CCC Help English
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.6.943
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{B1060346-9388-4C5B-AA52-176C39819E43}" = Microsoft .NET Compact Framework 2.0 SP2
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B4552068-73FD-406A-816B-2196F4DFCF75}" = NVIDIA FX Composer 2.5 Shader Debugger plugin
"{B5751715-EC10-43D9-8C95-62E1368433EF}" = Autodesk Material Library Medium Resolution Image Library 2012
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.48 (April 23, 2011) Version v2011.build.48
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{C08DB64D-E569-41A8-8405-5B6F53FCA7C2}" = Microsoft Visual Studio 2008 SDK 1.1
"{C10AD9B6-5039-473C-9C0A-E2A7D50C159C}" = OMEGA Process Modeller
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{DA7F48EF-5F56-45FE-9169-3B8159A7A323}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}" = ScanSnap Manager
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{E58F3B88-3B3E-4F85-9323-04789D979C15}" = ScanSnap Organizer
"{E64B588A-56D5-4061-A9E1-1C388C34B763}" = QAliber Agent
"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012
"{ED56EF4F-35FF-48D4-B616-A66E791EF1B6}" = Die Siedler 2 - Die nächste Generation
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7B32144-0618-495B-8BA3-8A5B8037F72F}" = mental mill (R) Artist Edition
"{F7DAC756-8358-484B-928C-457F4E0E4B82}" = Cherry Smart Device Package V1.10 Build 4
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Alf-BanCo4_is1" = ALF-BanCo 4
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"Cg Toolkit_is1" = NVIDIA Cg Toolkit 3.0 February 2011
"CMake" = CMake 2.8, a cross-platform, open-source build system
"CToolbar_UNINSTALL" = Web Security Guard with Crawler Toolbar
"DDA23392-9C73-4909-A221-BC12C6D2664D" = GmoteServer
"DiskSpeed32" = DiskSpeed32
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FastStone Capture" = FastStone Capture 5.3
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FlashGet" = FlashGet 1.9.6.1073
"Foxit Reader" = Foxit Reader
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.7.804
"GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"ggobi" = GGobi Interactive Graphics Platform
"Gtk+ Runtime Environment" = Gtk+ Runtime Environment 2.12.9-2
"Handbrake" = Handbrake 0.9.4
"InstallShield_{2FB04107-7BC2-449C-915A-530B29B5E0FE}" = UE3Redist
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1
"InstallShield_{91DDF870-EE18-44D8-9D93-F4C122B80908}" = Seagate Drive Settings Installer
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Document Explorer 2008 Language Pack - DEU" = Microsoft Document Explorer 2008 Language Pack - DEU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"Microsoft Visual Studio 2008 Professional Edition - DEU" = Microsoft Visual Studio 2008 Professional Edition - DEU
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"Office14.VISIOR" = Microsoft Visio Professional 2010
"OpenAL" = OpenAL
"RevengeOfTheTitansHIB" = Revenge of the Titans HIB (remove only)
"Shader Designer_is1" = Shader Designer 1.5.9.4
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 102600" = Orcs Must Die!
"Steam App 10680" = Aliens vs. Predator
"Steam App 12500" = Puzzle Quest
"Steam App 22000" = World of Goo
"Steam App 22180" = Penumbra: Overture
"Steam App 34010" = Alpha Protocol
"Steam App 37420" = Ben There, Dan That!
"Steam App 400" = Portal
"Steam App 41210" = Eufloria
"Steam App 4540" = Titan Quest
"Steam App 4550" = Titan Quest: Immortal Throne
"Steam App 6200" = Ghost Master
"Steam App 630" = Alien Swarm
"Steam App 72200" = Universe Sandbox
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 80200" = Fate of the World
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 99700" = NightSky
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Tunatic" = Tunatic
"Tunngle beta_is1" = Tunngle beta
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU" = Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.1.11
"VMware_Workstation" = VMware Workstation
"VobSub" = VobSub v2.23 (Remove Only)
"Winamp" = Winamp
"Windows7FirewallControl_is1" = Windows7FirewallControl (i386) 4.0.144.38
"WinPcapInst" = WinPcap 4.1.1
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced Archive Password Recovery" = Advanced Archive Password Recovery
"Dropbox" = Dropbox
"FXAA Post Process Injector" = FXAA Post Process Injector
"Google Chrome" = Google Chrome
"ShadowMapping" = ShadowMapping
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---

[/Code]
__________________

Alt 25.12.2011, 17:51   #4
Anubis2019
 
BKA/Ukash-Trojaner/Virus und seine Folgen - Standard

BKA/Ukash-Trojaner/Virus und seine Folgen



protection log
Code:
ATTFilter
12:01:18	Andreas	MESSAGE	Protection started successfully
12:01:22	Andreas	MESSAGE	IP Protection started successfully
12:02:17	Andreas	ERROR	Scheduled update failed:  I/O error failed with error code 2
12:15:30	Andreas	IP-BLOCK	58.241.216.207 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
12:34:02	Andreas	IP-BLOCK	212.113.33.142 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
12:34:28	Andreas	IP-BLOCK	62.45.221.68 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
12:42:37	Andreas	IP-BLOCK	58.241.21.226 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
12:43:41	Andreas	IP-BLOCK	212.117.179.52 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
12:45:09	Andreas	IP-BLOCK	58.241.40.75 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
12:58:55	Andreas	IP-BLOCK	188.130.176.7 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
13:05:38	Andreas	IP-BLOCK	62.45.232.153 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
13:28:20	Andreas	IP-BLOCK	218.9.208.142 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
13:30:44	Andreas	IP-BLOCK	89.28.116.78 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
13:33:44	Andreas	IP-BLOCK	58.240.104.30 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
13:35:52	Andreas	IP-BLOCK	62.45.221.68 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
13:42:56	Andreas	IP-BLOCK	222.65.255.111 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
13:46:41	Andreas	IP-BLOCK	218.8.173.89 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
14:00:57	Andreas	IP-BLOCK	222.70.128.131 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
14:01:21	Andreas	IP-BLOCK	79.135.150.182 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
14:05:21	Andreas	IP-BLOCK	212.117.163.239 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
14:15:38	Andreas	IP-BLOCK	212.117.179.52 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
14:16:10	Andreas	IP-BLOCK	98.142.246.148 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
14:16:42	Andreas	IP-BLOCK	58.241.40.75 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
14:19:14	Andreas	IP-BLOCK	91.218.38.214 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
14:28:35	Andreas	IP-BLOCK	83.243.13.40 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
14:28:43	Andreas	IP-BLOCK	89.28.100.109 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
14:30:59	Andreas	IP-BLOCK	79.135.150.182 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
14:31:55	Andreas	IP-BLOCK	58.241.40.75 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
14:33:47	Andreas	IP-BLOCK	218.9.172.13 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
14:35:23	Andreas	IP-BLOCK	58.241.86.78 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
14:44:51	Andreas	IP-BLOCK	212.117.179.52 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
14:47:08	Andreas	IP-BLOCK	85.234.172.178 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
14:59:16	Andreas	IP-BLOCK	91.203.147.75 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
15:01:32	Andreas	IP-BLOCK	85.234.172.178 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
15:16:45	Andreas	IP-BLOCK	85.234.172.178 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
15:19:17	Andreas	IP-BLOCK	58.240.184.206 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
15:19:49	Andreas	IP-BLOCK	58.240.184.206 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
15:20:45	Andreas	IP-BLOCK	62.45.221.68 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
15:32:46	Andreas	IP-BLOCK	85.234.172.178 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
15:45:34	Andreas	IP-BLOCK	218.9.123.149 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
15:45:58	Andreas	IP-BLOCK	212.113.33.227 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
15:47:10	Andreas	IP-BLOCK	85.234.172.178 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
15:47:58	Andreas	IP-BLOCK	89.28.41.79 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
16:02:31	Andreas	IP-BLOCK	85.234.172.178 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
16:06:40	Andreas	IP-BLOCK	58.240.194.188 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
16:08:32	Andreas	IP-BLOCK	89.28.123.215 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
16:13:52	Andreas	IP-BLOCK	91.188.50.210 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
16:15:04	Andreas	IP-BLOCK	58.241.227.13 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
16:17:45	Andreas	IP-BLOCK	85.234.172.178 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
16:18:41	Andreas	IP-BLOCK	121.125.68.226 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
16:24:02	Andreas	IP-BLOCK	89.28.123.215 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
16:32:18	Andreas	IP-BLOCK	91.188.37.145 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
16:32:42	Andreas	IP-BLOCK	85.234.172.178 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
16:35:07	Andreas	IP-BLOCK	58.240.104.30 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
16:36:35	Andreas	IP-BLOCK	219.152.77.140 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
16:45:31	Andreas	IP-BLOCK	58.241.227.13 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
16:49:39	Andreas	IP-BLOCK	218.9.172.13 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
17:01:16	Andreas	IP-BLOCK	212.117.167.212 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
17:02:36	Andreas	IP-BLOCK	85.234.172.178 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
17:07:00	Andreas	IP-BLOCK	62.45.232.153 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
17:16:53	Andreas	IP-BLOCK	109.95.112.240 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
17:18:13	Andreas	IP-BLOCK	85.234.172.178 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
17:18:37	Andreas	IP-BLOCK	124.217.231.117 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
17:18:45	Andreas	IP-BLOCK	91.215.156.70 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
17:33:26	Andreas	IP-BLOCK	58.241.141.70 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
17:45:18	Andreas	IP-BLOCK	121.10.137.43 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
17:48:55	Andreas	IP-BLOCK	58.240.184.10 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
17:50:23	Andreas	IP-BLOCK	212.113.33.142 (Type: outgoing, Port: 6881, Process: spywareterminatorupdate.exe)
         
mbam log
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 911122501

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

25.12.2011 13:41:07
mbam-log-2011-12-25 (13-41-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|H:\|)
Durchsuchte Objekte: 790439
Laufzeit: 1 Stunde(n), 39 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
CCcleaner
Code:
ATTFilter
@BIOS	GIGABYTE	04.12.2010		2.08
Adobe Flash Player 10 ActiveX 64-bit	Adobe Systems Incorporated	14.05.2011	6,00MB	10.3.162.28
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	28.02.2011	6,00MB	10.2.152.32
Adobe Flash Player 9 ActiveX	Adobe Systems Incorporated	15.04.2011		9
Adobe Reader X (10.1.1) - Deutsch	Adobe Systems Incorporated	30.10.2011	119,2MB	10.1.1
Adobe SVG Viewer 3.0		31.10.2011		 3.0
Advanced Archive Password Recovery	ElcomSoft Co. Ltd.	14.01.2011		4.53
ALF-BanCo 4	ALF AG	12.12.2010	48,7MB	
Alien Swarm	Valve	10.12.2010		
Aliens vs. Predator	Rebellion	12.12.2010		
Alpha Protocol	Obsidian Entertainment	21.08.2011		
ATI Catalyst Install Manager	ATI Technologies, Inc.	04.12.2010	22,4MB	3.0.795.0
Autodesk 3ds Max 2012 64-bit - German	Autodesk	02.05.2011		14.0
Autodesk Backburner 2012.0.0	Autodesk, Inc.	02.05.2011	13,0MB	2012.0.0
Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit	Autodesk	02.05.2011		
Autodesk Material Library 2012	Autodesk	02.05.2011	97,9MB	2.5.0.8
Autodesk Material Library Base Resolution Image Library 2012	Autodesk	02.05.2011	71,4MB	2.5.0.8
Autodesk Material Library Medium Resolution Image Library 2012	Autodesk	02.05.2011	740MB	2.5.0.8
Avira Free Antivirus	Avira	21.12.2011	104,8MB	12.0.0.872
AviSynth 2.5		21.12.2010		
Ben There, Dan That!	Zombie Cow	12.11.2011		
Bulletstorm	EA	08.05.2011		1.0.0000.130
CCleaner	Piriform	24.12.2011		3.14
CDBurnerXP	CDBurnerXP	07.12.2010	11,2MB	4.3.8.2474
Cherry Smart Device Package V1.10 Build 4	ZF Electronics GmbH	12.12.2010	11,3MB	1.10.0.4
CMake 2.8, a cross-platform, open-source build system	Kitware	21.02.2011		2.8.4
Composite 2012 64-bit	Autodesk	02.05.2011	387MB	7.0.0
Counter-Strike	Valve	05.12.2010		
Crysis® 2	Electronic Arts	06.06.2011	3.661MB	1.0.0.0
Crystal Reports Basic for Visual Studio 2008	Business Objects	06.10.2011	173,2MB	10.5.0.0
Crystal Reports Basic German Language Pack for Visual Studio 2008	Business Objects	06.10.2011	19,1MB	10.5.0.0
Crystal Reports Basic Runtime for Visual Studio 2008 (x64)	Business Objects	06.10.2011	64,6MB	10.5.0.0
Crystal Reports Basic Runtime German Language Pack for Visual Studio 2008 (x64)	Business Objects	06.10.2011	2,51MB	10.5.0.0
Die Siedler 2 - Die nächste Generation	UBISOFT	01.10.2011		1.00.0000
DiskSpeed32		10.05.2011		3, 0, 0, 5
Dropbox	Dropbox, Inc.	15.12.2011		1.2.49
Easy Tune 6 B10.0516.1	GIGABYTE	04.12.2010	26,5MB	1.00.0000
Eufloria		09.01.2011		
FastStone Capture 5.3	FastStone Soft	10.05.2011		5.3
Fate of the World		10.11.2011		
ffdshow [rev 2527] [2008-12-19]		09.12.2010		1.0
FlashGet 1.9.6.1073	hxxp://www.FlashGet.com	09.12.2010		1.9.6.1073
Foxit Reader	Foxit Corporation	11.12.2010	11,1MB	4.3.0.1110
Free YouTube to MP3 Converter version 3.10.7.804	DVDVideoSoft Limited.	12.08.2011	45,3MB	
FXAA Post Process Injector		03.12.2011		
GGobi Interactive Graphics Platform		05.03.2011		
Ghost Master	Empire Interactive	12.11.2011		
Gigabyte Raid Configurer	GIGABYTE Technologies, Inc.	04.12.2010		1.00.0001
GLEE	Microsoft Research	07.10.2011	6,18MB	1.0.000
GmoteServer	Gmote.org	04.12.2011		2.0.2
Google Chrome	Google Inc.	09.08.2011		16.0.912.63
GPL Ghostscript	Artifex Software Inc.	22.04.2011		9.02
GSview 4.9		22.04.2011		
Gtk+ Runtime Environment 2.12.9-2		05.03.2011		2.12.9-2
Handbrake 0.9.4		21.12.2010		0.9.4
HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät	Hewlett-Packard Co.	21.12.2011	180,5MB	22.50.231.0
HP Officejet Pro 8500 A910 Hilfe	Hewlett Packard	21.12.2011	24,2MB	140.0.2.2
I.R.I.S. OCR	HP	21.12.2011	69,0MB	12.3.4.0
Java(TM) 6 Update 20	Sun Microsystems, Inc.	06.01.2011	97,2MB	6.0.200
Java(TM) 6 Update 24	Oracle	12.12.2010	95,0MB	6.0.240
Java(TM) 6 Update 24 (64-bit)	Oracle	06.03.2011	90,8MB	6.0.240
Java(TM) SE Development Kit 6 Update 24	Oracle	06.04.2011	127,9MB	1.6.0.240
Java(TM) SE Development Kit 6 Update 24 (64-bit)	Oracle	06.03.2011	146,0MB	1.6.0.240
Java-Editor 9.19b, 2010.01.31	Gerhard Röhner	06.03.2011	8,28MB	
JDownloader	AppWork UG (haftungsbeschränkt)	12.12.2010		
JDownloader 0.9	AppWork GmbH	21.05.2011		0.9
Logitech Harmony Remote Software	Logitech	18.03.2011		0.6.0201
Logitech Harmony Remote Software 7	Logitech	21.03.2011		7.7.0.0
Malwarebytes' Anti-Malware Version 1.51.2.1300	Malwarebytes Corporation	24.12.2011	13,8MB	1.51.2.1300
mental mill (R) Artist Edition	mental images GmbH	07.05.2011	132,0MB	1.0
Microsoft .NET Compact Framework 2.0 SP2	Microsoft Corporation	06.10.2011	93,2MB	2.0.7045
Microsoft .NET Compact Framework 3.5	Microsoft Corporation	06.10.2011	81,5MB	3.5.7283
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	06.12.2010	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	21.02.2011	2,94MB	4.0.30319
Microsoft .NET Framework 4 Extended	Microsoft Corporation	21.02.2011	52,0MB	4.0.30319
Microsoft .NET Framework 4 Extended DEU Language Pack	Microsoft Corporation	21.02.2011	10,7MB	4.0.30319
Microsoft ASP.NET MVC 2 - DEU	Microsoft Corporation	21.02.2011	25,00KB	2.0.50331.0
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU	Microsoft Corporation	21.02.2011	2,07MB	2.0.50331.0
Microsoft Device Emulator (64 Bit) Version 3.0 - DEU	Microsoft Corporation	06.10.2011	2,33MB	9.0.21022
Microsoft DirectX SDK (June 2010)	Microsoft Corporation	07.10.2011		9.29.1962.0
Microsoft Document Explorer 2008	Microsoft Corporation	06.10.2011		
Microsoft Document Explorer 2008 Language Pack - DEU	Microsoft Corporation	06.10.2011		
Microsoft Games for Windows - LIVE Redistributable	Microsoft Corporation	09.05.2011	31,3MB	3.5.88.0
Microsoft Games for Windows Marketplace	Microsoft Corporation	09.05.2011	6,04MB	3.5.50.0
Microsoft Help Viewer 1.0 Language Pack - DEU	Microsoft Corporation	21.02.2011	1,95MB	1.0.30319
Microsoft Office Enterprise 2007	Microsoft Corporation	09.05.2011		12.0.6425.1000
Microsoft Silverlight	Microsoft Corporation	13.10.2011	145,8MB	4.0.60831.0
Microsoft Silverlight 3 SDK - Deutsch	Microsoft Corporation	21.02.2011	32,8MB	3.0.40818.0
Microsoft Silverlight 4 SDK - Deutsch	Microsoft Corporation	06.10.2011	52,4MB	4.0.50826.0
Microsoft SQL Server 2005	Microsoft Corporation	06.10.2011		
Microsoft SQL Server 2008 R2 Data-Tier Application Project	Microsoft Corporation	21.02.2011	14,1MB	10.50.1447.4
Microsoft SQL Server 2008 R2 Management Objects	Microsoft Corporation	21.02.2011	17,2MB	10.50.1447.4
Microsoft SQL Server 2008 R2 Management Objects (x64)	Microsoft Corporation	21.02.2011	10,4MB	10.50.1447.4
Microsoft SQL Server 2008 R2 Transact-SQL Language Service	Microsoft Corporation	21.02.2011	5,41MB	10.50.1447.4
Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework	Microsoft Corporation	21.02.2011	0,37MB	10.50.1447.4
Microsoft SQL Server Compact 3.5 for Devices DEU	Microsoft Corporation	06.10.2011	46,5MB	3.5.5386.0
Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)	Microsoft Corporation	07.10.2011	9,09MB	3.5.5692.0
Microsoft SQL Server Compact 3.5 SP2 DEU	Microsoft Corporation	21.02.2011	3,69MB	3.5.8080.0
Microsoft SQL Server Compact 3.5 SP2 x64 DEU	Microsoft Corporation	21.02.2011	4,81MB	3.5.8080.0
Microsoft SQL Server Database Publishing Wizard 1.3	Microsoft Corporation	07.10.2011	10,4MB	10.0.1600.22
Microsoft SQL Server Native Client	Microsoft Corporation	07.10.2011	5,89MB	9.00.5000.00
Microsoft SQL Server System CLR Types	Microsoft Corporation	21.02.2011	2,55MB	10.50.1447.4
Microsoft SQL Server System CLR Types (x64)	Microsoft Corporation	21.02.2011	0,81MB	10.50.1447.4
Microsoft SQL Server VSS Writer	Microsoft Corporation	07.10.2011	1,12MB	9.00.5000.00
Microsoft Sync Framework Runtime v1.0 SP1 (x64) de	Microsoft Corporation	21.02.2011	1,04MB	1.0.3010.0
Microsoft Sync Framework SDK v1.0 SP1 de	Microsoft Corporation	21.02.2011	30,0MB	1.0.3010.0
Microsoft Sync Framework Services v1.0 SP1 (x64) de	Microsoft Corporation	21.02.2011	2,89MB	1.0.3010.0
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de	Microsoft Corporation	21.02.2011	0,58MB	2.0.3010.0
Microsoft Team Foundation Server 2010-Objektmodell - DEU	Microsoft Corporation	06.10.2011		10.0.30319
Microsoft Visio Professional 2010	Microsoft Corporation	10.11.2011		14.0.6029.1000
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	07.10.2011	0,29MB	8.0.61001
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	07.10.2011	0,77MB	9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	07.10.2011	1,41MB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	07.10.2011	0,57MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	07.10.2011	0,59MB	9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319	Microsoft Corporation	14.10.2011	13,7MB	10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	24.10.2011	12,3MB	10.0.40219
Microsoft Visual F# 2.0 Runtime	Microsoft Corporation	21.02.2011	5,82MB	10.0.30319
Microsoft Visual F# 2.0 Runtime Language Pack - DEU	Microsoft Corporation	21.02.2011	1,30MB	10.0.30319
Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack	Microsoft Corporation	07.10.2011		
Microsoft Visual Studio 2008 Professional Edition - DEU	Microsoft Corporation	07.10.2011		
Microsoft Visual Studio 2008 Remote Debugger - DEU	Microsoft Corporation	07.10.2011		
Microsoft Visual Studio 2008 SDK 1.1	Microsoft Corporation	07.10.2011	418MB	9.0.30820
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)	Microsoft Corporation	21.02.2011		10.0.30319
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU	Microsoft Corporation	21.02.2011		10.0.30319
Microsoft Visual Studio Web Authoring Component	Microsoft Corporation	07.10.2011		12.0.4518.1066
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - deu	Microsoft Corporation	07.10.2011	44,1MB	3.5.21022
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries	Microsoft Corporation	07.10.2011	115,0MB	6.1.5288.17011
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense	Microsoft Corporation	07.10.2011	6,65MB	6.1.5288.17011
Microsoft Windows SDK for Visual Studio 2008 SP1 Tools	Microsoft Corporation	07.10.2011	15,6MB	6.1.5294.17011
Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools	Microsoft Corporation	07.10.2011	20,1MB	6.1.5294.17011
Microsoft WSE 3.0 Runtime	Microsoft Corp.	15.04.2011	0,92MB	3.0.5305.0
Microsoft Xbox 360 Accessories 1.2	Microsoft	16.12.2010	7,79MB	1.20.146.0
Motorola Software Update	Motorola	19.03.2011	59,7MB	01.16.08
Mozilla Firefox 8.0 (x86 de)	Mozilla	08.11.2011	35,6MB	8.0
Mozilla Thunderbird (8.0)	Mozilla	09.11.2011		8.0 (de)
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	20.03.2011	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	20.03.2011	1,33MB	4.20.9876.0
NEC Electronics USB 3.0 Host Controller Driver	NEC Electronics Corporation	04.12.2010	0,97MB	1.0.18.0
Nexus Mod Manager	Black Tree Gaming	17.12.2011	7,22MB	0.12.18
NightSky		10.11.2011		
NVIDIA Cg Toolkit 3.0 February 2011	NVIDIA Corporation	07.05.2011	88,6MB	
NVIDIA Developer Tools Software Activation		07.05.2011		1.0
NVIDIA FX Composer 2.5		07.05.2011		2.5
NVIDIA FX Composer 2.5 Shader Debugger plugin		07.05.2011		1.00.000
NVIDIA PhysX	NVIDIA Corporation	22.10.2011	78,9MB	9.10.0513
OMEGA Process Modeller	UNITY	10.11.2011	21,3MB	3.2.0
OpenAL		07.08.2011		
OpenOffice.org 3.2	OpenOffice.org	06.01.2011	364MB	3.2.9502
Orcs Must Die!		23.11.2011		
PDFCreator	Frank Heindörfer, Philip Chinery	17.04.2011		1.2.0
Penumbra: Overture	Frictional Games	21.12.2010		
Portal	Valve	05.05.2011		
Pro Evolution Soccer 2011	KONAMI	16.12.2010	1.637MB	1.00.0000
Pro Evolution Soccer 2012	KONAMI	14.11.2011	2.019MB	1.02.0000
Puzzle Quest	Infinite Interactive	17.09.2011		
Python 2.4.4	Martin v. Löwis	07.05.2011	29,4MB	2.4.4150
QAliber Agent	QAlibers	07.10.2011	0,84MB	1.0.0
QAliber Test Builder	QAlibers	07.10.2011	2,94MB	1.0.0
QAliber Test Suite 1.0	QAlibers (c)	07.10.2011	21,0MB	
QAliber VS 2008 Plugin	QAlibers	07.10.2011	2,20MB	1.0.0
QIP 2010 4444 Jeak-Edition	jeak.de	04.12.2010	19,0MB	3.0.4444
Realtek Ethernet Controller Driver For Windows 7	Realtek	04.12.2010		7.18.322.2010
Realtek HDMI Audio Driver for ATI	Realtek Semiconductor Corp.	04.12.2010		6.0.1.6034
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	04.12.2010		6.0.1.6083
Remote Control USB Driver		21.03.2011		2.3.2.317
Revenge of the Titans HIB (remove only)		14.12.2010		
ScanSnap Manager	PFU	09.07.2011		V5.1L11
ScanSnap Organizer	PFU	09.07.2011		V4.1L11
Seagate Drive Settings Installer	Seagate Technologies LLC	28.05.2011	29,2MB	1.00.0000
Shader Designer 1.5.9.4	TyphoonLabs	24.05.2011		
ShadowMapping	Matthias Grumet	26.05.2011		
Sid Meier's Civilization V	Firaxis Games	09.02.2011		
Skype™ 5.5	Skype Technologies S.A.	20.08.2011	17,0MB	5.5.113
Spyware Terminator 2012	Crawler.com	24.12.2011	19,5MB	3.0.0.50
StarCraft II	Blizzard Entertainment	08.11.2011		1.4.2.20141
SUPER © v2011.build.48 (April 23, 2011) Version v2011.build.48	eRightSoft	23.05.2011	39,5MB	v2011.build.48
TeamSpeak 3 Client	TeamSpeak Systems GmbH	05.12.2010		
The Elder Scrolls V: Skyrim	Bethesda Game Studios	02.12.2011		
Titan Quest	IronLore	18.11.2011		
Titan Quest: Immortal Throne	IronLore	18.11.2011		
TortoiseSVN 1.6.16.21511 (64 bit)	TortoiseSVN	06.10.2011	22,1MB	1.6.21511
Tunatic		12.08.2011		
Tunngle beta	Tunngle.net GmbH	28.12.2010		
Turbo Squid Tentacles 3ds Max 2009 64-bit	Turbo Squid	15.04.2011	8,38MB	3.2.0
UE3Redist	Epic Games	11.12.2010	57,2MB	1.00.0000
UltraMon	Realtime Soft Ltd	05.12.2010	5,87MB	3.0.10
Universe Sandbox		09.08.2011		
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)	Microsoft Corporation	07.10.2011	30,6MB	9.00.5000.00
VDownloader 3.6.943	Vitzo Limited	03.11.2011	37,4MB	
Visual Studio .NET Prerequisites - English	Microsoft Corporation	07.10.2011	2,28MB	9.0.30729
Visual Studio 2005 Tools for Office Second Edition Runtime	Microsoft Corporation	07.10.2011		
Visual Studio Tools for the Office system 3.0 Runtime	Microsoft Corporation	06.10.2011		
Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU	Microsoft Corporation	06.10.2011		
VLC media player 1.1.11	VideoLAN	04.12.2011		1.1.11
VMware Workstation	VMware, Inc	09.12.2010	3.333MB	7.1.3.14951
VobSub v2.23 (Remove Only)		21.12.2010		
WCF RIA Services V1.0 SP1	Microsoft Corporation	06.10.2011	12,3MB	4.1.60114.0
Web Deployment Tool	Microsoft Corporation	21.02.2011	3,10MB	1.1.0618
Web Security Guard with Crawler Toolbar	Crawler, LLC	24.12.2011		
Winamp	Nullsoft, Inc	11.12.2010		5.601 
Windows Live ID Sign-in Assistant	Microsoft Corporation	09.05.2011	10,0MB	6.500.3165.0
Windows Mobile 5.0 SDK R2 for Pocket PC	Microsoft Corporation	06.10.2011	130,4MB	5.00.1700.5.14343.06
Windows Mobile 5.0 SDK R2 for Smartphone	Microsoft Corporation	06.10.2011	79,2MB	5.00.1700.5.14343.06
Windows7FirewallControl (i386) 4.0.144.38	Sphinx Software	04.12.2010		4.0.144.38
WinPcap 4.1.1	CACE Technologies	03.11.2011		4.1.0.1753
WinRAR		06.12.2010		
World of Goo	2D Boy	21.12.2010		
World of Tanks v.0.6.7	Wargaming.net	13.11.2011		
XviD MPEG4 Video Codec (remove only)		21.12.2010
         

Alt 26.12.2011, 14:19   #5
kira
/// Helfer-Team
 
BKA/Ukash-Trojaner/Virus und seine Folgen - Standard

BKA/Ukash-Trojaner/Virus und seine Folgen



1.
Deinstalliere:
Zitat:
Spyware Terminator 2012 Crawler.com
dieses Programm lässt sich durch Adware finanzieren!

2.
Deine Javaversion ist nicht aktuell!
→ Downloade nun die Offline-Version von Java Version 6 Update 30 von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

3.
reinige dein System mit CCleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

4.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

5.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

6.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

7.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 27.12.2011, 20:47   #6
Anubis2019
 
BKA/Ukash-Trojaner/Virus und seine Folgen - Standard

BKA/Ukash-Trojaner/Virus und seine Folgen



SuperAntiSpyware log
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 12/27/2011 at 06:38 PM

Application Version : 5.0.1142

Core Rules Database Version : 8088
Trace Rules Database Version: 5900

Scan type       : Complete Scan
Total Scan Time : 01:06:07

Operating System Information
Windows 7 Professional 64-bit (Build 6.01.7600)
UAC On - Limited User

Memory items scanned      : 785
Memory threats detected   : 0
Registry items scanned    : 75506
Registry threats detected : 0
File items scanned        : 153151
File threats detected     : 68

Adware.Tracking Cookie
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@ad.ad-srv[2].txt [ /ad.ad-srv ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@ad.yieldmanager[1].txt [ /ad.yieldmanager ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@ad.zanox[1].txt [ /ad.zanox ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@adfarm1.adition[2].txt [ /adfarm1.adition ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@adviva[1].txt [ /adviva ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@content.yieldmanager[2].txt [ /content.yieldmanager ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@download1006.mediafire[2].txt [ /download1006.mediafire ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@download859.mediafire[2].txt [ /download859.mediafire ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@files.youporn[1].txt [ /files.youporn ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@media1.gamefront[2].txt [ /media1.gamefront ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@smartadserver[2].txt [ /smartadserver ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@specificclick[2].txt [ /specificclick ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@tracking.mlsat02[1].txt [ /tracking.mlsat02 ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@tracking.quisma[1].txt [ /tracking.quisma ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@traffictrack[1].txt [ /traffictrack ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@unitymedia[2].txt [ /unitymedia ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@webmasterplan[2].txt [ /webmasterplan ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@www.zanox-affiliate[1].txt [ /www.zanox-affiliate ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@yadro[1].txt [ /yadro ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@zanox-affiliate[1].txt [ /zanox-affiliate ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@zanox[2].txt [ /zanox ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\JZCLVR8W.txt [ /doubleclick.net ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\5X6UWT01.txt [ /media6degrees.com ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\BEDA73WT.txt [ /googleads.g.doubleclick.net ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\TKGR6XA8.txt [ Cookie:andreas@smartadserver.com/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\M9AVO4NW.txt [ Cookie:andreas@ad4.adfarm1.adition.com/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\KGH22ECJ.txt [ Cookie:andreas@ad3.adfarm1.adition.com/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@ad.adition[2].txt [ Cookie:andreas@ad.adition.net/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\7P1ZGZZN.txt [ Cookie:andreas@doubleclick.net/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@imrworldwide[2].txt [ Cookie:andreas@imrworldwide.com/cgi-bin ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\TU3HS8JU.txt [ Cookie:andreas@ad.zanox.com/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@counters.gigya[1].txt [ Cookie:andreas@counters.gigya.com/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@zanox-affiliate[2].txt [ Cookie:andreas@zanox-affiliate.de/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\46680IPU.txt [ Cookie:andreas@ad2.adfarm1.adition.com/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@invitemedia[2].txt [ Cookie:andreas@invitemedia.com/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@adviva[1].txt [ Cookie:andreas@adviva.net/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@tradedoubler[2].txt [ Cookie:andreas@tradedoubler.com/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@traffictrack[1].txt [ Cookie:andreas@traffictrack.de/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@banners.thgimages.co[2].txt [ Cookie:andreas@banners.thgimages.co.uk/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@adserver[1].txt [ Cookie:andreas@adserver.gs/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\E8TZSZ3C.txt [ Cookie:andreas@zanox.com/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@www.active-tracking[1].txt [ Cookie:andreas@www.active-tracking.de/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@ad.yieldmanager[2].txt [ Cookie:andreas@ad.yieldmanager.com/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@eas.apm.emediate[2].txt [ Cookie:andreas@eas.apm.emediate.eu/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\HX2IUTDX.txt [ Cookie:andreas@tracking.quisma.com/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@www.googleadservices[2].txt [ Cookie:andreas@www.googleadservices.com/pagead/conversion/1058160226/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@adtech[2].txt [ Cookie:andreas@adtech.de/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@content.yieldmanager[1].txt [ Cookie:andreas@content.yieldmanager.com/ ]
	C:\USERS\ANDREAS\Cookies\JZCLVR8W.txt [ Cookie:andreas@doubleclick.net/ ]
	C:\USERS\ANDREAS\Cookies\andreas@ad.zanox[1].txt [ Cookie:andreas@ad.zanox.com/ ]
	C:\USERS\ANDREAS\Cookies\andreas@zanox-affiliate[1].txt [ Cookie:andreas@zanox-affiliate.de/ ]
	C:\USERS\ANDREAS\Cookies\andreas@content.yieldmanager[2].txt [ Cookie:andreas@content.yieldmanager.com/ ]
	C:\USERS\ANDREAS\Cookies\andreas@adviva[1].txt [ Cookie:andreas@adviva.net/ ]
	C:\USERS\ANDREAS\Cookies\andreas@traffictrack[1].txt [ Cookie:andreas@traffictrack.de/ ]
	C:\USERS\ANDREAS\Cookies\andreas@ad.yieldmanager[1].txt [ Cookie:andreas@ad.yieldmanager.com/ ]
	C:\USERS\ANDREAS\Cookies\andreas@zanox[2].txt [ Cookie:andreas@zanox.com/ ]
	C:\USERS\ANDREAS\Cookies\andreas@tracking.quisma[1].txt [ Cookie:andreas@tracking.quisma.com/ ]
	C:\USERS\ANDREAS\Cookies\andreas@download859.mediafire[2].txt [ Cookie:andreas@download859.mediafire.com/4lrt40ptni6g/udggwj1ntkm/ ]
	C:\USERS\ANDREAS\Cookies\andreas@smartadserver[2].txt [ Cookie:andreas@smartadserver.com/ ]
	C:\USERS\ANDREAS\Cookies\5X6UWT01.txt [ Cookie:andreas@media6degrees.com/ ]
	C:\USERS\ANDREAS\Cookies\andreas@tracking.mlsat02[1].txt [ Cookie:andreas@tracking.mlsat02.de/tmobile/ ]
	C:\USERS\ANDREAS\Cookies\BEDA73WT.txt [ Cookie:andreas@googleads.g.doubleclick.net/ ]
	de.sitestat.com [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ]
	www.blogcounter.de [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ]
         
otl.txt
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 12/27/2011 at 06:38 PM

Application Version : 5.0.1142

Core Rules Database Version : 8088
Trace Rules Database Version: 5900

Scan type       : Complete Scan
Total Scan Time : 01:06:07

Operating System Information
Windows 7 Professional 64-bit (Build 6.01.7600)
UAC On - Limited User

Memory items scanned      : 785
Memory threats detected   : 0
Registry items scanned    : 75506
Registry threats detected : 0
File items scanned        : 153151
File threats detected     : 68

Adware.Tracking Cookie
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@ad.ad-srv[2].txt [ /ad.ad-srv ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@ad.yieldmanager[1].txt [ /ad.yieldmanager ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@ad.zanox[1].txt [ /ad.zanox ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@adfarm1.adition[2].txt [ /adfarm1.adition ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@adviva[1].txt [ /adviva ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@content.yieldmanager[2].txt [ /content.yieldmanager ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@download1006.mediafire[2].txt [ /download1006.mediafire ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@download859.mediafire[2].txt [ /download859.mediafire ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@files.youporn[1].txt [ /files.youporn ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@media1.gamefront[2].txt [ /media1.gamefront ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@smartadserver[2].txt [ /smartadserver ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@specificclick[2].txt [ /specificclick ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@tracking.mlsat02[1].txt [ /tracking.mlsat02 ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@tracking.quisma[1].txt [ /tracking.quisma ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@traffictrack[1].txt [ /traffictrack ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@unitymedia[2].txt [ /unitymedia ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@webmasterplan[2].txt [ /webmasterplan ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@www.zanox-affiliate[1].txt [ /www.zanox-affiliate ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@yadro[1].txt [ /yadro ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@zanox-affiliate[1].txt [ /zanox-affiliate ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@zanox[2].txt [ /zanox ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\JZCLVR8W.txt [ /doubleclick.net ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\5X6UWT01.txt [ /media6degrees.com ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\BEDA73WT.txt [ /googleads.g.doubleclick.net ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\TKGR6XA8.txt [ Cookie:andreas@smartadserver.com/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\M9AVO4NW.txt [ Cookie:andreas@ad4.adfarm1.adition.com/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\KGH22ECJ.txt [ Cookie:andreas@ad3.adfarm1.adition.com/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@ad.adition[2].txt [ Cookie:andreas@ad.adition.net/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\7P1ZGZZN.txt [ Cookie:andreas@doubleclick.net/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@imrworldwide[2].txt [ Cookie:andreas@imrworldwide.com/cgi-bin ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\TU3HS8JU.txt [ Cookie:andreas@ad.zanox.com/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@counters.gigya[1].txt [ Cookie:andreas@counters.gigya.com/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@zanox-affiliate[2].txt [ Cookie:andreas@zanox-affiliate.de/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\46680IPU.txt [ Cookie:andreas@ad2.adfarm1.adition.com/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@invitemedia[2].txt [ Cookie:andreas@invitemedia.com/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@adviva[1].txt [ Cookie:andreas@adviva.net/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@tradedoubler[2].txt [ Cookie:andreas@tradedoubler.com/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@traffictrack[1].txt [ Cookie:andreas@traffictrack.de/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@banners.thgimages.co[2].txt [ Cookie:andreas@banners.thgimages.co.uk/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@adserver[1].txt [ Cookie:andreas@adserver.gs/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\E8TZSZ3C.txt [ Cookie:andreas@zanox.com/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@www.active-tracking[1].txt [ Cookie:andreas@www.active-tracking.de/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@ad.yieldmanager[2].txt [ Cookie:andreas@ad.yieldmanager.com/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@eas.apm.emediate[2].txt [ Cookie:andreas@eas.apm.emediate.eu/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\HX2IUTDX.txt [ Cookie:andreas@tracking.quisma.com/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@www.googleadservices[2].txt [ Cookie:andreas@www.googleadservices.com/pagead/conversion/1058160226/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@adtech[2].txt [ Cookie:andreas@adtech.de/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@content.yieldmanager[1].txt [ Cookie:andreas@content.yieldmanager.com/ ]
	C:\USERS\ANDREAS\Cookies\JZCLVR8W.txt [ Cookie:andreas@doubleclick.net/ ]
	C:\USERS\ANDREAS\Cookies\andreas@ad.zanox[1].txt [ Cookie:andreas@ad.zanox.com/ ]
	C:\USERS\ANDREAS\Cookies\andreas@zanox-affiliate[1].txt [ Cookie:andreas@zanox-affiliate.de/ ]
	C:\USERS\ANDREAS\Cookies\andreas@content.yieldmanager[2].txt [ Cookie:andreas@content.yieldmanager.com/ ]
	C:\USERS\ANDREAS\Cookies\andreas@adviva[1].txt [ Cookie:andreas@adviva.net/ ]
	C:\USERS\ANDREAS\Cookies\andreas@traffictrack[1].txt [ Cookie:andreas@traffictrack.de/ ]
	C:\USERS\ANDREAS\Cookies\andreas@ad.yieldmanager[1].txt [ Cookie:andreas@ad.yieldmanager.com/ ]
	C:\USERS\ANDREAS\Cookies\andreas@zanox[2].txt [ Cookie:andreas@zanox.com/ ]
	C:\USERS\ANDREAS\Cookies\andreas@tracking.quisma[1].txt [ Cookie:andreas@tracking.quisma.com/ ]
	C:\USERS\ANDREAS\Cookies\andreas@download859.mediafire[2].txt [ Cookie:andreas@download859.mediafire.com/4lrt40ptni6g/udggwj1ntkm/ ]
	C:\USERS\ANDREAS\Cookies\andreas@smartadserver[2].txt [ Cookie:andreas@smartadserver.com/ ]
	C:\USERS\ANDREAS\Cookies\5X6UWT01.txt [ Cookie:andreas@media6degrees.com/ ]
	C:\USERS\ANDREAS\Cookies\andreas@tracking.mlsat02[1].txt [ Cookie:andreas@tracking.mlsat02.de/tmobile/ ]
	C:\USERS\ANDREAS\Cookies\BEDA73WT.txt [ Cookie:andreas@googleads.g.doubleclick.net/ ]
	de.sitestat.com [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ]
	www.blogcounter.de [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ]
         
extra.txt
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 12/27/2011 at 06:38 PM

Application Version : 5.0.1142

Core Rules Database Version : 8088
Trace Rules Database Version: 5900

Scan type       : Complete Scan
Total Scan Time : 01:06:07

Operating System Information
Windows 7 Professional 64-bit (Build 6.01.7600)
UAC On - Limited User

Memory items scanned      : 785
Memory threats detected   : 0
Registry items scanned    : 75506
Registry threats detected : 0
File items scanned        : 153151
File threats detected     : 68

Adware.Tracking Cookie
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@ad.ad-srv[2].txt [ /ad.ad-srv ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@ad.yieldmanager[1].txt [ /ad.yieldmanager ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@ad.zanox[1].txt [ /ad.zanox ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@adfarm1.adition[2].txt [ /adfarm1.adition ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@adviva[1].txt [ /adviva ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@content.yieldmanager[2].txt [ /content.yieldmanager ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@download1006.mediafire[2].txt [ /download1006.mediafire ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@download859.mediafire[2].txt [ /download859.mediafire ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@files.youporn[1].txt [ /files.youporn ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@media1.gamefront[2].txt [ /media1.gamefront ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@smartadserver[2].txt [ /smartadserver ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@specificclick[2].txt [ /specificclick ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@tracking.mlsat02[1].txt [ /tracking.mlsat02 ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@tracking.quisma[1].txt [ /tracking.quisma ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@traffictrack[1].txt [ /traffictrack ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@unitymedia[2].txt [ /unitymedia ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@webmasterplan[2].txt [ /webmasterplan ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@www.zanox-affiliate[1].txt [ /www.zanox-affiliate ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@yadro[1].txt [ /yadro ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@zanox-affiliate[1].txt [ /zanox-affiliate ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\andreas@zanox[2].txt [ /zanox ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\JZCLVR8W.txt [ /doubleclick.net ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\5X6UWT01.txt [ /media6degrees.com ]
	C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Cookies\BEDA73WT.txt [ /googleads.g.doubleclick.net ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\TKGR6XA8.txt [ Cookie:andreas@smartadserver.com/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\M9AVO4NW.txt [ Cookie:andreas@ad4.adfarm1.adition.com/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\KGH22ECJ.txt [ Cookie:andreas@ad3.adfarm1.adition.com/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@ad.adition[2].txt [ Cookie:andreas@ad.adition.net/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\7P1ZGZZN.txt [ Cookie:andreas@doubleclick.net/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@imrworldwide[2].txt [ Cookie:andreas@imrworldwide.com/cgi-bin ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\TU3HS8JU.txt [ Cookie:andreas@ad.zanox.com/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@counters.gigya[1].txt [ Cookie:andreas@counters.gigya.com/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@zanox-affiliate[2].txt [ Cookie:andreas@zanox-affiliate.de/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\46680IPU.txt [ Cookie:andreas@ad2.adfarm1.adition.com/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@invitemedia[2].txt [ Cookie:andreas@invitemedia.com/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@adviva[1].txt [ Cookie:andreas@adviva.net/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@tradedoubler[2].txt [ Cookie:andreas@tradedoubler.com/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@traffictrack[1].txt [ Cookie:andreas@traffictrack.de/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@banners.thgimages.co[2].txt [ Cookie:andreas@banners.thgimages.co.uk/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@adserver[1].txt [ Cookie:andreas@adserver.gs/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\E8TZSZ3C.txt [ Cookie:andreas@zanox.com/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@www.active-tracking[1].txt [ Cookie:andreas@www.active-tracking.de/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@ad.yieldmanager[2].txt [ Cookie:andreas@ad.yieldmanager.com/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@eas.apm.emediate[2].txt [ Cookie:andreas@eas.apm.emediate.eu/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\HX2IUTDX.txt [ Cookie:andreas@tracking.quisma.com/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@www.googleadservices[2].txt [ Cookie:andreas@www.googleadservices.com/pagead/conversion/1058160226/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@adtech[2].txt [ Cookie:andreas@adtech.de/ ]
	C:\USERS\ANDREAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\andreas@content.yieldmanager[1].txt [ Cookie:andreas@content.yieldmanager.com/ ]
	C:\USERS\ANDREAS\Cookies\JZCLVR8W.txt [ Cookie:andreas@doubleclick.net/ ]
	C:\USERS\ANDREAS\Cookies\andreas@ad.zanox[1].txt [ Cookie:andreas@ad.zanox.com/ ]
	C:\USERS\ANDREAS\Cookies\andreas@zanox-affiliate[1].txt [ Cookie:andreas@zanox-affiliate.de/ ]
	C:\USERS\ANDREAS\Cookies\andreas@content.yieldmanager[2].txt [ Cookie:andreas@content.yieldmanager.com/ ]
	C:\USERS\ANDREAS\Cookies\andreas@adviva[1].txt [ Cookie:andreas@adviva.net/ ]
	C:\USERS\ANDREAS\Cookies\andreas@traffictrack[1].txt [ Cookie:andreas@traffictrack.de/ ]
	C:\USERS\ANDREAS\Cookies\andreas@ad.yieldmanager[1].txt [ Cookie:andreas@ad.yieldmanager.com/ ]
	C:\USERS\ANDREAS\Cookies\andreas@zanox[2].txt [ Cookie:andreas@zanox.com/ ]
	C:\USERS\ANDREAS\Cookies\andreas@tracking.quisma[1].txt [ Cookie:andreas@tracking.quisma.com/ ]
	C:\USERS\ANDREAS\Cookies\andreas@download859.mediafire[2].txt [ Cookie:andreas@download859.mediafire.com/4lrt40ptni6g/udggwj1ntkm/ ]
	C:\USERS\ANDREAS\Cookies\andreas@smartadserver[2].txt [ Cookie:andreas@smartadserver.com/ ]
	C:\USERS\ANDREAS\Cookies\5X6UWT01.txt [ Cookie:andreas@media6degrees.com/ ]
	C:\USERS\ANDREAS\Cookies\andreas@tracking.mlsat02[1].txt [ Cookie:andreas@tracking.mlsat02.de/tmobile/ ]
	C:\USERS\ANDREAS\Cookies\BEDA73WT.txt [ Cookie:andreas@googleads.g.doubleclick.net/ ]
	de.sitestat.com [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ]
	www.blogcounter.de [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\COOKIES.SQLITE ]
         

Aktuell kann ich über keine Probleme berichten

Alt 29.12.2011, 00:08   #7
kira
/// Helfer-Team
 
BKA/Ukash-Trojaner/Virus und seine Folgen - Standard

BKA/Ukash-Trojaner/Virus und seine Folgen



die Schritte 5., 6., und 7., fehlen noch!
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 29.12.2011, 12:15   #8
Anubis2019
 
BKA/Ukash-Trojaner/Virus und seine Folgen - Standard

BKA/Ukash-Trojaner/Virus und seine Folgen



Eigentlich schon erledigt

5. Genereller Hinweis das man öfters scannen sollte und Autorunfunktion deaktiviert
6. Online Scan durchgeführt. Keine Meldungen
7. Siehe postet Code im vorigen Beitrag.

Alt 29.12.2011, 12:36   #9
kira
/// Helfer-Team
 
BKA/Ukash-Trojaner/Virus und seine Folgen - Standard

BKA/Ukash-Trojaner/Virus und seine Folgen



zu Punkt 7.:
seit Posting #5. habe nicht erhalten!
ein ganz frisch erstelltes versteht sich...
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 29.12.2011, 13:37   #10
Anubis2019
 
BKA/Ukash-Trojaner/Virus und seine Folgen - Standard

BKA/Ukash-Trojaner/Virus und seine Folgen



Posting #6 beinhalten die Logs von OTL die erstellt worden sind nachdem Punkt 1-6 ausgeführt wurden sind

Alt 31.12.2011, 07:54   #11
kira
/// Helfer-Team
 
BKA/Ukash-Trojaner/Virus und seine Folgen - Standard

BKA/Ukash-Trojaner/Virus und seine Folgen



Posting #6? habe da 3x Logergebnisse von SUPERAntiSpyware!

also bitte nochmal....
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 01.01.2012, 19:07   #12
Anubis2019
 
BKA/Ukash-Trojaner/Virus und seine Folgen - Standard

BKA/Ukash-Trojaner/Virus und seine Folgen



OTL.txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 31.12.2011 13:41:58 - Run 4
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Andreas\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 59,84% Memory free
7,99 Gb Paging File | 5,44 Gb Available in Paging File | 68,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,80 Gb Total Space | 3,55 Gb Free Space | 6,37% Space Free | Partition Type: NTFS
Drive D: | 372,61 Gb Total Space | 26,78 Gb Free Space | 7,19% Space Free | Partition Type: NTFS
Drive E: | 7,51 Gb Total Space | 2,22 Gb Free Space | 29,52% Space Free | Partition Type: FAT32
Drive F: | 931,51 Gb Total Space | 744,63 Gb Free Space | 79,94% Space Free | Partition Type: NTFS
Drive H: | 931,51 Gb Total Space | 638,06 Gb Free Space | 68,50% Space Free | Partition Type: NTFS
 
Computer Name: ANDREAS-PC | User Name: Andreas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.29 21:05:24 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.12.25 03:25:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe
PRC - [2011.12.05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.11.10 10:43:32 | 000,399,512 | ---- | M] (Mozilla Messaging) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.02.22 20:52:54 | 000,086,016 | ---- | M] () -- C:\Programme\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
PRC - [2011.02.10 10:00:58 | 000,091,432 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe
PRC - [2010.11.24 14:02:50 | 005,853,056 | ---- | M] (QIP) -- C:\Program Files (x86)\jeak.de\QIP 2010\qip.exe
PRC - [2010.11.22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe
PRC - [2010.11.11 13:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010.11.11 13:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010.11.11 13:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010.11.01 17:09:12 | 000,802,816 | ---- | M] (Sphinx Software) -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe
PRC - [2010.11.01 16:49:58 | 000,401,408 | ---- | M] (Sphinx Software) -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe
PRC - [2010.01.19 03:31:26 | 000,072,304 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe
PRC - [2009.12.21 08:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
PRC - [2007.09.25 09:10:50 | 002,007,088 | ---- | M] (FlashGet.com) -- C:\Program Files (x86)\FlashGet\flashget.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.29 21:05:24 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.12.13 16:57:50 | 000,071,680 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\gecko9\WINNT_x86-msvc\SSSLauncher.dll
MOD - [2011.11.10 10:43:33 | 001,988,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2011.11.10 10:43:32 | 000,161,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
MOD - [2011.11.10 10:43:32 | 000,021,656 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
MOD - [2010.11.24 14:03:02 | 000,483,712 | ---- | M] () -- C:\Program Files (x86)\jeak.de\QIP 2010\Protos\Social\Social.dll
MOD - [2010.11.24 14:03:02 | 000,048,000 | ---- | M] () -- C:\Program Files (x86)\jeak.de\QIP 2010\Protos\MRA\pics.dll
MOD - [2010.11.24 14:03:00 | 002,367,872 | ---- | M] () -- C:\Program Files (x86)\jeak.de\QIP 2010\Protos\MRA\MRA.dll
MOD - [2010.11.24 14:02:58 | 002,654,080 | ---- | M] () -- C:\Program Files (x86)\jeak.de\QIP 2010\Protos\InfICQ\InfICQ.dll
MOD - [2010.11.24 14:02:56 | 000,087,424 | ---- | M] () -- C:\Program Files (x86)\jeak.de\QIP 2010\Core\WebWindow.dll
MOD - [2007.06.15 07:35:38 | 000,626,688 | ---- | M] () -- C:\Program Files (x86)\FlashGet\FGBTCORE.dll
MOD - [2007.06.14 11:52:06 | 001,327,184 | ---- | M] () -- C:\Program Files (x86)\FlashGet\FGEMCORE.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.08.12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011.05.03 13:12:03 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011.02.22 20:52:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe -- (mi-raysat_3dsmax2012_64)
SRV:64bit: - [2010.09.29 02:51:08 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008.07.29 12:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2011.12.08 22:21:05 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.02.10 10:00:58 | 000,091,432 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe -- (FreeAgentGoFlex Service)
SRV - [2010.11.22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2010.11.11 13:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010.11.11 13:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010.11.11 13:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010.11.01 16:49:58 | 000,401,408 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService)
SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.19 03:31:26 | 000,072,304 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.09 12:44:42 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010.12.07 14:33:34 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.11.11 13:49:12 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010.11.11 13:49:00 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010.11.11 13:47:12 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010.11.11 13:47:00 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010.11.11 12:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010.11.11 10:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010.11.11 10:04:52 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2010.11.11 10:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2010.09.29 03:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.09.29 02:14:48 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.03.22 10:57:20 | 000,347,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.01.27 09:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010.01.27 04:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010.01.27 03:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2009.12.31 11:04:57 | 000,360,712 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009.11.20 12:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009.11.20 12:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.10.29 12:04:28 | 000,172,544 | ---- | M] (OMNIKEY) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cxbu0x64.sys -- (cxbu0x64)
DRV:64bit: - [2009.09.23 02:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009.09.23 02:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009.09.23 02:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009.09.16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:64bit: - [2009.08.21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007.01.24 16:24:12 | 000,046,616 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcblan.sys -- (RemoteControl-USBLAN)
DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2010.12.12 15:43:23 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2010.12.12 15:43:07 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010.08.19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.11.14 02:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60747
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 CA 13 AA 0F BF CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Google.de"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.5.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: H:\PROGRA~1\Visio\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: H:\PROGRA~1\Visio\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files (x86)\Crawler\Toolbar\firefox\ [2011.12.25 02:45:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.29 21:05:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.27 12:16:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.21 17:59:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2010.12.05 23:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions
[2010.12.05 23:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.12.27 12:17:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions
[2011.12.15 21:13:10 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010.12.05 22:56:58 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.06.30 11:11:29 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2009.07.01 13:19:32 | 000,000,894 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8e7gwvkr.default\searchplugins\conduit.xml
[2011.11.27 20:44:15 | 000,002,101 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8e7gwvkr.default\searchplugins\googlede.xml
[2011.12.29 21:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{9D1F059C-CADA-4111-9696-41A62D64E3BA}.XPI
() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.12.29 21:05:24 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.03 19:04:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.03 19:04:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2007.07.26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml
[2011.10.03 19:04:56 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.03 19:04:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.03 19:04:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.03 19:04:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Webpage Screenshot Chrome Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\plugin/np.dll
CHR - plugin: Screen Capture Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\plugin/npcapture.dll
CHR - plugin: FireShot Chrome Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\legfpnnmhhnhjgekmmbkilmijnjoehne\0.92_0\plugin/npfireshot.dll
CHR - plugin: FireShot Chrome Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\legfpnnmhhnhjgekmmbkilmijnjoehne\0.92_0\plugin/npfshtml.dll
CHR - plugin: Harmony Firefox Plugin (Enabled) = C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: YouTube = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.4.6.3_0\
CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.4.7.4_0\
CHR - Extension: Google-Suche = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google-Suche = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Plugin helper for chrome = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\
CHR - Extension: Click to change the icon's color = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\legfpnnmhhnhjgekmmbkilmijnjoehne\0.92_0\
CHR - Extension: Google Mail = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Google Mail = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No CLSID value found.
O2 - BHO: (&Crawler Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - H:\Programme\Visio\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (no name) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Flashget] C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows7FirewallControl] C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8:64bit: - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O8:64bit: - Extra context menu item: Crawler Search - tbr:iemenu File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O8 - Extra context menu item: Crawler Search - tbr:iemenu File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE1D4120-E5ED-479C-AE53-79338240EB6A}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB7DE6DF-2830-42C0-A30E-F3928516262A}: NameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\tbr - No CLSID value found
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.10.06 17:32:15 | 000,000,000 | ---D | M] - H:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{50945162-941b-11e0-a18b-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{50945162-941b-11e0-a18b-005056c00008}\Shell\AutoRun\command - "" = G:\iStudio.exe
O33 - MountPoints2\{7aa50e66-5319-11e0-ad73-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{7aa50e66-5319-11e0-ad73-005056c00008}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell - "" = AutoRun
O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell\install\command - "" = E:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.27 18:47:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.12.27 18:47:35 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Andreas\Desktop\esetsmartinstaller_enu.exe
[2011.12.27 17:31:00 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\SUPERAntiSpyware.com
[2011.12.27 17:30:42 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.12.27 17:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.12.27 17:30:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.12.27 12:19:00 | 013,732,320 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Andreas\Desktop\SUPERAntiSpyware.exe
[2011.12.27 12:15:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.12.27 12:14:10 | 000,910,112 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Andreas\Desktop\jxpiinstall.exe
[2011.12.25 16:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.12.25 12:16:31 | 003,562,624 | ---- | C] (Piriform Ltd) -- C:\Users\Andreas\Desktop\ccsetup314.exe
[2011.12.25 12:00:57 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Malwarebytes
[2011.12.25 12:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.25 12:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.25 12:00:49 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.12.25 12:00:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.12.25 11:59:37 | 009,852,544 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Andreas\Desktop\mbam-setup-1.51.2.1300.exe
[2011.12.25 03:25:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe
[2011.12.25 02:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar
[2011.12.25 02:45:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Crawler
[2011.12.25 02:45:08 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2011.12.25 02:42:23 | 000,799,832 | ---- | C] (Crawler.com                                                 ) -- C:\Users\Andreas\Desktop\Spyware30050TerminatorSetup.exe
[2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Adobe
[2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Adobe
[2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011.12.22 18:55:19 | 000,750,440 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPM5312.dll
[2011.12.22 18:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011.12.22 18:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011.12.22 18:55:14 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011.12.22 18:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011.12.22 18:54:19 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\HP
[2011.12.18 18:41:39 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Documents\Nexus Mod Manager
[2011.12.18 18:41:39 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Black_Tree_Gaming
[2011.12.18 18:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
[2011.12.18 18:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\Nexus Mod Manager
[2011.12.16 13:58:24 | 000,000,000 | R--D | C] -- C:\Users\Andreas\Dropbox
[2011.12.16 13:57:30 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011.12.16 13:56:46 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Dropbox
[2011.12.15 00:41:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011.12.15 00:41:18 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.12.15 00:41:18 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.12.15 00:41:18 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.12.15 00:41:18 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.12.15 00:41:18 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.12.15 00:41:18 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.12.15 00:41:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.12.15 00:41:18 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.12.15 00:41:18 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.12.15 00:41:18 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.12.15 00:41:18 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.12.15 00:41:18 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.12.15 00:41:18 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.12.15 00:41:18 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.12.15 00:41:18 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.12.15 00:41:04 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011.12.15 00:41:04 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011.12.09 13:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2011.12.09 13:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2011.12.09 13:37:42 | 000,210,432 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmml118.dll
[2011.12.09 13:37:42 | 000,193,592 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hppdcompio.dll
[2011.12.09 13:37:42 | 000,182,784 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmpm081.dll
[2011.12.09 13:37:42 | 000,167,480 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysWow64\hppccompio.dll
[2011.12.09 13:37:42 | 000,157,696 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmja118.dll
[2011.12.09 13:37:42 | 000,155,648 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmtp118.dll
[2011.12.09 13:37:42 | 000,067,584 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmpw081.dll
[2011.12.09 13:37:39 | 000,511,488 | ---- | C] (HP) -- C:\Windows\SysWow64\hpcdmc32.dll
[2011.12.09 13:37:39 | 000,311,808 | ---- | C] (Hewlett-Packard Corporation) -- C:\Windows\SysNative\hpcpn118.dll
[2011.12.09 13:36:29 | 000,000,000 | ---D | C] -- C:\HP Universal Print Driver
[2011.12.05 14:00:41 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallJammer Registry
[2011.12.05 14:00:36 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Application Data
[2011.12.05 14:00:31 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GmoteServer
[2011.12.05 14:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GmoteServer
[2011.12.05 14:00:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GmoteServer
[2011.12.05 13:39:42 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Desktop\vp71
[2011.12.05 13:33:52 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\vlc
[2011.12.05 13:33:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.12.05 13:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011.12.04 00:41:53 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Skyrim
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.31 13:11:03 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2744733067-2877928380-3086995166-1000UA.job
[2011.12.31 12:50:49 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.31 12:50:49 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.31 12:47:56 | 001,771,670 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.31 12:47:56 | 000,759,010 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.31 12:47:56 | 000,702,730 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.31 12:47:56 | 000,174,268 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.31 12:47:56 | 000,141,122 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.31 12:43:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.31 12:43:37 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.30 19:19:58 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2011.12.30 17:11:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2744733067-2877928380-3086995166-1000Core.job
[2011.12.27 23:57:47 | 000,041,737 | ---- | M] () -- C:\Users\Andreas\Desktop\4.jpg
[2011.12.27 23:57:34 | 000,043,150 | ---- | M] () -- C:\Users\Andreas\Desktop\3.jpg
[2011.12.27 23:57:24 | 000,035,556 | ---- | M] () -- C:\Users\Andreas\Desktop\2.jpg
[2011.12.27 23:57:11 | 000,035,633 | ---- | M] () -- C:\Users\Andreas\Desktop\1.jpg
[2011.12.27 22:34:18 | 000,001,852 | ---- | M] () -- C:\Users\Andreas\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.12.27 22:33:48 | 000,040,359 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-27_223347.jpg
[2011.12.27 22:33:36 | 000,039,310 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-27_223335.jpg
[2011.12.27 22:33:23 | 000,038,623 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-27_223322.jpg
[2011.12.27 22:33:06 | 000,039,328 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-27_223259.jpg
[2011.12.27 18:47:35 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Andreas\Desktop\esetsmartinstaller_enu.exe
[2011.12.27 12:23:17 | 000,137,950 | ---- | M] () -- C:\Users\Andreas\Desktop\cc_20111227_122304.reg
[2011.12.27 12:19:32 | 013,732,320 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Andreas\Desktop\SUPERAntiSpyware.exe
[2011.12.27 12:14:12 | 000,910,112 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Andreas\Desktop\jxpiinstall.exe
[2011.12.25 16:19:26 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.12.25 12:16:34 | 003,562,624 | ---- | M] (Piriform Ltd) -- C:\Users\Andreas\Desktop\ccsetup314.exe
[2011.12.25 12:00:52 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.25 11:59:37 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Andreas\Desktop\mbam-setup-1.51.2.1300.exe
[2011.12.25 03:49:23 | 000,034,731 | ---- | M] () -- C:\Users\Andreas\Desktop\OTL.zip
[2011.12.25 03:48:15 | 000,013,856 | ---- | M] () -- C:\Users\Andreas\Desktop\Extras.zip
[2011.12.25 03:25:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe
[2011.12.25 03:21:40 | 000,000,020 | ---- | M] () -- C:\Users\Andreas\defogger_reenable
[2011.12.25 03:21:05 | 000,050,477 | ---- | M] () -- C:\Users\Andreas\Desktop\Defogger.exe
[2011.12.25 02:45:08 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2011.12.25 02:42:25 | 000,799,832 | ---- | M] (Crawler.com                                                 ) -- C:\Users\Andreas\Desktop\Spyware30050TerminatorSetup.exe
[2011.12.22 21:49:02 | 000,468,444 | ---- | M] () -- C:\Users\Andreas\Desktop\Unbenannt-1.psd
[2011.12.22 18:55:18 | 000,002,224 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk
[2011.12.22 18:55:18 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk
[2011.12.22 18:55:18 | 000,001,224 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk
[2011.12.22 18:55:18 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk
[2011.12.18 18:48:44 | 000,001,478 | ---- | M] () -- C:\Users\Andreas\Desktop\Skyrim.lnk
[2011.12.16 13:58:24 | 000,001,043 | ---- | M] () -- C:\Users\Andreas\Desktop\Dropbox.lnk
[2011.12.16 13:57:34 | 000,001,023 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.12.15 10:53:45 | 000,323,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.14 11:22:09 | 000,002,010 | -H-- | M] () -- C:\Users\Andreas\Documents\Default.rdp
[2011.12.13 15:32:53 | 001,440,354 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-13_153242.tif
[2011.12.13 15:28:14 | 000,175,439 | ---- | M] () -- C:\Users\Andreas\AppData\Local\debuggee.mdmp
[2011.12.09 16:38:14 | 000,265,294 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-09_163808.jpg
[2011.12.09 13:37:55 | 000,000,000 | ---- | M] () -- C:\Windows\HPMProp.INI
[2011.12.09 12:44:42 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.05 13:39:22 | 001,101,819 | ---- | M] () -- C:\Users\Andreas\Desktop\vp71.zip
[2011.12.05 13:33:31 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.27 23:57:47 | 000,041,737 | ---- | C] () -- C:\Users\Andreas\Desktop\4.jpg
[2011.12.27 23:57:34 | 000,043,150 | ---- | C] () -- C:\Users\Andreas\Desktop\3.jpg
[2011.12.27 23:57:24 | 000,035,556 | ---- | C] () -- C:\Users\Andreas\Desktop\2.jpg
[2011.12.27 23:57:11 | 000,035,633 | ---- | C] () -- C:\Users\Andreas\Desktop\1.jpg
[2011.12.27 22:33:48 | 000,040,359 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-27_223347.jpg
[2011.12.27 22:33:36 | 000,039,310 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-27_223335.jpg
[2011.12.27 22:33:23 | 000,038,623 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-27_223322.jpg
[2011.12.27 22:33:06 | 000,039,328 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-27_223259.jpg
[2011.12.27 17:30:42 | 000,001,852 | ---- | C] () -- C:\Users\Andreas\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.12.27 12:23:09 | 000,137,950 | ---- | C] () -- C:\Users\Andreas\Desktop\cc_20111227_122304.reg
[2011.12.25 16:19:26 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.12.25 12:00:52 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.25 03:49:23 | 000,034,731 | ---- | C] () -- C:\Users\Andreas\Desktop\OTL.zip
[2011.12.25 03:48:15 | 000,013,856 | ---- | C] () -- C:\Users\Andreas\Desktop\Extras.zip
[2011.12.25 03:21:40 | 000,000,020 | ---- | C] () -- C:\Users\Andreas\defogger_reenable
[2011.12.25 03:21:04 | 000,050,477 | ---- | C] () -- C:\Users\Andreas\Desktop\Defogger.exe
[2011.12.22 21:49:02 | 000,468,444 | ---- | C] () -- C:\Users\Andreas\Desktop\Unbenannt-1.psd
[2011.12.22 18:55:22 | 000,000,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
[2011.12.22 18:55:18 | 000,002,224 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk
[2011.12.22 18:55:18 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk
[2011.12.22 18:55:18 | 000,001,224 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk
[2011.12.22 18:55:18 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk
[2011.12.18 18:48:50 | 000,001,478 | ---- | C] () -- C:\Users\Andreas\Desktop\Skyrim.lnk
[2011.12.16 13:58:24 | 000,001,043 | ---- | C] () -- C:\Users\Andreas\Desktop\Dropbox.lnk
[2011.12.16 13:57:34 | 000,001,023 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.12.13 15:32:53 | 001,440,354 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-13_153242.tif
[2011.12.09 16:38:14 | 000,265,294 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-09_163808.jpg
[2011.12.09 13:37:55 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2011.12.09 13:37:39 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\hpcc3118.dll
[2011.12.05 13:39:19 | 001,101,819 | ---- | C] () -- C:\Users\Andreas\Desktop\vp71.zip
[2011.12.05 13:33:31 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.11.04 01:03:36 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
[2011.11.01 15:10:20 | 000,175,439 | ---- | C] () -- C:\Users\Andreas\AppData\Local\debuggee.mdmp
[2011.10.08 14:28:17 | 001,995,776 | ---- | C] () -- C:\Windows\SysWow64\cxcore200.dll
[2011.10.08 14:28:17 | 001,623,040 | ---- | C] () -- C:\Windows\SysWow64\cv200.dll
[2011.10.08 14:28:16 | 001,174,467 | ---- | C] () -- C:\Windows\unins000.exe
[2011.10.08 14:28:16 | 000,010,123 | ---- | C] () -- C:\Windows\unins000.dat
[2011.10.07 14:31:05 | 000,000,316 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.07.10 14:41:28 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI
[2011.05.24 22:06:22 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.05.08 16:50:42 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2011.05.08 16:50:13 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.12.29 23:37:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2010.12.22 19:07:26 | 000,000,551 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\AutoGK.ini
[2010.12.15 13:18:38 | 000,010,752 | ---- | C] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.13 16:29:32 | 000,000,600 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\winscp.rnd
[2010.12.10 17:07:57 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.12.10 14:11:50 | 001,752,372 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.08 14:12:55 | 000,002,063 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat
[2010.12.08 14:11:47 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010.12.05 23:05:05 | 000,007,605 | ---- | C] () -- C:\Users\Andreas\AppData\Local\resmon.resmoncfg
[2010.12.05 21:31:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.12.05 21:30:09 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.12.05 20:56:15 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2010.12.05 20:53:29 | 000,072,304 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe
[2010.12.05 20:49:53 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010.01.27 03:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009.08.27 08:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.01.25 22:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.01.09 00:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2002.10.15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2002.09.17 23:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe
 
========== LOP Check ==========
 
[2011.01.05 17:01:49 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\.minecraft
[2011.12.22 18:47:09 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ALFBanCo4
[2011.05.03 12:27:23 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Autodesk
[2010.12.09 21:55:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\BITS
[2011.09.04 21:30:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Braid
[2011.08.11 15:41:21 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Brawsome
[2011.01.10 18:03:20 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Broken Rules
[2010.12.08 16:51:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Canneverbe Limited
[2010.12.13 00:46:56 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Cherry
[2011.12.25 17:48:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DAEMON Tools Lite
[2011.01.10 22:23:00 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DocClockGame
[2011.12.31 12:44:48 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Dropbox
[2011.08.13 19:16:42 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DVDVideoSoft
[2011.08.13 12:35:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.10 20:00:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FireShot
[2010.12.10 13:43:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FlashGet
[2010.12.08 14:11:41 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FlashGetBHO
[2011.11.12 13:29:30 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\fotw
[2010.12.12 04:23:52 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Foxit Software
[2011.07.10 14:45:43 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Fujitsu
[2011.03.06 18:42:08 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\gtk-2.0
[2010.12.22 15:18:46 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\HandBrake
[2011.11.05 12:40:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Heinz Nixdorf Institut
[2011.03.07 15:03:55 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\JavaEditor
[2011.08.21 22:43:59 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\LucasArts
[2011.11.13 22:47:26 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Nicalis
[2011.02.27 21:18:55 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Nokia
[2011.01.07 14:12:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\OpenOffice.org
[2011.07.10 14:47:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PFU
[2010.12.13 22:49:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PMS
[2011.02.24 16:45:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Processing
[2010.12.05 21:41:45 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\QIP
[2011.10.07 14:53:59 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Subversion
[2011.08.11 00:03:46 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\System
[2010.12.17 15:35:28 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Systweak
[2010.12.05 23:34:20 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Thunderbird
[2011.12.29 13:35:09 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TS3Client
[2011.02.13 19:25:39 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Tunngle
[2011.11.04 01:03:50 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\VDownloader
[2011.11.14 00:08:17 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Wargaming.net
[2011.08.11 00:10:53 | 000,000,000 | -HSD | M] -- C:\Users\Andreas\AppData\Roaming\wyUpdate AU
[2011.12.03 11:46:51 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========

< End of report >
         
--- --- ---

Alt 01.01.2012, 19:08   #13
Anubis2019
 
BKA/Ukash-Trojaner/Virus und seine Folgen - Standard

BKA/Ukash-Trojaner/Virus und seine Folgen



Extra.txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 31.12.2011 13:41:58 - Run 4
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Andreas\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 59,84% Memory free
7,99 Gb Paging File | 5,44 Gb Available in Paging File | 68,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,80 Gb Total Space | 3,55 Gb Free Space | 6,37% Space Free | Partition Type: NTFS
Drive D: | 372,61 Gb Total Space | 26,78 Gb Free Space | 7,19% Space Free | Partition Type: NTFS
Drive E: | 7,51 Gb Total Space | 2,22 Gb Free Space | 29,52% Space Free | Partition Type: FAT32
Drive F: | 931,51 Gb Total Space | 744,63 Gb Free Space | 79,94% Space Free | Partition Type: NTFS
Drive H: | 931,51 Gb Total Space | 638,06 Gb Free Space | 68,50% Space Free | Partition Type: NTFS
 
Computer Name: ANDREAS-PC | User Name: Andreas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.29 21:05:24 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.12.25 03:25:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe
PRC - [2011.12.05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.11.10 10:43:32 | 000,399,512 | ---- | M] (Mozilla Messaging) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.02.22 20:52:54 | 000,086,016 | ---- | M] () -- C:\Programme\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
PRC - [2011.02.10 10:00:58 | 000,091,432 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe
PRC - [2010.11.24 14:02:50 | 005,853,056 | ---- | M] (QIP) -- C:\Program Files (x86)\jeak.de\QIP 2010\qip.exe
PRC - [2010.11.22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe
PRC - [2010.11.11 13:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010.11.11 13:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010.11.11 13:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010.11.01 17:09:12 | 000,802,816 | ---- | M] (Sphinx Software) -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe
PRC - [2010.11.01 16:49:58 | 000,401,408 | ---- | M] (Sphinx Software) -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe
PRC - [2010.01.19 03:31:26 | 000,072,304 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe
PRC - [2009.12.21 08:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
PRC - [2007.09.25 09:10:50 | 002,007,088 | ---- | M] (FlashGet.com) -- C:\Program Files (x86)\FlashGet\flashget.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.29 21:05:24 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.12.13 16:57:50 | 000,071,680 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\gecko9\WINNT_x86-msvc\SSSLauncher.dll
MOD - [2011.11.10 10:43:33 | 001,988,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2011.11.10 10:43:32 | 000,161,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
MOD - [2011.11.10 10:43:32 | 000,021,656 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
MOD - [2010.11.24 14:03:02 | 000,483,712 | ---- | M] () -- C:\Program Files (x86)\jeak.de\QIP 2010\Protos\Social\Social.dll
MOD - [2010.11.24 14:03:02 | 000,048,000 | ---- | M] () -- C:\Program Files (x86)\jeak.de\QIP 2010\Protos\MRA\pics.dll
MOD - [2010.11.24 14:03:00 | 002,367,872 | ---- | M] () -- C:\Program Files (x86)\jeak.de\QIP 2010\Protos\MRA\MRA.dll
MOD - [2010.11.24 14:02:58 | 002,654,080 | ---- | M] () -- C:\Program Files (x86)\jeak.de\QIP 2010\Protos\InfICQ\InfICQ.dll
MOD - [2010.11.24 14:02:56 | 000,087,424 | ---- | M] () -- C:\Program Files (x86)\jeak.de\QIP 2010\Core\WebWindow.dll
MOD - [2007.06.15 07:35:38 | 000,626,688 | ---- | M] () -- C:\Program Files (x86)\FlashGet\FGBTCORE.dll
MOD - [2007.06.14 11:52:06 | 001,327,184 | ---- | M] () -- C:\Program Files (x86)\FlashGet\FGEMCORE.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.08.12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011.05.03 13:12:03 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011.02.22 20:52:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe -- (mi-raysat_3dsmax2012_64)
SRV:64bit: - [2010.09.29 02:51:08 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008.07.29 12:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2011.12.08 22:21:05 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.02.10 10:00:58 | 000,091,432 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe -- (FreeAgentGoFlex Service)
SRV - [2010.11.22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2010.11.11 13:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010.11.11 13:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010.11.11 13:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010.11.01 16:49:58 | 000,401,408 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService)
SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.19 03:31:26 | 000,072,304 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.09 12:44:42 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010.12.07 14:33:34 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.11.11 13:49:12 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010.11.11 13:49:00 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010.11.11 13:47:12 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010.11.11 13:47:00 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010.11.11 12:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010.11.11 10:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010.11.11 10:04:52 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2010.11.11 10:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2010.09.29 03:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.09.29 02:14:48 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.03.22 10:57:20 | 000,347,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.01.27 09:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010.01.27 04:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010.01.27 03:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2009.12.31 11:04:57 | 000,360,712 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009.11.20 12:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009.11.20 12:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.10.29 12:04:28 | 000,172,544 | ---- | M] (OMNIKEY) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cxbu0x64.sys -- (cxbu0x64)
DRV:64bit: - [2009.09.23 02:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009.09.23 02:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009.09.23 02:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009.09.16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:64bit: - [2009.08.21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007.01.24 16:24:12 | 000,046,616 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcblan.sys -- (RemoteControl-USBLAN)
DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2010.12.12 15:43:23 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2010.12.12 15:43:07 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010.08.19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.11.14 02:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60747
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 CA 13 AA 0F BF CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Google.de"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.5.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: H:\PROGRA~1\Visio\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: H:\PROGRA~1\Visio\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files (x86)\Crawler\Toolbar\firefox\ [2011.12.25 02:45:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.29 21:05:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.27 12:16:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.21 17:59:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2010.12.05 23:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions
[2010.12.05 23:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.12.27 12:17:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions
[2011.12.15 21:13:10 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010.12.05 22:56:58 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.06.30 11:11:29 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2009.07.01 13:19:32 | 000,000,894 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8e7gwvkr.default\searchplugins\conduit.xml
[2011.11.27 20:44:15 | 000,002,101 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8e7gwvkr.default\searchplugins\googlede.xml
[2011.12.29 21:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{9D1F059C-CADA-4111-9696-41A62D64E3BA}.XPI
() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.12.29 21:05:24 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.03 19:04:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.03 19:04:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2007.07.26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml
[2011.10.03 19:04:56 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.03 19:04:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.03 19:04:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.03 19:04:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Webpage Screenshot Chrome Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\plugin/np.dll
CHR - plugin: Screen Capture Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\plugin/npcapture.dll
CHR - plugin: FireShot Chrome Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\legfpnnmhhnhjgekmmbkilmijnjoehne\0.92_0\plugin/npfireshot.dll
CHR - plugin: FireShot Chrome Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\legfpnnmhhnhjgekmmbkilmijnjoehne\0.92_0\plugin/npfshtml.dll
CHR - plugin: Harmony Firefox Plugin (Enabled) = C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: YouTube = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.4.6.3_0\
CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.4.7.4_0\
CHR - Extension: Google-Suche = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google-Suche = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Plugin helper for chrome = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\
CHR - Extension: Click to change the icon's color = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\legfpnnmhhnhjgekmmbkilmijnjoehne\0.92_0\
CHR - Extension: Google Mail = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Google Mail = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No CLSID value found.
O2 - BHO: (&Crawler Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - H:\Programme\Visio\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (no name) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Flashget] C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows7FirewallControl] C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8:64bit: - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O8:64bit: - Extra context menu item: Crawler Search - tbr:iemenu File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O8 - Extra context menu item: Crawler Search - tbr:iemenu File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE1D4120-E5ED-479C-AE53-79338240EB6A}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB7DE6DF-2830-42C0-A30E-F3928516262A}: NameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\tbr - No CLSID value found
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.10.06 17:32:15 | 000,000,000 | ---D | M] - H:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{50945162-941b-11e0-a18b-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{50945162-941b-11e0-a18b-005056c00008}\Shell\AutoRun\command - "" = G:\iStudio.exe
O33 - MountPoints2\{7aa50e66-5319-11e0-ad73-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{7aa50e66-5319-11e0-ad73-005056c00008}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell - "" = AutoRun
O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell\install\command - "" = E:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.27 18:47:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.12.27 18:47:35 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Andreas\Desktop\esetsmartinstaller_enu.exe
[2011.12.27 17:31:00 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\SUPERAntiSpyware.com
[2011.12.27 17:30:42 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.12.27 17:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.12.27 17:30:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.12.27 12:19:00 | 013,732,320 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Andreas\Desktop\SUPERAntiSpyware.exe
[2011.12.27 12:15:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.12.27 12:14:10 | 000,910,112 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Andreas\Desktop\jxpiinstall.exe
[2011.12.25 16:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.12.25 12:16:31 | 003,562,624 | ---- | C] (Piriform Ltd) -- C:\Users\Andreas\Desktop\ccsetup314.exe
[2011.12.25 12:00:57 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Malwarebytes
[2011.12.25 12:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.25 12:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.25 12:00:49 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.12.25 12:00:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.12.25 11:59:37 | 009,852,544 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Andreas\Desktop\mbam-setup-1.51.2.1300.exe
[2011.12.25 03:25:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe
[2011.12.25 02:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar
[2011.12.25 02:45:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Crawler
[2011.12.25 02:45:08 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2011.12.25 02:42:23 | 000,799,832 | ---- | C] (Crawler.com                                                 ) -- C:\Users\Andreas\Desktop\Spyware30050TerminatorSetup.exe
[2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Adobe
[2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Adobe
[2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011.12.22 18:55:19 | 000,750,440 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPM5312.dll
[2011.12.22 18:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011.12.22 18:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011.12.22 18:55:14 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011.12.22 18:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011.12.22 18:54:19 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\HP
[2011.12.18 18:41:39 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Documents\Nexus Mod Manager
[2011.12.18 18:41:39 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Black_Tree_Gaming
[2011.12.18 18:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
[2011.12.18 18:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\Nexus Mod Manager
[2011.12.16 13:58:24 | 000,000,000 | R--D | C] -- C:\Users\Andreas\Dropbox
[2011.12.16 13:57:30 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011.12.16 13:56:46 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Dropbox
[2011.12.15 00:41:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011.12.15 00:41:18 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.12.15 00:41:18 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.12.15 00:41:18 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.12.15 00:41:18 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.12.15 00:41:18 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.12.15 00:41:18 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.12.15 00:41:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.12.15 00:41:18 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.12.15 00:41:18 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.12.15 00:41:18 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.12.15 00:41:18 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.12.15 00:41:18 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.12.15 00:41:18 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.12.15 00:41:18 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.12.15 00:41:18 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.12.15 00:41:04 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011.12.15 00:41:04 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011.12.09 13:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2011.12.09 13:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2011.12.09 13:37:42 | 000,210,432 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmml118.dll
[2011.12.09 13:37:42 | 000,193,592 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hppdcompio.dll
[2011.12.09 13:37:42 | 000,182,784 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmpm081.dll
[2011.12.09 13:37:42 | 000,167,480 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysWow64\hppccompio.dll
[2011.12.09 13:37:42 | 000,157,696 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmja118.dll
[2011.12.09 13:37:42 | 000,155,648 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmtp118.dll
[2011.12.09 13:37:42 | 000,067,584 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmpw081.dll
[2011.12.09 13:37:39 | 000,511,488 | ---- | C] (HP) -- C:\Windows\SysWow64\hpcdmc32.dll
[2011.12.09 13:37:39 | 000,311,808 | ---- | C] (Hewlett-Packard Corporation) -- C:\Windows\SysNative\hpcpn118.dll
[2011.12.09 13:36:29 | 000,000,000 | ---D | C] -- C:\HP Universal Print Driver
[2011.12.05 14:00:41 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallJammer Registry
[2011.12.05 14:00:36 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Application Data
[2011.12.05 14:00:31 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GmoteServer
[2011.12.05 14:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GmoteServer
[2011.12.05 14:00:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GmoteServer
[2011.12.05 13:39:42 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Desktop\vp71
[2011.12.05 13:33:52 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\vlc
[2011.12.05 13:33:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.12.05 13:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011.12.04 00:41:53 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Skyrim
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.31 13:11:03 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2744733067-2877928380-3086995166-1000UA.job
[2011.12.31 12:50:49 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.31 12:50:49 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.31 12:47:56 | 001,771,670 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.31 12:47:56 | 000,759,010 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.31 12:47:56 | 000,702,730 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.31 12:47:56 | 000,174,268 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.31 12:47:56 | 000,141,122 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.31 12:43:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.31 12:43:37 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.30 19:19:58 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2011.12.30 17:11:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2744733067-2877928380-3086995166-1000Core.job
[2011.12.27 23:57:47 | 000,041,737 | ---- | M] () -- C:\Users\Andreas\Desktop\4.jpg
[2011.12.27 23:57:34 | 000,043,150 | ---- | M] () -- C:\Users\Andreas\Desktop\3.jpg
[2011.12.27 23:57:24 | 000,035,556 | ---- | M] () -- C:\Users\Andreas\Desktop\2.jpg
[2011.12.27 23:57:11 | 000,035,633 | ---- | M] () -- C:\Users\Andreas\Desktop\1.jpg
[2011.12.27 22:34:18 | 000,001,852 | ---- | M] () -- C:\Users\Andreas\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.12.27 22:33:48 | 000,040,359 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-27_223347.jpg
[2011.12.27 22:33:36 | 000,039,310 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-27_223335.jpg
[2011.12.27 22:33:23 | 000,038,623 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-27_223322.jpg
[2011.12.27 22:33:06 | 000,039,328 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-27_223259.jpg
[2011.12.27 18:47:35 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Andreas\Desktop\esetsmartinstaller_enu.exe
[2011.12.27 12:23:17 | 000,137,950 | ---- | M] () -- C:\Users\Andreas\Desktop\cc_20111227_122304.reg
[2011.12.27 12:19:32 | 013,732,320 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Andreas\Desktop\SUPERAntiSpyware.exe
[2011.12.27 12:14:12 | 000,910,112 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Andreas\Desktop\jxpiinstall.exe
[2011.12.25 16:19:26 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.12.25 12:16:34 | 003,562,624 | ---- | M] (Piriform Ltd) -- C:\Users\Andreas\Desktop\ccsetup314.exe
[2011.12.25 12:00:52 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.25 11:59:37 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Andreas\Desktop\mbam-setup-1.51.2.1300.exe
[2011.12.25 03:49:23 | 000,034,731 | ---- | M] () -- C:\Users\Andreas\Desktop\OTL.zip
[2011.12.25 03:48:15 | 000,013,856 | ---- | M] () -- C:\Users\Andreas\Desktop\Extras.zip
[2011.12.25 03:25:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe
[2011.12.25 03:21:40 | 000,000,020 | ---- | M] () -- C:\Users\Andreas\defogger_reenable
[2011.12.25 03:21:05 | 000,050,477 | ---- | M] () -- C:\Users\Andreas\Desktop\Defogger.exe
[2011.12.25 02:45:08 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2011.12.25 02:42:25 | 000,799,832 | ---- | M] (Crawler.com                                                 ) -- C:\Users\Andreas\Desktop\Spyware30050TerminatorSetup.exe
[2011.12.22 21:49:02 | 000,468,444 | ---- | M] () -- C:\Users\Andreas\Desktop\Unbenannt-1.psd
[2011.12.22 18:55:18 | 000,002,224 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk
[2011.12.22 18:55:18 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk
[2011.12.22 18:55:18 | 000,001,224 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk
[2011.12.22 18:55:18 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk
[2011.12.18 18:48:44 | 000,001,478 | ---- | M] () -- C:\Users\Andreas\Desktop\Skyrim.lnk
[2011.12.16 13:58:24 | 000,001,043 | ---- | M] () -- C:\Users\Andreas\Desktop\Dropbox.lnk
[2011.12.16 13:57:34 | 000,001,023 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.12.15 10:53:45 | 000,323,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.14 11:22:09 | 000,002,010 | -H-- | M] () -- C:\Users\Andreas\Documents\Default.rdp
[2011.12.13 15:32:53 | 001,440,354 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-13_153242.tif
[2011.12.13 15:28:14 | 000,175,439 | ---- | M] () -- C:\Users\Andreas\AppData\Local\debuggee.mdmp
[2011.12.09 16:38:14 | 000,265,294 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-09_163808.jpg
[2011.12.09 13:37:55 | 000,000,000 | ---- | M] () -- C:\Windows\HPMProp.INI
[2011.12.09 12:44:42 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.05 13:39:22 | 001,101,819 | ---- | M] () -- C:\Users\Andreas\Desktop\vp71.zip
[2011.12.05 13:33:31 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.27 23:57:47 | 000,041,737 | ---- | C] () -- C:\Users\Andreas\Desktop\4.jpg
[2011.12.27 23:57:34 | 000,043,150 | ---- | C] () -- C:\Users\Andreas\Desktop\3.jpg
[2011.12.27 23:57:24 | 000,035,556 | ---- | C] () -- C:\Users\Andreas\Desktop\2.jpg
[2011.12.27 23:57:11 | 000,035,633 | ---- | C] () -- C:\Users\Andreas\Desktop\1.jpg
[2011.12.27 22:33:48 | 000,040,359 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-27_223347.jpg
[2011.12.27 22:33:36 | 000,039,310 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-27_223335.jpg
[2011.12.27 22:33:23 | 000,038,623 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-27_223322.jpg
[2011.12.27 22:33:06 | 000,039,328 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-27_223259.jpg
[2011.12.27 17:30:42 | 000,001,852 | ---- | C] () -- C:\Users\Andreas\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.12.27 12:23:09 | 000,137,950 | ---- | C] () -- C:\Users\Andreas\Desktop\cc_20111227_122304.reg
[2011.12.25 16:19:26 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.12.25 12:00:52 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.25 03:49:23 | 000,034,731 | ---- | C] () -- C:\Users\Andreas\Desktop\OTL.zip
[2011.12.25 03:48:15 | 000,013,856 | ---- | C] () -- C:\Users\Andreas\Desktop\Extras.zip
[2011.12.25 03:21:40 | 000,000,020 | ---- | C] () -- C:\Users\Andreas\defogger_reenable
[2011.12.25 03:21:04 | 000,050,477 | ---- | C] () -- C:\Users\Andreas\Desktop\Defogger.exe
[2011.12.22 21:49:02 | 000,468,444 | ---- | C] () -- C:\Users\Andreas\Desktop\Unbenannt-1.psd
[2011.12.22 18:55:22 | 000,000,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
[2011.12.22 18:55:18 | 000,002,224 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk
[2011.12.22 18:55:18 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk
[2011.12.22 18:55:18 | 000,001,224 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk
[2011.12.22 18:55:18 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk
[2011.12.18 18:48:50 | 000,001,478 | ---- | C] () -- C:\Users\Andreas\Desktop\Skyrim.lnk
[2011.12.16 13:58:24 | 000,001,043 | ---- | C] () -- C:\Users\Andreas\Desktop\Dropbox.lnk
[2011.12.16 13:57:34 | 000,001,023 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.12.13 15:32:53 | 001,440,354 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-13_153242.tif
[2011.12.09 16:38:14 | 000,265,294 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-09_163808.jpg
[2011.12.09 13:37:55 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2011.12.09 13:37:39 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\hpcc3118.dll
[2011.12.05 13:39:19 | 001,101,819 | ---- | C] () -- C:\Users\Andreas\Desktop\vp71.zip
[2011.12.05 13:33:31 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.11.04 01:03:36 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
[2011.11.01 15:10:20 | 000,175,439 | ---- | C] () -- C:\Users\Andreas\AppData\Local\debuggee.mdmp
[2011.10.08 14:28:17 | 001,995,776 | ---- | C] () -- C:\Windows\SysWow64\cxcore200.dll
[2011.10.08 14:28:17 | 001,623,040 | ---- | C] () -- C:\Windows\SysWow64\cv200.dll
[2011.10.08 14:28:16 | 001,174,467 | ---- | C] () -- C:\Windows\unins000.exe
[2011.10.08 14:28:16 | 000,010,123 | ---- | C] () -- C:\Windows\unins000.dat
[2011.10.07 14:31:05 | 000,000,316 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.07.10 14:41:28 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI
[2011.05.24 22:06:22 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.05.08 16:50:42 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2011.05.08 16:50:13 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.12.29 23:37:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2010.12.22 19:07:26 | 000,000,551 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\AutoGK.ini
[2010.12.15 13:18:38 | 000,010,752 | ---- | C] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.13 16:29:32 | 000,000,600 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\winscp.rnd
[2010.12.10 17:07:57 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.12.10 14:11:50 | 001,752,372 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.08 14:12:55 | 000,002,063 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat
[2010.12.08 14:11:47 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010.12.05 23:05:05 | 000,007,605 | ---- | C] () -- C:\Users\Andreas\AppData\Local\resmon.resmoncfg
[2010.12.05 21:31:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.12.05 21:30:09 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.12.05 20:56:15 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2010.12.05 20:53:29 | 000,072,304 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe
[2010.12.05 20:49:53 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010.01.27 03:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009.08.27 08:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.01.25 22:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.01.09 00:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2002.10.15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2002.09.17 23:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe
 
========== LOP Check ==========
 
[2011.01.05 17:01:49 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\.minecraft
[2011.12.22 18:47:09 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ALFBanCo4
[2011.05.03 12:27:23 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Autodesk
[2010.12.09 21:55:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\BITS
[2011.09.04 21:30:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Braid
[2011.08.11 15:41:21 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Brawsome
[2011.01.10 18:03:20 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Broken Rules
[2010.12.08 16:51:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Canneverbe Limited
[2010.12.13 00:46:56 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Cherry
[2011.12.25 17:48:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DAEMON Tools Lite
[2011.01.10 22:23:00 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DocClockGame
[2011.12.31 12:44:48 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Dropbox
[2011.08.13 19:16:42 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DVDVideoSoft
[2011.08.13 12:35:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.10 20:00:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FireShot
[2010.12.10 13:43:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FlashGet
[2010.12.08 14:11:41 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FlashGetBHO
[2011.11.12 13:29:30 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\fotw
[2010.12.12 04:23:52 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Foxit Software
[2011.07.10 14:45:43 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Fujitsu
[2011.03.06 18:42:08 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\gtk-2.0
[2010.12.22 15:18:46 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\HandBrake
[2011.11.05 12:40:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Heinz Nixdorf Institut
[2011.03.07 15:03:55 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\JavaEditor
[2011.08.21 22:43:59 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\LucasArts
[2011.11.13 22:47:26 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Nicalis
[2011.02.27 21:18:55 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Nokia
[2011.01.07 14:12:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\OpenOffice.org
[2011.07.10 14:47:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PFU
[2010.12.13 22:49:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PMS
[2011.02.24 16:45:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Processing
[2010.12.05 21:41:45 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\QIP
[2011.10.07 14:53:59 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Subversion
[2011.08.11 00:03:46 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\System
[2010.12.17 15:35:28 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Systweak
[2010.12.05 23:34:20 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Thunderbird
[2011.12.29 13:35:09 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TS3Client
[2011.02.13 19:25:39 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Tunngle
[2011.11.04 01:03:50 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\VDownloader
[2011.11.14 00:08:17 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Wargaming.net
[2011.08.11 00:10:53 | 000,000,000 | -HSD | M] -- C:\Users\Andreas\AppData\Roaming\wyUpdate AU
[2011.12.03 11:46:51 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

[/Code]

Alt 02.01.2012, 13:09   #14
kira
/// Helfer-Team
 
BKA/Ukash-Trojaner/Virus und seine Folgen - Standard

BKA/Ukash-Trojaner/Virus und seine Folgen



1.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60747
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.useDBForOrder: true
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
[2011.10.03 19:04:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2007.07.26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml
[2011.10.03 19:04:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No CLSID value found.
O2 - BHO: (&Crawler Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (no name) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O8:64bit: - Extra context menu item: Crawler Search - tbr:iemenu File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Crawler Search - tbr:iemenu File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{50945162-941b-11e0-a18b-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{50945162-941b-11e0-a18b-005056c00008}\Shell\AutoRun\command - "" = G:\iStudio.exe
O33 - MountPoints2\{7aa50e66-5319-11e0-ad73-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{7aa50e66-5319-11e0-ad73-005056c00008}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell - "" = AutoRun
O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{e8b7686e-0206-11e0-9420-1c6f654fb3d7}\Shell\install\command - "" = E:\SETUP.EXE
[2011.12.25 02:45:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Crawler
[2011.12.31 13:11:03 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2744733067-2877928380-3086995166-1000UA.job
[2011.12.30 17:11:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2744733067-2877928380-3086995166-1000Core.job

:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

2.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 02.01.2012, 13:58   #15
Anubis2019
 
BKA/Ukash-Trojaner/Virus und seine Folgen - Standard

BKA/Ukash-Trojaner/Virus und seine Folgen



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 02.01.2012 13:53:05 - Run 5
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Andreas\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 59,06% Memory free
7,99 Gb Paging File | 5,99 Gb Available in Paging File | 74,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,80 Gb Total Space | 3,35 Gb Free Space | 6,01% Space Free | Partition Type: NTFS
Drive D: | 372,61 Gb Total Space | 26,29 Gb Free Space | 7,06% Space Free | Partition Type: NTFS
Drive H: | 931,51 Gb Total Space | 637,92 Gb Free Space | 68,48% Space Free | Partition Type: NTFS
 
Computer Name: ANDREAS-PC | User Name: Andreas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.25 03:25:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.12.05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.19 10:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.08.12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2011.08.12 12:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011.08.12 12:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011.02.22 20:52:54 | 000,086,016 | ---- | M] () -- C:\Programme\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
PRC - [2011.02.10 10:00:58 | 000,091,432 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe
PRC - [2010.11.22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe
PRC - [2010.11.11 13:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010.11.11 13:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010.11.11 13:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010.11.01 17:09:12 | 000,802,816 | ---- | M] (Sphinx Software) -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe
PRC - [2010.11.01 16:49:58 | 000,401,408 | ---- | M] (Sphinx Software) -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe
PRC - [2010.01.19 03:31:26 | 000,072,304 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe
PRC - [2009.12.21 08:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
PRC - [2007.09.25 09:10:50 | 002,007,088 | ---- | M] (FlashGet.com) -- C:\Program Files (x86)\FlashGet\flashget.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.08.22 15:47:44 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011.08.12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
MOD - [2011.08.12 12:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
MOD - [2011.08.12 12:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
MOD - [2011.08.12 12:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
MOD - [2011.08.12 12:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
MOD - [2011.08.12 12:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
MOD - [2011.08.12 12:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2007.06.15 07:35:38 | 000,626,688 | ---- | M] () -- C:\Program Files (x86)\FlashGet\FGBTCORE.dll
MOD - [2007.06.14 11:52:06 | 001,327,184 | ---- | M] () -- C:\Program Files (x86)\FlashGet\FGEMCORE.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.08.12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011.05.03 13:12:03 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011.02.22 20:52:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe -- (mi-raysat_3dsmax2012_64)
SRV:64bit: - [2010.09.29 02:51:08 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008.07.29 12:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.12.08 22:21:05 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.19 10:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.02.10 10:00:58 | 000,091,432 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe -- (FreeAgentGoFlex Service)
SRV - [2010.11.22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2010.11.11 13:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010.11.11 13:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010.11.11 13:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010.11.01 16:49:58 | 000,401,408 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService)
SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.19 03:31:26 | 000,072,304 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.12.09 12:44:42 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.19 10:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam C160(UVC)
DRV:64bit: - [2011.08.19 10:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2010.12.07 14:33:34 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.11.11 13:49:12 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010.11.11 13:49:00 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010.11.11 13:47:12 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010.11.11 13:47:00 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010.11.11 12:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010.11.11 10:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010.11.11 10:04:52 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2010.11.11 10:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2010.09.29 03:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.09.29 02:14:48 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.03.22 10:57:20 | 000,347,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.01.27 09:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010.01.27 04:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010.01.27 03:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2009.12.31 11:04:57 | 000,360,712 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009.11.20 12:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009.11.20 12:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.10.29 12:04:28 | 000,172,544 | ---- | M] (OMNIKEY) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cxbu0x64.sys -- (cxbu0x64)
DRV:64bit: - [2009.09.23 02:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009.09.23 02:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009.09.23 02:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009.09.16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:64bit: - [2009.08.21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007.01.24 16:24:12 | 000,046,616 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcblan.sys -- (RemoteControl-USBLAN)
DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2010.12.12 15:43:23 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2010.12.12 15:43:07 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010.08.19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.11.14 02:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 CA 13 AA 0F BF CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - prefs.js..browser.search.selectedEngine: "Google.de"
FF - prefs.js..browser.search.useDBForOrder: ""
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.5.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: H:\PROGRA~1\Visio\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: H:\PROGRA~1\Visio\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files (x86)\Crawler\Toolbar\firefox\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.29 21:05:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.27 12:16:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.21 17:59:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2010.12.05 23:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions
[2010.12.05 23:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.12.27 12:17:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions
[2011.12.15 21:13:10 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010.12.05 22:56:58 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.06.30 11:11:29 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\8e7gwvkr.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2009.07.01 13:19:32 | 000,000,894 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8e7gwvkr.default\searchplugins\conduit.xml
[2011.11.27 20:44:15 | 000,002,101 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8e7gwvkr.default\searchplugins\googlede.xml
[2011.12.29 21:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{9D1F059C-CADA-4111-9696-41A62D64E3BA}.XPI
() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8E7GWVKR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.12.29 21:05:24 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.03 19:04:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.03 19:04:56 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.03 19:04:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.03 19:04:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Webpage Screenshot Chrome Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\plugin/np.dll
CHR - plugin: Screen Capture Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\plugin/npcapture.dll
CHR - plugin: FireShot Chrome Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\legfpnnmhhnhjgekmmbkilmijnjoehne\0.92_0\plugin/npfireshot.dll
CHR - plugin: FireShot Chrome Plugin (Enabled) = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\legfpnnmhhnhjgekmmbkilmijnjoehne\0.92_0\plugin/npfshtml.dll
CHR - plugin: Harmony Firefox Plugin (Enabled) = C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: YouTube = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.4.6.3_0\
CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.4.7.4_0\
CHR - Extension: Google-Suche = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google-Suche = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Plugin helper for chrome = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\
CHR - Extension: Click to change the icon's color = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\legfpnnmhhnhjgekmmbkilmijnjoehne\0.92_0\
CHR - Extension: Google Mail = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Google Mail = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - H:\Programme\Visio\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Flashget] C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows7FirewallControl] C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8:64bit: - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE1D4120-E5ED-479C-AE53-79338240EB6A}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB7DE6DF-2830-42C0-A30E-F3928516262A}: NameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\tbr - No CLSID value found
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll File not found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.10.06 17:32:15 | 000,000,000 | ---D | M] - H:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.02 13:47:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.01.01 23:44:16 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Logitech® Webcam-Software
[2012.01.01 23:41:42 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Leadertech
[2012.01.01 23:41:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2012.01.01 23:41:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LWS
[2012.01.01 23:41:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2012.01.01 23:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2012.01.01 23:41:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2012.01.01 23:38:51 | 007,045,480 | ---- | C] (Logitech, Inc.) -- C:\Users\Andreas\Desktop\lws230.exe
[2011.12.31 19:59:17 | 000,000,000 | ---D | C] -- C:\videodvdmaker
[2011.12.31 19:59:17 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Video DVD Maker FREE
[2011.12.31 19:58:56 | 012,417,842 | ---- | C] (                                                            ) -- C:\Users\Andreas\Desktop\klcodec520f.exe
[2011.12.31 19:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video DVD Maker
[2011.12.31 19:58:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Video DVD Maker
[2011.12.27 18:47:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.12.27 18:47:35 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Andreas\Desktop\esetsmartinstaller_enu.exe
[2011.12.27 17:31:00 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\SUPERAntiSpyware.com
[2011.12.27 17:30:42 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.12.27 17:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.12.27 17:30:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.12.27 12:19:00 | 013,732,320 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Andreas\Desktop\SUPERAntiSpyware.exe
[2011.12.27 12:15:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.12.27 12:14:10 | 000,910,112 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Andreas\Desktop\jxpiinstall.exe
[2011.12.25 16:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.12.25 12:16:31 | 003,562,624 | ---- | C] (Piriform Ltd) -- C:\Users\Andreas\Desktop\ccsetup314.exe
[2011.12.25 12:00:57 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Malwarebytes
[2011.12.25 12:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.25 12:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.25 12:00:49 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.12.25 12:00:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.12.25 11:59:37 | 009,852,544 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Andreas\Desktop\mbam-setup-1.51.2.1300.exe
[2011.12.25 03:25:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe
[2011.12.25 02:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar
[2011.12.25 02:45:08 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2011.12.25 02:42:23 | 000,799,832 | ---- | C] (Crawler.com                                                 ) -- C:\Users\Andreas\Desktop\Spyware30050TerminatorSetup.exe
[2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Adobe
[2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Adobe
[2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011.12.22 21:01:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011.12.22 18:55:19 | 000,750,440 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPM5312.dll
[2011.12.22 18:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011.12.22 18:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011.12.22 18:55:14 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011.12.22 18:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011.12.22 18:54:19 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\HP
[2011.12.18 18:41:39 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Documents\Nexus Mod Manager
[2011.12.18 18:41:39 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Black_Tree_Gaming
[2011.12.18 18:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
[2011.12.18 18:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\Nexus Mod Manager
[2011.12.16 13:58:24 | 000,000,000 | R--D | C] -- C:\Users\Andreas\Dropbox
[2011.12.16 13:57:30 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011.12.16 13:56:46 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Dropbox
[2011.12.15 00:41:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011.12.15 00:41:18 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.12.15 00:41:18 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.12.15 00:41:18 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.12.15 00:41:18 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.12.15 00:41:18 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.12.15 00:41:18 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.12.15 00:41:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.12.15 00:41:18 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.12.15 00:41:18 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.12.15 00:41:18 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.12.15 00:41:18 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.12.15 00:41:18 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.12.15 00:41:18 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.12.15 00:41:18 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.12.15 00:41:18 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.12.15 00:41:04 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011.12.15 00:41:04 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011.12.09 13:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2011.12.09 13:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2011.12.09 13:37:42 | 000,210,432 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmml118.dll
[2011.12.09 13:37:42 | 000,193,592 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hppdcompio.dll
[2011.12.09 13:37:42 | 000,182,784 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmpm081.dll
[2011.12.09 13:37:42 | 000,167,480 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysWow64\hppccompio.dll
[2011.12.09 13:37:42 | 000,157,696 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmja118.dll
[2011.12.09 13:37:42 | 000,155,648 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmtp118.dll
[2011.12.09 13:37:42 | 000,067,584 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmpw081.dll
[2011.12.09 13:37:39 | 000,511,488 | ---- | C] (HP) -- C:\Windows\SysWow64\hpcdmc32.dll
[2011.12.09 13:37:39 | 000,311,808 | ---- | C] (Hewlett-Packard Corporation) -- C:\Windows\SysNative\hpcpn118.dll
[2011.12.09 13:36:29 | 000,000,000 | ---D | C] -- C:\HP Universal Print Driver
[2011.12.05 14:00:41 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallJammer Registry
[2011.12.05 14:00:36 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Application Data
[2011.12.05 14:00:31 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GmoteServer
[2011.12.05 14:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GmoteServer
[2011.12.05 14:00:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GmoteServer
[2011.12.05 13:39:42 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Desktop\vp71
[2011.12.05 13:33:52 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\vlc
[2011.12.05 13:33:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.12.05 13:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011.12.04 00:41:53 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Skyrim
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.02 13:50:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.02 13:50:41 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012.01.02 13:50:37 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.02 13:49:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2012.01.02 11:35:05 | 000,029,410 | ---- | M] () -- C:\Users\Andreas\Desktop\Blatt10.pdf
[2012.01.02 11:22:40 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.02 11:22:40 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.02 11:20:13 | 001,771,670 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.02 11:20:13 | 000,759,010 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.02 11:20:13 | 000,702,730 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.02 11:20:13 | 000,174,268 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.02 11:20:13 | 000,141,122 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.01 23:41:42 | 000,001,112 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2012.01.01 23:41:05 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
[2012.01.01 23:38:55 | 007,045,480 | ---- | M] (Logitech, Inc.) -- C:\Users\Andreas\Desktop\lws230.exe
[2011.12.31 20:00:22 | 000,012,288 | ---- | M] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.31 19:59:26 | 012,417,842 | ---- | M] (                                                            ) -- C:\Users\Andreas\Desktop\klcodec520f.exe
[2011.12.31 19:58:22 | 008,671,837 | ---- | M] () -- C:\Users\Andreas\Desktop\vdm_free.exe
[2011.12.27 23:57:47 | 000,041,737 | ---- | M] () -- C:\Users\Andreas\Desktop\4.jpg
[2011.12.27 23:57:34 | 000,043,150 | ---- | M] () -- C:\Users\Andreas\Desktop\3.jpg
[2011.12.27 23:57:24 | 000,035,556 | ---- | M] () -- C:\Users\Andreas\Desktop\2.jpg
[2011.12.27 23:57:11 | 000,035,633 | ---- | M] () -- C:\Users\Andreas\Desktop\1.jpg
[2011.12.27 22:34:18 | 000,001,852 | ---- | M] () -- C:\Users\Andreas\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.12.27 22:33:48 | 000,040,359 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-27_223347.jpg
[2011.12.27 22:33:36 | 000,039,310 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-27_223335.jpg
[2011.12.27 22:33:23 | 000,038,623 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-27_223322.jpg
[2011.12.27 22:33:06 | 000,039,328 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-27_223259.jpg
[2011.12.27 18:47:35 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Andreas\Desktop\esetsmartinstaller_enu.exe
[2011.12.27 12:23:17 | 000,137,950 | ---- | M] () -- C:\Users\Andreas\Desktop\cc_20111227_122304.reg
[2011.12.27 12:19:32 | 013,732,320 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Andreas\Desktop\SUPERAntiSpyware.exe
[2011.12.27 12:14:12 | 000,910,112 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Andreas\Desktop\jxpiinstall.exe
[2011.12.25 16:19:26 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.12.25 12:16:34 | 003,562,624 | ---- | M] (Piriform Ltd) -- C:\Users\Andreas\Desktop\ccsetup314.exe
[2011.12.25 11:59:37 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Andreas\Desktop\mbam-setup-1.51.2.1300.exe
[2011.12.25 03:49:23 | 000,034,731 | ---- | M] () -- C:\Users\Andreas\Desktop\OTL.zip
[2011.12.25 03:48:15 | 000,013,856 | ---- | M] () -- C:\Users\Andreas\Desktop\Extras.zip
[2011.12.25 03:25:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe
[2011.12.25 03:21:40 | 000,000,020 | ---- | M] () -- C:\Users\Andreas\defogger_reenable
[2011.12.25 03:21:05 | 000,050,477 | ---- | M] () -- C:\Users\Andreas\Desktop\Defogger.exe
[2011.12.25 02:45:08 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2011.12.25 02:42:25 | 000,799,832 | ---- | M] (Crawler.com                                                 ) -- C:\Users\Andreas\Desktop\Spyware30050TerminatorSetup.exe
[2011.12.22 21:49:02 | 000,468,444 | ---- | M] () -- C:\Users\Andreas\Desktop\Unbenannt-1.psd
[2011.12.22 18:55:18 | 000,002,224 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk
[2011.12.22 18:55:18 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk
[2011.12.22 18:55:18 | 000,001,224 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk
[2011.12.22 18:55:18 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk
[2011.12.18 18:48:44 | 000,001,478 | ---- | M] () -- C:\Users\Andreas\Desktop\Skyrim.lnk
[2011.12.16 13:58:24 | 000,001,043 | ---- | M] () -- C:\Users\Andreas\Desktop\Dropbox.lnk
[2011.12.16 13:57:34 | 000,001,023 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.12.15 10:53:45 | 000,323,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.14 11:22:09 | 000,002,010 | -H-- | M] () -- C:\Users\Andreas\Documents\Default.rdp
[2011.12.13 15:32:53 | 001,440,354 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-13_153242.tif
[2011.12.13 15:28:14 | 000,175,439 | ---- | M] () -- C:\Users\Andreas\AppData\Local\debuggee.mdmp
[2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.12.09 16:38:14 | 000,265,294 | ---- | M] () -- C:\Users\Andreas\Desktop\2011-12-09_163808.jpg
[2011.12.09 13:37:55 | 000,000,000 | ---- | M] () -- C:\Windows\HPMProp.INI
[2011.12.09 12:44:42 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.05 13:39:22 | 001,101,819 | ---- | M] () -- C:\Users\Andreas\Desktop\vp71.zip
[2011.12.05 13:33:31 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
 
========== Files Created - No Company Name ==========
 
[2012.01.02 11:35:04 | 000,029,410 | ---- | C] () -- C:\Users\Andreas\Desktop\Blatt10.pdf
[2012.01.01 23:41:42 | 000,001,112 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2012.01.01 23:41:29 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012.01.01 23:41:05 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
[2011.12.31 19:58:15 | 008,671,837 | ---- | C] () -- C:\Users\Andreas\Desktop\vdm_free.exe
[2011.12.27 23:57:47 | 000,041,737 | ---- | C] () -- C:\Users\Andreas\Desktop\4.jpg
[2011.12.27 23:57:34 | 000,043,150 | ---- | C] () -- C:\Users\Andreas\Desktop\3.jpg
[2011.12.27 23:57:24 | 000,035,556 | ---- | C] () -- C:\Users\Andreas\Desktop\2.jpg
[2011.12.27 23:57:11 | 000,035,633 | ---- | C] () -- C:\Users\Andreas\Desktop\1.jpg
[2011.12.27 22:33:48 | 000,040,359 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-27_223347.jpg
[2011.12.27 22:33:36 | 000,039,310 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-27_223335.jpg
[2011.12.27 22:33:23 | 000,038,623 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-27_223322.jpg
[2011.12.27 22:33:06 | 000,039,328 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-27_223259.jpg
[2011.12.27 17:30:42 | 000,001,852 | ---- | C] () -- C:\Users\Andreas\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.12.27 12:23:09 | 000,137,950 | ---- | C] () -- C:\Users\Andreas\Desktop\cc_20111227_122304.reg
[2011.12.25 16:19:26 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.12.25 03:49:23 | 000,034,731 | ---- | C] () -- C:\Users\Andreas\Desktop\OTL.zip
[2011.12.25 03:48:15 | 000,013,856 | ---- | C] () -- C:\Users\Andreas\Desktop\Extras.zip
[2011.12.25 03:21:40 | 000,000,020 | ---- | C] () -- C:\Users\Andreas\defogger_reenable
[2011.12.25 03:21:04 | 000,050,477 | ---- | C] () -- C:\Users\Andreas\Desktop\Defogger.exe
[2011.12.22 21:49:02 | 000,468,444 | ---- | C] () -- C:\Users\Andreas\Desktop\Unbenannt-1.psd
[2011.12.22 18:55:22 | 000,000,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
[2011.12.22 18:55:18 | 000,002,224 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk
[2011.12.22 18:55:18 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk
[2011.12.22 18:55:18 | 000,001,224 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk
[2011.12.22 18:55:18 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk
[2011.12.18 18:48:50 | 000,001,478 | ---- | C] () -- C:\Users\Andreas\Desktop\Skyrim.lnk
[2011.12.16 13:58:24 | 000,001,043 | ---- | C] () -- C:\Users\Andreas\Desktop\Dropbox.lnk
[2011.12.16 13:57:34 | 000,001,023 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.12.13 15:32:53 | 001,440,354 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-13_153242.tif
[2011.12.09 16:38:14 | 000,265,294 | ---- | C] () -- C:\Users\Andreas\Desktop\2011-12-09_163808.jpg
[2011.12.09 13:37:55 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2011.12.09 13:37:39 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\hpcc3118.dll
[2011.12.05 13:39:19 | 001,101,819 | ---- | C] () -- C:\Users\Andreas\Desktop\vp71.zip
[2011.12.05 13:33:31 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.11.04 01:03:36 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
[2011.11.01 15:10:20 | 000,175,439 | ---- | C] () -- C:\Users\Andreas\AppData\Local\debuggee.mdmp
[2011.10.08 14:28:17 | 001,995,776 | ---- | C] () -- C:\Windows\SysWow64\cxcore200.dll
[2011.10.08 14:28:17 | 001,623,040 | ---- | C] () -- C:\Windows\SysWow64\cv200.dll
[2011.10.08 14:28:16 | 001,174,467 | ---- | C] () -- C:\Windows\unins000.exe
[2011.10.08 14:28:16 | 000,010,123 | ---- | C] () -- C:\Windows\unins000.dat
[2011.10.07 14:31:05 | 000,000,316 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.08.19 10:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011.08.19 10:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011.08.19 10:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.07.10 14:41:28 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI
[2011.05.24 22:06:22 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.05.08 16:50:42 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2011.05.08 16:50:13 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.12.29 23:37:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2010.12.22 19:07:26 | 000,000,551 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\AutoGK.ini
[2010.12.15 13:18:38 | 000,012,288 | ---- | C] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.13 16:29:32 | 000,000,600 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\winscp.rnd
[2010.12.10 17:07:57 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.12.10 14:11:50 | 001,752,372 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.08 14:12:55 | 000,002,063 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat
[2010.12.08 14:11:47 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010.12.05 23:05:05 | 000,007,605 | ---- | C] () -- C:\Users\Andreas\AppData\Local\resmon.resmoncfg
[2010.12.05 21:31:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.12.05 21:30:09 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.12.05 20:56:15 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2010.12.05 20:53:29 | 000,072,304 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe
[2010.12.05 20:49:53 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010.01.27 03:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009.08.27 08:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.01.25 22:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.01.09 00:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2002.10.15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2002.09.17 23:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe
 
========== LOP Check ==========
 
[2011.01.05 17:01:49 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\.minecraft
[2011.12.22 18:47:09 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ALFBanCo4
[2011.05.03 12:27:23 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Autodesk
[2010.12.09 21:55:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\BITS
[2011.09.04 21:30:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Braid
[2011.08.11 15:41:21 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Brawsome
[2011.01.10 18:03:20 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Broken Rules
[2010.12.08 16:51:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Canneverbe Limited
[2010.12.13 00:46:56 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Cherry
[2011.12.25 17:48:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DAEMON Tools Lite
[2011.01.10 22:23:00 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DocClockGame
[2012.01.02 13:51:48 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Dropbox
[2011.08.13 19:16:42 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DVDVideoSoft
[2011.08.13 12:35:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.10 20:00:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FireShot
[2010.12.10 13:43:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FlashGet
[2010.12.08 14:11:41 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FlashGetBHO
[2011.11.12 13:29:30 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\fotw
[2010.12.12 04:23:52 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Foxit Software
[2011.07.10 14:45:43 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Fujitsu
[2011.03.06 18:42:08 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\gtk-2.0
[2010.12.22 15:18:46 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\HandBrake
[2011.11.05 12:40:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Heinz Nixdorf Institut
[2011.03.07 15:03:55 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\JavaEditor
[2012.01.01 23:41:42 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Leadertech
[2011.08.21 22:43:59 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\LucasArts
[2011.11.13 22:47:26 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Nicalis
[2011.02.27 21:18:55 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Nokia
[2011.01.07 14:12:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\OpenOffice.org
[2011.07.10 14:47:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PFU
[2010.12.13 22:49:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PMS
[2011.02.24 16:45:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Processing
[2010.12.05 21:41:45 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\QIP
[2011.10.07 14:53:59 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Subversion
[2011.08.11 00:03:46 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\System
[2010.12.17 15:35:28 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Systweak
[2010.12.05 23:34:20 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Thunderbird
[2011.12.29 13:35:09 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TS3Client
[2011.02.13 19:25:39 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Tunngle
[2011.11.04 01:03:50 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\VDownloader
[2011.12.31 19:59:17 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Video DVD Maker FREE
[2011.11.14 00:08:17 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Wargaming.net
[2011.08.11 00:10:53 | 000,000,000 | -HSD | M] -- C:\Users\Andreas\AppData\Roaming\wyUpdate AU
[2011.12.03 11:46:51 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Antwort

Themen zu BKA/Ukash-Trojaner/Virus und seine Folgen
.exe, abgesicherte, abgesicherten, abgesicherten modus, archiv, beseitigen, durchführen, euren, folge, folgen, freunde, hören, jetzt alles wieder normal, kryptische, lästige, löschen, modus, schritte, starte, stunde, stunden, system, weiteren, wirkt




Ähnliche Themen: BKA/Ukash-Trojaner/Virus und seine Folgen


  1. Bundespolizei und seine folgen?
    Plagegeister aller Art und deren Bekämpfung - 23.01.2014 (5)
  2. GVU Trojana oder Virus.....mit folgen
    Plagegeister aller Art und deren Bekämpfung - 30.04.2013 (4)
  3. MMS Nachricht t-mobile und seine folgen
    Diskussionsforum - 31.01.2013 (2)
  4. GVU - Virus und seine Bekämpfung (wpbt0.dll)
    Plagegeister aller Art und deren Bekämpfung - 26.10.2012 (13)
  5. wieder der Skype-Virus und seine Folgen
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (27)
  6. BKA Trojaner und seine Folgen ?
    Diskussionsforum - 18.08.2012 (1)
  7. Smart und seine folgen :(
    Plagegeister aller Art und deren Bekämpfung - 17.04.2012 (9)
  8. Drive-By Infektion und seine Folgen (Bank Phishing)
    Antiviren-, Firewall- und andere Schutzprogramme - 03.04.2012 (9)
  9. Trojaner/Virus: Bundespolizei verlangt 100€ via Ukash
    Plagegeister aller Art und deren Bekämpfung - 02.04.2012 (13)
  10. 50 Euro PayPal/Ukash Trojaner/Virus
    Log-Analyse und Auswertung - 30.03.2012 (3)
  11. Bundeskriminalamt Virus erfolgreich gelöscht, aber eventuelle Folgen?
    Plagegeister aller Art und deren Bekämpfung - 15.08.2011 (3)
  12. Bundeskriminalpolizei(Ukash)- und Sparkassen(TANs)-Trojaner/Virus
    Log-Analyse und Auswertung - 12.08.2011 (1)
  13. Trojan.Pidief und seine (?) Folgen - explorer.exe startet nicht - direkte Abmeldung
    Plagegeister aller Art und deren Bekämpfung - 26.04.2010 (1)
  14. Trojan-Keylogger.WIN32.Fung und seine Folgen
    Log-Analyse und Auswertung - 01.11.2008 (2)
  15. Serv-U und seine Folgen. (services.exe)
    Log-Analyse und Auswertung - 11.08.2007 (7)
  16. services.exe Virus hinterlässt seine Spuren
    Log-Analyse und Auswertung - 05.05.2007 (2)
  17. Specialgoods und seine Folgen
    Plagegeister aller Art und deren Bekämpfung - 15.06.2005 (3)

Zum Thema BKA/Ukash-Trojaner/Virus und seine Folgen - Hallo, vor ca. zwei Stunden habe ich mir den lästigen BKA-Trojaner eingefangen. Mithilfe des Abgesicherten Modus und dem löschen einer kryptischen *.exe in meinem Benutzerfolder, könnte ich mein System wieder - BKA/Ukash-Trojaner/Virus und seine Folgen...
Archiv
Du betrachtest: BKA/Ukash-Trojaner/Virus und seine Folgen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.