Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: SMART HDD entfernen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 29.04.2012, 16:31   #1
hg2000
 
SMART HDD entfernen - Standard

SMART HDD entfernen



Hallo zusammen,

ich habe mit den Smart HDD Trojaner eingefangen. Ich habe die Standard-Vorgehensweise wie hier(http://www.trojaner-board.de/113467-...entfernen.html) beschrieben schon ausprobiert (rkill, Malware Bytes, OTL, TDSSKiller). Hat leider nichts gebracht. Es wäre super, wenn mir hier Jemand weiter helfen könnte. Meine OTL-Logfiles:

OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 29.04.2012 17:20:54 - Run 1
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\MyName\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 61,19% Memory free
6,98 Gb Paging File | 5,46 Gb Available in Paging File | 78,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 238,29 Gb Total Space | 47,49 Gb Free Space | 19,93% Space Free | Partition Type: NTFS
Drive F: | 7,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: MyName-PC | User Name: MyName | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.29 17:20:07 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\MyName\Desktop\OTL.exe
PRC - [2012.04.29 13:09:21 | 000,221,184 | -H-- | M] () -- C:\ProgramData\W5zLjqYQGas6Q0.exe
PRC - [2012.04.29 13:01:31 | 000,300,544 | -H-- | M] () -- C:\ProgramData\YYtkTUcKcuuqNLK.exe
PRC - [2012.04.25 21:05:22 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | -H-- | M] (Malwarebytes Corporation) -- C:\mb\mbamgui.exe
PRC - [2012.01.31 08:56:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.01.31 08:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.01.31 08:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.01.31 08:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.23 09:59:08 | 000,892,928 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
PRC - [2011.11.11 19:18:24 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.05.25 09:25:02 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011.05.25 09:24:56 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.05.25 09:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.03.17 07:11:30 | 000,019,872 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011.03.17 07:10:18 | 003,373,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 23:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.06.28 13:01:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2010.06.28 12:59:52 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010.04.15 23:42:22 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.04.15 23:42:18 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.07.14 03:14:12 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe
PRC - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.29 13:09:21 | 000,221,184 | -H-- | M] () -- C:\ProgramData\W5zLjqYQGas6Q0.exe
MOD - [2012.04.29 13:01:31 | 000,300,544 | -H-- | M] () -- C:\ProgramData\YYtkTUcKcuuqNLK.exe
MOD - [2012.04.25 21:05:21 | 001,952,696 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.04.11 14:30:29 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7786f3e95a399a8b6691170ae2fe0e1c\PresentationFramework.ni.dll
MOD - [2012.04.11 14:30:19 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\239eba799555dbe10760ee80c8c8df7c\PresentationCore.ni.dll
MOD - [2012.04.11 14:30:11 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\02ea3ff3b5908b51da47e1aeb9e75b04\WindowsBase.ni.dll
MOD - [2012.03.09 23:00:13 | 000,968,704 | -H-- | M] () -- C:\Users\MyName\AppData\Roaming\Mozilla\Firefox\Profiles\21hud8n1.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
MOD - [2012.02.29 22:46:21 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\dfd9cbfccfadcf84406398a9d83ab4f4\System.Management.ni.dll
MOD - [2012.02.29 22:45:18 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\533deafc53346179cd118acc874752a3\System.Runtime.Remoting.ni.dll
MOD - [2012.02.29 22:45:12 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\ae31d46211440b11a9e66c3ba1a4e7ff\System.Xaml.ni.dll
MOD - [2012.02.28 20:26:39 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8b8a5c194aacfb2102d4e26b75a84e03\PresentationFramework.Aero.ni.dll
MOD - [2012.02.28 20:26:34 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7292b3e639a6202cf7eaf1f7ed271249\System.Core.ni.dll
MOD - [2012.02.28 20:26:26 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll
MOD - [2012.02.28 20:26:22 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll
MOD - [2011.11.23 10:00:00 | 000,884,736 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\fsk.dll
MOD - [2011.11.23 09:59:08 | 000,143,360 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
MOD - [2011.11.23 09:58:18 | 000,172,032 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\USBDetector.dll
MOD - [2011.11.23 09:57:28 | 000,018,432 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
MOD - [2011.11.23 09:57:26 | 000,009,728 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskPower.dll
MOD - [2011.11.23 09:57:24 | 000,020,480 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
MOD - [2011.11.23 09:57:24 | 000,008,704 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
MOD - [2011.11.23 09:57:22 | 000,028,160 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ticket.dll
MOD - [2011.11.23 09:57:20 | 000,012,288 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
MOD - [2011.11.23 09:56:02 | 000,118,784 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
MOD - [2011.11.23 09:55:58 | 000,010,752 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
MOD - [2011.11.23 09:55:56 | 000,233,472 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\Fskin.dll
MOD - [2011.11.23 09:55:26 | 000,033,792 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
MOD - [2011.11.17 23:06:54 | 000,798,720 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskSecurity.dll
MOD - [2011.11.17 21:47:08 | 000,086,016 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ebookUsb.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.10.01 15:33:55 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011.08.11 19:45:22 | 000,055,816 | -H-- | M] () -- C:\Users\MyName\AppData\Local\Temp\e3c74ee6-7482-4280-b9c3-f233b390296e\CliSecureRT.dll
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2011.03.17 07:11:30 | 000,019,872 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2010.01.30 03:41:12 | 004,254,560 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.04.25 21:05:22 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.31 08:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.31 08:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.17 23:12:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2011.05.25 09:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.06.28 13:01:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010.04.15 23:42:22 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.04.15 23:42:18 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.03.25 11:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2003.04.18 20:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.02.09 22:43:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.01.31 08:56:33 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.01.31 08:56:33 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.01.03 10:38:36 | 000,136,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.01.03 10:38:36 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011.01.03 10:38:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010.11.20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.10.15 01:27:20 | 000,269,824 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2010.05.15 16:30:50 | 000,461,400 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.09.18 03:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.14 00:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007.05.03 16:11:14 | 000,256,000 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MRVW13B.sys -- (MRV6X32P)
DRV - [2007.03.14 01:04:40 | 000,095,712 | ---- | M] (Terratec Electronic GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ews88wdm.sys -- (ews88mt)
DRV - [2005.08.18 01:00:00 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Lavalys\EVEREST Home Edition\kerneld.wnt -- (EverestDriver)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 77 9D 0B A0 F1 71 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "BittorrentBar_DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "BittorrentBar_DE Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.stadtrevue.de"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: toolbar@alexa.com:1.54
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: FirePHPExtension-Build@firephp.org:0.4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.70.0
FF - prefs.js..extensions.enabledItems: beta@linkdiagnosis.com:2.2.42
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.34
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.6.8
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.http: "95.211.8.133"
FF - prefs.js..network.proxy.http_port: 80
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.28 00:34:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.04.04 22:10:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.06.02 00:11:26 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\MyName\AppData\Roaming\mozilla\Extensions
[2011.06.02 00:11:26 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\MyName\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.04.29 16:52:17 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\MyName\AppData\Roaming\mozilla\Firefox\Profiles\21hud8n1.default\extensions
[2012.04.29 16:43:07 | 000,000,000 | -H-D | M] (SeoQuake) -- C:\Users\MyName\AppData\Roaming\mozilla\Firefox\Profiles\21hud8n1.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2012.04.29 16:43:06 | 000,000,000 | -H-D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\MyName\AppData\Roaming\mozilla\Firefox\Profiles\21hud8n1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.04.29 16:43:06 | 000,000,000 | -H-D | M] (Page Speed) -- C:\Users\MyName\AppData\Roaming\mozilla\Firefox\Profiles\21hud8n1.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2012.04.29 16:43:07 | 000,000,000 | -H-D | M] (LastPass) -- C:\Users\MyName\AppData\Roaming\mozilla\Firefox\Profiles\21hud8n1.default\extensions\support@lastpass.com
[2012.03.04 10:34:47 | 000,003,915 | -H-- | M] () -- C:\Users\MyName\AppData\Roaming\Mozilla\Firefox\Profiles\21hud8n1.default\searchplugins\sweetim.xml
[2012.03.04 13:09:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\MyName\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\21HUD8N1.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
() (No name found) -- C:\USERS\MyName\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\21HUD8N1.DEFAULT\EXTENSIONS\{D57C9FF1-6389-48FC-B770-F78BD89B6E8A}.XPI
() (No name found) -- C:\USERS\MyName\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\21HUD8N1.DEFAULT\EXTENSIONS\BETA@LINKDIAGNOSIS.COM.XPI
() (No name found) -- C:\USERS\MyName\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\21HUD8N1.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI
() (No name found) -- C:\USERS\MyName\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\21HUD8N1.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\USERS\MyName\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\21HUD8N1.DEFAULT\EXTENSIONS\TOBIAS@WEBFISH.SE2.XPI
[2012.04.25 21:05:22 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 10:12:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.03 10:12:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.03 10:12:17 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.03 10:12:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.03 10:12:17 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.03 10:12:17 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Programme\PriceGong\2.5.4\PriceGongIE.dll (PriceGong)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Programme\LastPass\LPBar.dll (LastPass)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Programme\LastPass\LPBar.dll (LastPass)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\mb\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Reader Application Helper] C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [YYtkTUcKcuuqNLK.exe] C:\ProgramData\YYtkTUcKcuuqNLK.exe ()
O4 - Startup: C:\Users\MyName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\MyName\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\MyName\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: LastPass - file://C:\Program Files\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Ausfüllformulare - file://C:\Program Files\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Programme\LastPass\LPBar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Programme\LastPass\LPBar.dll (LastPass)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B42161D3-AE48-4AC6-811F-0CE8A4015E2D}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (MrvGINA.dll) -  File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b16c341b-945b-11e0-80b5-1c6f65a75208}\Shell - "" = AutoRun
O33 - MountPoints2\{b16c341b-945b-11e0-80b5-1c6f65a75208}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{b16c341b-945b-11e0-80b5-1c6f65a75208}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{b16c341b-945b-11e0-80b5-1c6f65a75208}\Shell\install\command - "" = F:\SETUP.EXE
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.29 17:20:05 | 000,595,456 | -H-- | C] (OldTimer Tools) -- C:\Users\MyName\Desktop\OTL.exe
[2012.04.29 17:06:55 | 000,258,560 | -H-- | C] (OldTimer Tools) -- C:\Users\MyName\Desktop\OTH.scr
[2012.04.29 14:08:32 | 000,000,000 | -H-D | C] -- C:\mb
[2012.04.29 14:07:55 | 010,063,000 | -H-- | C] (Malwarebytes Corporation                                    ) -- C:\Users\MyName\Desktop\malwarebytes_antimalware_1.61(1).exe
[2012.04.29 13:45:58 | 000,000,000 | -H-D | C] -- C:\Users\MyName\AppData\Roaming\Malwarebytes
[2012.04.29 13:45:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2012.04.29 13:45:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.29 13:45:52 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.29 13:45:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.04.29 13:42:32 | 000,000,000 | -H-D | C] -- C:\TDSSKiller_Quarantine
[2012.04.29 13:39:49 | 000,000,000 | -H-D | C] -- C:\Users\MyName\Desktop\tdsskiller_2.5.5.0
[2012.04.29 13:09:24 | 000,000,000 | -H-D | C] -- C:\Users\MyName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
[2012.04.29 11:35:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\AutoKMS
[2012.04.28 13:58:04 | 000,000,000 | -H-D | C] -- C:\Users\MyName\Documents\VideoPad Projects
[2012.04.28 12:53:50 | 000,000,000 | -H-D | C] -- C:\Users\MyName\AppData\Roaming\NVIDIA
[2012.04.28 12:46:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\NCH Software
[2012.04.28 12:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2012.04.28 12:46:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
[2012.04.28 12:46:21 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2012.04.28 12:46:16 | 000,000,000 | -H-D | C] -- C:\Users\MyName\AppData\Roaming\NCH Software
[2012.04.28 12:46:08 | 003,941,464 | -H-- | C] (NCH Software) -- C:\Users\MyName\Desktop\vpsetup-243.exe
[2012.04.28 12:45:18 | 000,000,000 | -H-D | C] -- C:\Users\MyName\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.28 12:45:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.04.28 12:45:14 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\System32\QtCore4.dll
[2012.04.28 12:45:12 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[2012.04.28 12:45:08 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012.04.28 12:45:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012.04.28 11:19:51 | 000,000,000 | -H-D | C] -- C:\Users\MyName\AppData\Roaming\Avira
[2012.04.28 11:01:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.04.28 11:01:13 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.04.28 11:01:12 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.04.28 11:01:12 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.04.28 11:01:12 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.04.28 11:01:11 | 000,000,000 | -H-D | C] -- C:\ProgramData\Avira
[2012.04.28 01:09:23 | 000,000,000 | -H-D | C] -- C:\OEMSettings
[2012.04.28 01:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR
[2012.04.28 01:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WG311v3 Smart Wizard
[2012.04.28 00:57:51 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012.04.25 21:05:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\Mozilla
[2012.04.25 21:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.04.21 15:43:47 | 000,000,000 | -H-D | C] -- C:\Users\MyName\Desktop\kindle
[2012.04.14 12:46:14 | 000,000,000 | -H-D | C] -- C:\Users\MyName\Desktop\rechnungen xxlfood
[2012.04.11 14:30:34 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.04.11 14:30:33 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.04.11 14:30:33 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.04.11 14:30:32 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.04.11 14:30:32 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.04.11 14:30:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.04.11 14:28:50 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.04.11 14:28:50 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.04.11 11:30:51 | 000,000,000 | -H-D | C] -- C:\Users\MyName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Article Wizard
[2012.04.11 11:30:51 | 000,000,000 | ---D | C] -- C:\Program Files\Article Wizard
[2012.04.09 21:53:10 | 000,000,000 | -H-D | C] -- C:\Users\MyName\Desktop\xml
[2012.04.09 11:50:28 | 000,000,000 | -H-D | C] -- C:\Users\MyName\Desktop\piwik
[2012.04.09 11:48:13 | 000,000,000 | -H-D | C] -- C:\Users\MyName\Desktop\04
[2012.04.08 19:49:01 | 000,000,000 | -H-D | C] -- C:\Users\MyName\.easyxmleditor
[2012.04.08 19:48:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy XML Editor
[2012.04.08 19:48:53 | 000,000,000 | ---D | C] -- C:\Program Files\Easy XML Editor
[2012.04.08 19:46:26 | 000,000,000 | -H-D | C] -- C:\Users\MyName\AppData\Roaming\Extensible XML Editor
[2012.04.08 19:46:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\{DB074885-BBA6-46B1-AD15-3339F4915375}
[2012.04.08 19:46:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Essential XML Editor 1.6
[2012.04.08 19:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\Essential XML Editor 1.6
[2012.04.08 19:45:44 | 000,000,000 | -H-D | C] -- C:\Users\MyName\Desktop\Downloads
[2012.02.20 19:19:38 | 010,905,632 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
[3 C:\Users\MyName\Desktop\*.tmp files -> C:\Users\MyName\Desktop\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2077.05.27 10:01:30 | 001,316,154 | -H-- | M] () -- C:\Users\MyName\Desktop\MZ000011.MP3
[2012.04.29 17:24:26 | 000,021,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.29 17:24:26 | 000,021,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.29 17:20:07 | 000,595,456 | -H-- | M] (OldTimer Tools) -- C:\Users\MyName\Desktop\OTL.exe
[2012.04.29 17:15:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.29 17:15:31 | 2811,875,328 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.29 17:06:59 | 000,258,560 | -H-- | M] (OldTimer Tools) -- C:\Users\MyName\Desktop\OTH.scr
[2012.04.29 15:27:29 | 001,008,141 | -H-- | M] () -- C:\Users\MyName\Desktop\rkill.exe
[2012.04.29 14:08:33 | 000,000,554 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.29 14:08:00 | 010,063,000 | -H-- | M] (Malwarebytes Corporation                                    ) -- C:\Users\MyName\Desktop\malwarebytes_antimalware_1.61(1).exe
[2012.04.29 14:04:03 | 001,008,141 | -H-- | M] () -- C:\Users\MyName\Desktop\rkill(1).com
[2012.04.29 13:39:31 | 001,309,375 | -H-- | M] () -- C:\Users\MyName\Desktop\tdsskiller_2.5.5.0.zip
[2012.04.29 13:37:15 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.29 13:37:15 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.29 13:37:15 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.29 13:37:15 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.29 13:22:05 | 000,000,256 | -H-- | M] () -- C:\ProgramData\W5zLjqYQGas6Q0
[2012.04.29 13:15:04 | 000,000,184 | -H-- | M] () -- C:\ProgramData\-W5zLjqYQGas6Q0r
[2012.04.29 13:15:04 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-W5zLjqYQGas6Q0
[2012.04.29 13:09:24 | 000,000,675 | -H-- | M] () -- C:\Users\MyName\Desktop\Data_Recovery.lnk
[2012.04.29 13:09:21 | 000,221,184 | -H-- | M] () -- C:\ProgramData\W5zLjqYQGas6Q0.exe
[2012.04.29 13:05:17 | 000,000,600 | -H-- | M] () -- C:\Users\MyName\AppData\Roaming\winscp.rnd
[2012.04.29 13:01:31 | 000,300,544 | -H-- | M] () -- C:\ProgramData\YYtkTUcKcuuqNLK.exe
[2012.04.28 15:48:52 | 016,699,948 | -H-- | M] () -- C:\Users\MyName\Desktop\enik5.wav
[2012.04.28 15:21:43 | 016,699,948 | -H-- | M] () -- C:\Users\MyName\Desktop\enik4.wav
[2012.04.28 15:14:48 | 016,377,968 | -H-- | M] () -- C:\Users\MyName\Desktop\enik3.wav
[2012.04.28 14:59:51 | 000,002,272 | -H-- | M] () -- C:\Users\MyName\Desktop\Free Video to MP3 Converter.lnk
[2012.04.28 14:59:51 | 000,001,221 | -H-- | M] () -- C:\Users\MyName\Desktop\DVDVideoSoft Free Studio.lnk
[2012.04.28 14:47:12 | 011,967,916 | -H-- | M] () -- C:\Users\MyName\Desktop\eink2.wav
[2012.04.28 14:26:35 | 000,226,728 | -H-- | M] () -- C:\Users\MyName\Desktop\MZ000011.HM2
[2012.04.28 14:26:35 | 000,020,064 | -H-- | M] () -- C:\Users\MyName\Desktop\MZ000011.HMP
[2012.04.28 13:27:28 | 012,428,264 | -H-- | M] () -- C:\Users\MyName\Desktop\eink.wav
[2012.04.28 12:46:13 | 003,941,464 | -H-- | M] (NCH Software) -- C:\Users\MyName\Desktop\vpsetup-243.exe
[2012.04.28 12:45:15 | 000,001,284 | -H-- | M] () -- C:\Users\MyName\Desktop\Free YouTube Download.lnk
[2012.04.27 23:09:24 | 000,000,032 | -H-- | M] () -- C:\Users\MyName\AppData\Roaming\msregsvv.dll
[2012.04.27 23:09:24 | 000,000,032 | -H-- | M] () -- C:\ProgramData\autobk.inc
[2012.04.23 21:27:48 | 255,433,843 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.04.23 19:52:03 | 000,072,150 | -H-- | M] () -- C:\Users\MyName\Desktop\denic_xxlfood.de.JPG
[2012.04.22 15:36:10 | 000,045,383 | -H-- | M] () -- C:\Users\MyName\Desktop\swsws.wma
[2012.04.18 13:49:50 | 000,405,176 | ---- | M] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[2012.04.15 16:57:41 | 013,698,809 | -H-- | M] () -- C:\Users\MyName\Desktop\wdr5_toene_texte_bilder_20120414.mp3
[2012.04.14 13:53:09 | 000,090,177 | -H-- | M] () -- C:\Users\MyName\Desktop\lebensmittel.jpg
[2012.04.13 15:56:00 | 000,000,804 | -H-- | M] () -- C:\Users\MyName\Desktop\config.php
[2012.04.11 11:30:53 | 000,003,035 | -H-- | M] () -- C:\Users\MyName\Desktop\Article Wizard.lnk
[2012.04.09 21:35:06 | 000,002,634 | -H-- | M] () -- C:\Users\MyName\Desktop\node.xml
[2012.04.09 21:09:49 | 000,001,307 | -H-- | M] () -- C:\Users\MyName\Desktop\xmlfehler.xml
[2012.04.09 11:46:17 | 000,000,044 | -H-- | M] () -- C:\Users\MyName\Desktop\Wir finden für Dich das beste XXL Restaurant - XXLfood.de.URL
[2012.04.08 19:48:54 | 000,001,063 | -H-- | M] () -- C:\Users\MyName\Desktop\Easy XML Editor.lnk
[2012.04.08 19:48:54 | 000,001,031 | -H-- | M] () -- C:\Users\MyName\Desktop\XML Dog.lnk
[2012.04.08 19:47:16 | 000,009,423 | -H-- | M] () -- C:\Users\MyName\Desktop\Item.xml
[2012.04.07 16:26:21 | 000,019,730 | -H-- | M] () -- C:\Users\MyName\Desktop\logos-breit-bw.png
[2012.04.07 16:26:21 | 000,000,132 | -H-- | M] () -- C:\Users\MyName\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.04.07 15:27:05 | 000,112,250 | -H-- | M] () -- C:\Users\MyName\Desktop\1live.jpg
[2012.04.07 15:14:01 | 000,118,424 | -H-- | M] () -- C:\Users\MyName\Desktop\buero.jpg
[2012.04.07 14:41:35 | 000,112,828 | -H-- | M] () -- C:\Users\MyName\Desktop\landschaft.jpg
[2012.04.06 17:41:52 | 000,004,332 | -H-- | M] () -- C:\Users\MyName\Desktop\contact_btn_red.png
[2012.04.06 17:12:42 | 000,039,317 | -H-- | M] () -- C:\Users\MyName\Desktop\logos-breit.png
[2012.04.06 15:59:34 | 000,020,813 | -H-- | M] () -- C:\Users\MyName\Desktop\telefon.JPG
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.01 14:44:08 | 000,690,589 | -H-- | M] () -- C:\Users\MyName\Desktop\logo_page1.png
[3 C:\Users\MyName\Desktop\*.tmp files -> C:\Users\MyName\Desktop\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.29 15:27:25 | 001,008,141 | -H-- | C] () -- C:\Users\MyName\Desktop\rkill.exe
[2012.04.29 14:08:33 | 000,000,554 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.29 14:04:02 | 001,008,141 | -H-- | C] () -- C:\Users\MyName\Desktop\rkill(1).com
[2012.04.29 13:39:30 | 001,309,375 | -H-- | C] () -- C:\Users\MyName\Desktop\tdsskiller_2.5.5.0.zip
[2012.04.29 13:09:29 | 000,000,184 | -H-- | C] () -- C:\ProgramData\-W5zLjqYQGas6Q0r
[2012.04.29 13:09:29 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-W5zLjqYQGas6Q0
[2012.04.29 13:09:24 | 000,000,675 | -H-- | C] () -- C:\Users\MyName\Desktop\Data_Recovery.lnk
[2012.04.29 13:09:21 | 000,221,184 | -H-- | C] () -- C:\ProgramData\W5zLjqYQGas6Q0.exe
[2012.04.29 13:09:21 | 000,000,256 | -H-- | C] () -- C:\ProgramData\W5zLjqYQGas6Q0
[2012.04.29 13:03:42 | 000,300,544 | -H-- | C] () -- C:\ProgramData\YYtkTUcKcuuqNLK.exe
[2012.04.28 15:48:51 | 016,699,948 | -H-- | C] () -- C:\Users\MyName\Desktop\enik5.wav
[2012.04.28 15:21:42 | 016,699,948 | -H-- | C] () -- C:\Users\MyName\Desktop\enik4.wav
[2012.04.28 15:14:47 | 016,377,968 | -H-- | C] () -- C:\Users\MyName\Desktop\enik3.wav
[2012.04.28 14:59:51 | 000,002,272 | -H-- | C] () -- C:\Users\MyName\Desktop\Free Video to MP3 Converter.lnk
[2012.04.28 14:59:51 | 000,001,221 | -H-- | C] () -- C:\Users\MyName\Desktop\DVDVideoSoft Free Studio.lnk
[2012.04.28 14:47:11 | 011,967,916 | -H-- | C] () -- C:\Users\MyName\Desktop\eink2.wav
[2012.04.28 14:24:22 | 000,226,728 | -H-- | C] () -- C:\Users\MyName\Desktop\MZ000011.HM2
[2012.04.28 14:24:22 | 000,020,064 | -H-- | C] () -- C:\Users\MyName\Desktop\MZ000011.HMP
[2012.04.28 14:23:34 | 001,316,154 | -H-- | C] () -- C:\Users\MyName\Desktop\MZ000011.MP3
[2012.04.28 13:27:24 | 012,428,264 | -H-- | C] () -- C:\Users\MyName\Desktop\eink.wav
[2012.04.28 12:45:15 | 000,001,284 | -H-- | C] () -- C:\Users\MyName\Desktop\Free YouTube Download.lnk
[2012.04.23 19:52:02 | 000,072,150 | -H-- | C] () -- C:\Users\MyName\Desktop\denic_xxlfood.de.JPG
[2012.04.22 15:36:10 | 000,045,383 | -H-- | C] () -- C:\Users\MyName\Desktop\swsws.wma
[2012.04.15 16:57:33 | 013,698,809 | -H-- | C] () -- C:\Users\MyName\Desktop\wdr5_toene_texte_bilder_20120414.mp3
[2012.04.14 13:53:07 | 000,090,177 | -H-- | C] () -- C:\Users\MyName\Desktop\lebensmittel.jpg
[2012.04.13 15:56:00 | 000,000,804 | -H-- | C] () -- C:\Users\MyName\Desktop\config.php
[2012.04.11 11:30:53 | 000,003,035 | -H-- | C] () -- C:\Users\MyName\Desktop\Article Wizard.lnk
[2012.04.09 21:26:49 | 000,002,634 | -H-- | C] () -- C:\Users\MyName\Desktop\node.xml
[2012.04.09 21:09:49 | 000,001,307 | -H-- | C] () -- C:\Users\MyName\Desktop\xmlfehler.xml
[2012.04.09 11:46:17 | 000,000,044 | -H-- | C] () -- C:\Users\MyName\Desktop\Wir finden für Dich das beste XXL Restaurant - XXLfood.de.URL
[2012.04.08 19:48:54 | 000,001,063 | -H-- | C] () -- C:\Users\MyName\Desktop\Easy XML Editor.lnk
[2012.04.08 19:48:54 | 000,001,031 | -H-- | C] () -- C:\Users\MyName\Desktop\XML Dog.lnk
[2012.04.08 19:47:16 | 000,009,423 | -H-- | C] () -- C:\Users\MyName\Desktop\Item.xml
[2012.04.07 15:27:03 | 000,112,250 | -H-- | C] () -- C:\Users\MyName\Desktop\1live.jpg
[2012.04.07 15:12:04 | 000,118,424 | -H-- | C] () -- C:\Users\MyName\Desktop\buero.jpg
[2012.04.07 14:36:51 | 000,112,828 | -H-- | C] () -- C:\Users\MyName\Desktop\landschaft.jpg
[2012.04.06 17:05:31 | 000,019,730 | -H-- | C] () -- C:\Users\MyName\Desktop\logos-breit-bw.png
[2012.04.06 17:04:52 | 000,039,317 | -H-- | C] () -- C:\Users\MyName\Desktop\logos-breit.png
[2012.04.06 15:59:34 | 000,020,813 | -H-- | C] () -- C:\Users\MyName\Desktop\telefon.JPG
[2012.04.01 21:04:41 | 000,690,589 | -H-- | C] () -- C:\Users\MyName\Desktop\logo_page1.png
[2012.01.15 14:09:03 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2012.01.14 19:46:13 | 000,000,218 | -H-- | C] () -- C:\Users\MyName\AppData\Local\recently-used.xbel
[2012.01.14 19:40:26 | 000,003,515 | -H-- | C] () -- C:\Users\MyName\AppData\Local\gnucash.gnucash
[2012.01.14 18:34:34 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2012.01.10 15:27:10 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2011.10.02 10:37:52 | 000,002,079 | -H-- | C] () -- C:\Users\MyName\AppData\Roaming\SAS7_000.DAT
[2011.09.12 20:49:56 | 000,002,892 | -H-- | C] () -- C:\Windows\System32\audcon.sys
[2011.09.12 20:49:19 | 000,000,045 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe.cfg
[2011.09.12 20:49:18 | 000,086,016 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe
[2011.09.11 16:21:42 | 000,684,313 | ---- | C] () -- C:\Windows\unins000.exe
[2011.09.11 16:21:42 | 000,011,775 | ---- | C] () -- C:\Windows\unins000.dat
[2011.07.30 13:04:41 | 000,000,132 | -H-- | C] () -- C:\Users\MyName\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.07.28 22:56:48 | 000,000,032 | -H-- | C] () -- C:\Users\MyName\AppData\Roaming\msregsvv.dll
[2011.07.28 22:56:48 | 000,000,032 | -H-- | C] () -- C:\ProgramData\autobk.inc
[2011.07.09 21:53:29 | 000,000,132 | -H-- | C] () -- C:\Users\MyName\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.06.02 00:52:46 | 000,000,600 | -H-- | C] () -- C:\Users\MyName\AppData\Roaming\winscp.rnd
[2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.05.12 14:28:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.05.03 00:30:50 | 001,144,147 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll
[2011.05.03 00:27:54 | 003,935,545 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll
[2011.05.02 22:23:46 | 000,324,096 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2011.05.02 22:19:34 | 000,100,352 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2011.05.02 22:19:20 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.03.18 23:32:44 | 000,163,840 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2011.03.18 23:29:56 | 000,181,248 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2011.03.18 23:28:30 | 001,557,504 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2011.03.18 23:27:08 | 000,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2011.03.18 23:26:44 | 000,484,864 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2011.03.18 23:25:38 | 000,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2011.03.18 23:25:24 | 000,141,312 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2011.03.06 21:11:08 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011.03.06 21:07:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011.03.03 13:40:08 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2011.03.03 13:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2011.03.03 13:39:46 | 000,141,824 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2011.03.03 13:39:34 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2011.03.03 13:39:02 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2011.03.03 13:38:54 | 000,154,112 | ---- | C] () -- C:\Windows\System32\ts.dll
[2011.03.03 13:38:40 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2011.03.03 13:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2011.03.03 13:38:04 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2011.03.03 13:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
[2011.03.03 13:37:40 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2011.03.03 13:35:32 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2011.03.03 13:35:26 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2011.03.02 23:57:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.03.02 23:57:40 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.03.02 23:57:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.03.02 23:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.03.02 23:57:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.02.22 21:39:04 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.02.22 21:37:30 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.02.11 19:10:52 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2011.02.11 19:10:52 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2011.02.11 19:10:50 | 000,874,048 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2011.02.11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010.11.21 02:46:14 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.11.21 02:46:14 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.11.21 02:46:14 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.11.21 02:46:14 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.11.20 23:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.08.18 21:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\System32\Registration.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:F35A93AD

< End of report >
         
--- --- ---

EXTRAS:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 29.04.2012 17:20:54 - Run 1
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\MyName\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 61,19% Memory free
6,98 Gb Paging File | 5,46 Gb Available in Paging File | 78,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 238,29 Gb Total Space | 47,49 Gb Free Space | 19,93% Space Free | Partition Type: NTFS
Drive F: | 7,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: MyName-PC | User Name: MyName | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{39C6420F-801D-40DB-BAC1-AAF9E95DD4A4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{56E48015-87EA-4541-9ECE-9A2BDFEB3EE1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5E62888F-D4D8-43DF-A699-A9481FB3E8BC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{60BB8577-C730-49FA-AB2C-93DC868F5554}" = rport=139 | protocol=6 | dir=out | app=system | 
"{62C1F64F-4FE3-41BE-A768-23807F7287BD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{63085E07-224B-4DE2-8DD3-96CDFD084F9F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6A46704C-3441-469D-8528-63471B17A40A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{6D54AC2A-741D-42B1-A110-FEFCC1DE1911}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{7514E25E-57CF-43BE-9EF8-1ECFBD3CD6E2}" = lport=3389 | protocol=6 | dir=in | app=system | 
"{80CCCF70-3A7C-4A0B-A307-6C25B6630866}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9280C433-D59E-4DB6-A1C5-9CC4B640F538}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B02DCFE8-309A-40C6-8169-A9036545DE81}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B8F17D96-58E7-41FB-A9BC-93E4211B3D91}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D6115386-DAA2-43BF-B0CB-388B23CCBAB5}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe | 
"{E33A9331-3CF8-4D26-AB0E-1C76BBDF23FA}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C6F1241-91D7-4A74-9FE8-7E2CA58B6B64}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{1A949648-9D55-4008-B762-BAB0925E7C1F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2A5AAFEA-32C7-4CB0-B1A5-605E66D6639D}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | 
"{2C9EAD0B-C012-4CF5-BA62-D4E0FEE560C7}" = protocol=17 | dir=in | app=c:\program files\gnucash\bin\gconfd-2.exe | 
"{2CB0843C-5D23-4703-B4E5-BE00AF84FC6A}" = protocol=6 | dir=in | app=c:\program files\gnucash\bin\gnucash.exe | 
"{3399AD86-AABE-4EFA-9340-3CDC98764142}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{39CFA262-5729-4F96-AD4E-B7AFCDA09791}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{3B41D0C4-9CA0-4C79-BD0B-A7D1511C1610}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{47079AD3-F3CD-4FBE-A0E5-59D491446B26}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\autopatcher.exe | 
"{4E74FAC1-9828-4286-B82F-668CE5F0BFEB}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{54C83B4D-A709-4512-80CD-6CE3DB4AE035}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{58C0A869-6AB5-4612-BEF2-B784E1AC6E46}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{591E46CB-F57B-4A21-9B51-E9E9DEFB7E78}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\anno5.exe | 
"{59853D53-57C4-4F20-9B4B-9D78DEA6FC7E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5BA22A12-86BE-4643-917C-CC8706CF265D}" = protocol=6 | dir=in | app=c:\users\MyName\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6035BFD1-91DC-4AA0-8337-CD87B1B39B9B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{611A57C4-EA05-443C-9DD1-10AE7DE7330F}" = protocol=6 | dir=in | app=c:\program files\gnucash\bin\gconfd-2.exe | 
"{63E4450A-368F-40F2-A5DC-BA1EC1F403C0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{64BFD506-10EC-45A4-84ED-0C4C7F2E7058}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{6EF5605B-956A-4D41-A408-60CA057552CD}" = protocol=17 | dir=in | app=c:\program files\gnucash\bin\gnucash.exe | 
"{6F31E55A-DF65-480B-B25D-11A929E73FB2}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\autopatcher.exe | 
"{75CFCDA7-BD2B-4916-892B-B418FB753861}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{78853E33-B2C2-4CE3-A1FB-C58502BFB35F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{8B65C02D-04BE-40AF-9913-8FF8DD22DC5B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A19A9979-D11D-4D3D-86B0-1E0B0D29DDD3}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\anno5.exe | 
"{A1BD4D3D-0B34-4CEE-983A-0FDAAE992EC7}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\initengine.exe | 
"{B255DD69-5DB0-48E9-88AE-04634E47F389}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{B4097B91-8686-468B-BF3C-DD5282CDF144}" = protocol=17 | dir=in | app=c:\users\MyName\appdata\roaming\dropbox\bin\dropbox.exe | 
"{B7CAEB73-EACC-4CDD-9EA7-3012D9B1FA84}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | 
"{D7C280BA-BB33-4801-9333-F244B6CDFE47}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{EE32C59D-0876-4264-85E8-E6F0A17EBB1A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\initengine.exe | 
"{F73C7A12-7845-41F5-9D8E-14F71949F81D}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 
"TCP Query User{6DF5F95A-76D7-4460-929F-0EAC5F3A409B}C:\program files\netbeans 7.0.1\bin\netbeans.exe" = protocol=6 | dir=in | app=c:\program files\netbeans 7.0.1\bin\netbeans.exe | 
"TCP Query User{BB341829-A956-424C-9080-DCE6E88365D7}C:\users\MyName\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\MyName\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{99EE11F9-DA7B-4E4D-8EE7-377A94F0B8B5}C:\program files\netbeans 7.0.1\bin\netbeans.exe" = protocol=17 | dir=in | app=c:\program files\netbeans 7.0.1\bin\netbeans.exe | 
"UDP Query User{C40D71C1-AEA8-422D-8B8D-D27FDA8625DE}C:\users\MyName\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\MyName\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24C152B6-544C-4B64-A4CA-575843C0CFE6}" = Article Wizard
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java(TM) 7
"{32A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{35EF5571-957E-4C0A-A34D-0E4BF14B563C}_is1" = iPad File Explorer 1.25
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{4D3DA153-548D-4D7F-B62B-653D845169D3}" = Reader for PC
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{70014586-7BBA-4A92-A610-CDC896C48F8F}" = NETGEAR WG311v3 PCI Adapter
"{71A53652-B627-41A4-A8A6-55AA3A92EF47}" = Samplitude 11.5 Producer Download Version
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{771D8BC7-74D6-4FE5-85C9-13EC7401EB92}" = Excellent Analytics
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{97D23E68-AF01-4B69-B31E-7DFC209D01F3}" = Essential XML Editor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 17.0.1000.0
"{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Premium
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D432C227-3FA3-44AB-BEE8-E665133BDD23}" = UBot
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA5202AC-12BF-4330-B8EA-BC77F991FA1C}_is1" = AmpliTube 3 version 3.5.1
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"{FEF82C7B-A738-4EE2-9600-39895B21506F}" = PHASE 88 ControlPanel
"Addictive Drums ADpak Retro_is1" = Addictive Drums ADpak Retro
"Addictive Drums Inno Setup_is1" = Addictive Drums 1.1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Deus Ex Human Revolution_is1" = Deus Ex Human Revolution
"Easy XML Editor_is1" = Easy XML Editor 1.6.6
"eLicenser Control" = eLicenser Control
"Essential XML Editor" = Essential XML Editor
"foobar2000" = foobar2000 v1.1.6
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.10.423
"Free YouTube Download_is1" = Free YouTube Download version 3.1.25.423
"Git_is1" = Git version 1.7.6-preview20110708
"GnuCash_is1" = GnuCash 2.4.9
"Heroku_is1" = Heroku version 2.11.0
"IETester" = IETester v0.4.11 (remove only)
"InstallShield_{70014586-7BBA-4A92-A610-CDC896C48F8F}" = NETGEAR WG311v3 PCI Adapter
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"LastPass" = LastPass (nur deinstallieren)
"Live 8.0.4" = Live 8.0.4
"MAGIX_MSI_Samplitude_115_Producer" = Samplitude 11.5 Producer Download Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 11.0.1 (x86 de)" = Mozilla Thunderbird 11.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"nbi-nb-base-7.0.1.0.0" = NetBeans IDE 7.0.1
"Notepad++" = Notepad++
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"PriceGong" = PriceGong 2.5.4
"Revo Uninstaller" = Revo Uninstaller 1.93
"Screaming Frog SEO Spider" = Screaming Frog SEO Spider
"UseNeXT_is1" = UseNeXT
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 1.1.9
"Waldorf Largo" = Waldorf Largo
"Waves Mercury Bundle" = Waves Mercury Bundle
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 3.1.0
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-1
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"winscp3_is1" = WinSCP 4.3.3
"xampp" = XAMPP 1.7.4
"XviD" = XviD MPEG-4 Codec
"YTdetect" = Yahoo! Detect
"ZoneAlarm" = ZoneAlarm
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{BD5F3A9C-22D5-4C1D-AEA0-ED1BE83A1E67}_is1" = Ruby 1.9.2-p290
"Dropbox" = Dropbox
"Leela lite 0.3.16" = Leela lite - the Go Program
"Tropico 4" = Tropico 4 1.00
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 13.04.2012 09:02:26 | Computer Name = MyName-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.04.2012 11:41:35 | Computer Name = MyName-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.04.2012 18:29:04 | Computer Name = MyName-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.04.2012 06:36:38 | Computer Name = MyName-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.04.2012 10:15:53 | Computer Name = MyName-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: httpd.exe, Version: 2.2.17.0, Zeitstempel:
 0x4cbbe9e8  Name des fehlerhaften Moduls: php5ts.dll, Version: 5.3.5.0, Zeitstempel:
 0x4d26013e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000c5c6  ID des fehlerhaften Prozesses:
 0x1240  Startzeit der fehlerhaften Anwendung: 0x01cd1a413bb8d224  Pfad der fehlerhaften
 Anwendung: C:\xampp\apache\bin\httpd.exe  Pfad des fehlerhaften Moduls: C:\xampp\php\php5ts.dll
Berichtskennung:
 578606e9-863c-11e1-b0b2-1c6f65a75208
 
Error - 14.04.2012 15:35:45 | Computer Name = MyName-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.04.2012 18:03:54 | Computer Name = MyName-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.04.2012 18:39:53 | Computer Name = MyName-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 15.04.2012 06:38:26 | Computer Name = MyName-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.04.2012 09:01:05 | Computer Name = MyName-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 29.04.2012 11:15:42 | Computer Name = MyName-PC | Source = Microsoft-Windows-Eventlog | ID = 22
Description = Der Ereignisprotokollierungsdienst hat einen Fehler beim Initialisieren
 der Veröffentlichung von Ressourcen für Kanal "DebugChannel" erkannt. Falls ein
 direkter Kanal festgelegt ist, kann dies ein Hinweis darauf sein, dass auch das
 Protokollieren der Ressourcen nicht initialisiert werden konnte.
 
Error - 29.04.2012 11:16:05 | Computer Name = MyName-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 29.04.2012 11:16:05 | Computer Name = MyName-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 29.04.2012 11:16:05 | Computer Name = MyName-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 29.04.2012 11:16:16 | Computer Name = MyName-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 29.04.2012 11:16:16 | Computer Name = MyName-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 29.04.2012 11:16:16 | Computer Name = MyName-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 29.04.2012 11:16:16 | Computer Name = MyName-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 29.04.2012 11:16:16 | Computer Name = MyName-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 29.04.2012 11:16:16 | Computer Name = MyName-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
 
< End of report >
         
--- --- ---

Alt 29.04.2012, 17:43   #2
markusg
/// Malware-holic
 
SMART HDD entfernen - Standard

SMART HDD entfernen



hi
öffne malwarebytes, berichte, poste alle logs.
öffne c:
dort tdss-killer-datum-version.txt öffnen, inhalt posten
__________________

__________________

Alt 29.04.2012, 19:38   #3
hg2000
 
SMART HDD entfernen - Standard

SMART HDD entfernen



danke für die schnelle Rückmeldung.

Das Problem scheint sich ereldigt zu haben, nachdem ich einige merkwürdige versteckte Dateien im Programm-Verzeichnis entfernt habe.
__________________

Alt 30.04.2012, 10:23   #4
markusg
/// Malware-holic
 
SMART HDD entfernen - Standard

SMART HDD entfernen



ja, aber scheint ist ja wohl kaum genug.
bitte wie im ersten post beschrieben weiter.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu SMART HDD entfernen
alternate, antivir, autorun, avira, bho, bonjour, device driver, entfernen, error, excel, firefox, flash player, format, home, langs, malware, malware bytes, microsoft office word, mozilla, msiexec.exe, nvidia update, object, plug-in, realtek, registry, revo uninstaller, richtlinie, rundll, scan, searchscopes, senden, software, super, svchost.exe, trojaner, udp, usenext, version=1.0, windows



Ähnliche Themen: SMART HDD entfernen


  1. Smart Guard Protection entfernen
    Anleitungen, FAQs & Links - 09.12.2013 (2)
  2. Smart Web Search entfernen
    Anleitungen, FAQs & Links - 16.11.2013 (2)
  3. Spring Smart Deals entfernen
    Anleitungen, FAQs & Links - 11.11.2013 (2)
  4. Smart Security entfernen
    Anleitungen, FAQs & Links - 27.01.2013 (2)
  5. smart fortress 2012, wie entfernen?
    Log-Analyse und Auswertung - 22.05.2012 (33)
  6. Smart HDD entfernen
    Plagegeister aller Art und deren Bekämpfung - 16.05.2012 (30)
  7. SMART HDD - Entfernen - Wie gehts genau?
    Plagegeister aller Art und deren Bekämpfung - 19.04.2012 (23)
  8. Smart HDD/ Wie entfernen?
    Log-Analyse und Auswertung - 14.04.2012 (14)
  9. SMART HDD Virus Befall / wie entfernen?
    Log-Analyse und Auswertung - 09.04.2012 (21)
  10. Smart HDD entfernen
    Antiviren-, Firewall- und andere Schutzprogramme - 06.04.2012 (1)
  11. Smart Fortress 2012 entfernen
    Anleitungen, FAQs & Links - 27.02.2012 (2)
  12. Windows Smart Partner entfernen
    Anleitungen, FAQs & Links - 20.02.2012 (2)
  13. Windows Smart Warden entfernen
    Anleitungen, FAQs & Links - 19.02.2012 (2)
  14. Antivirus Smart Protection entfernen
    Anleitungen, FAQs & Links - 24.01.2012 (2)
  15. Smart HDD entfernen
    Anleitungen, FAQs & Links - 14.12.2010 (2)
  16. Smart Defragmenter entfernen
    Anleitungen, FAQs & Links - 01.11.2010 (2)
  17. Smart Engine entfernen
    Anleitungen, FAQs & Links - 11.10.2010 (2)

Zum Thema SMART HDD entfernen - Hallo zusammen, ich habe mit den Smart HDD Trojaner eingefangen. Ich habe die Standard-Vorgehensweise wie hier( http://www.trojaner-board.de/113467-...entfernen.html ) beschrieben schon ausprobiert (rkill, Malware Bytes, OTL, TDSSKiller). Hat leider nichts gebracht. - SMART HDD entfernen...
Archiv
Du betrachtest: SMART HDD entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.