Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Bildschirmsperre Virus entfernen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 18.08.2012, 18:52   #1
bennIY
 
Bildschirmsperre Virus entfernen - Standard

Bildschirmsperre Virus entfernen



Hallo Community,

dank eines Menschen der den ganzen Tag nichts besseres zu tun hat als Vieren zu programmieren habe ich das Problem, dass mein Bildschirm auf ewig nach dem Start meines Computers gesperrt wird. Ich habe angeblich gegen das Urheberrecht verstoßen und werde aufgefordert eine Summe Geld per UCash oder Paysafecard zu bezahlen (wie professionell)
Dies werde ich nicht tun. Stattdessen werde ich dagegen vorgehen, wie das klärt sich hier. Mein PC läuft momentan über das Ersatzsystem Reatogo X-Pe

Hier ein OTL Scan:

Code:
ATTFilter
OTL logfile created on: 8/19/2012 9:40:45 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Ultimate  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 63.62 Gb Free Space | 27.33% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/07/04 02:20:54 | 000,238,080 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/07/03 19:36:06 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/06/06 03:16:00 | 000,185,856 | ---- | M] () [Auto] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV:64bit: - [2012/02/13 17:30:40 | 000,108,032 | ---- | M] (GOTOANDPLAY snc) [Auto] -- C:\Program Files\SmartFoxServer2X\SFS2X\sfs2x-service.exe -- (sfs2x-service)
SRV:64bit: - [2011/09/09 11:16:32 | 005,735,424 | ---- | M] (Native Instruments GmbH) [Auto] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/11/07 19:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2012/08/15 17:30:19 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/16 10:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/06/27 06:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto] -- C:\Program Files (x86)\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/10 10:30:40 | 000,018,432 | ---- | M] () [Auto] -- C:\Users\Benjamin\AppData\LocalLow\SumatraPDF\IE\SumatraPDFUpdater.exe -- (SumatraPDFUpdater)
SRV - [2012/04/27 12:10:20 | 006,838,784 | ---- | M] (Exit Games GmbH) [Auto] -- C:\Users\Benjamin\Desktop\Photon Unity\deploy\bin_Win64\PhotonSocketServer.exe -- (Photon Socket Server: InstanceLoadBalancing)
SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/01/18 00:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 15:35:32 | 000,923,136 | ---- | M] (Hewlett-Packard Co.) [Auto] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2007/05/31 11:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 11:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/08/16 16:28:54 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/07/04 02:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/07/04 02:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/07/04 01:10:56 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/05/31 13:46:36 | 000,111,696 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\NIWinCDEmu.sys -- (NIWinCDEmu)
DRV:64bit: - [2012/03/05 10:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/02/23 08:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/02/22 06:40:36 | 000,358,480 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ta6avs.sys -- (ta6avs)
DRV:64bit: - [2012/02/22 06:40:36 | 000,075,856 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ta6usb.sys -- (ta6usb_svc)
DRV:64bit: - [2012/01/18 00:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam 120(UVC)
DRV:64bit: - [2011/09/29 05:30:34 | 000,646,248 | ---- | M] (Realtek                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/07/28 23:40:00 | 000,079,104 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011/07/28 23:40:00 | 000,056,960 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2010/04/22 01:19:34 | 000,041,096 | ---- | M] (Saitek) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SaiU0CC3.sys -- (SaiU0CC3)
DRV:64bit: - [2010/02/18 03:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\Windows\System32\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/12/21 20:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/09/22 21:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/09/22 21:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/07/13 20:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\Windows\System32\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/03/18 10:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2012/07/29 12:25:07 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012/07/24 10:24:17 | 000,030,528 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2010/03/11 23:40:48 | 000,052,280 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys -- (AODDriver)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Benjamin_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\Benjamin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Benjamin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=0&tc=1
IE - HKU\Benjamin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\Benjamin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 8D 84 F6 E6 38 CD 01  [binary data]
IE - HKU\Benjamin_ON_C\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - Reg Error: Key error. File not found
IE - HKU\Benjamin_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\Benjamin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
IE - HKU\UpdatusUser_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\UpdatusUser_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\UpdatusUser_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=0&tc=1
IE - HKU\UpdatusUser_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\UpdatusUser_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 8D 84 F6 E6 38 CD 01  [binary data]
IE - HKU\UpdatusUser_ON_C\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - Reg Error: Key error. File not found
IE - HKU\UpdatusUser_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\UpdatusUser_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\System32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\SysWOW64\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\npctrl.1.0.20926.0.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Benjamin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Benjamin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Windows\Downloaded Program Files\NpFv522.dll (1 mal 1 Software GmbH)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/06/25 13:22:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/06/25 13:22:47 | 000,000,000 | ---D | M]
 
[2012/06/25 13:22:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2012/07/12 10:03:38 | 000,001,401 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 68.168.222.227 www.google-analytics.com.
O1 - Hosts: 68.168.222.227 ad-emea.doubleclick.net.
O1 - Hosts: 68.168.222.227 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (SS Plugin Class) - {1D1B2879-99FF-11E3-8D96-D7ACAC95952A} - C:\Program Files\BPK\bpkwb.dll ()
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -  File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SumatraPDF) - {EA58BBDF-F45C-4F28-8E52-CD5AA70D2C1E} - C:\Users\Benjamin\AppData\LocalLow\SumatraPDF\IE\SumatraPDF.dll (Krzysztof Kowalczyk)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Benjamin\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\Benjamin_ON_C..\Run: [Adobe Flash Player] C:\Users\Benjamin\AppData\Roaming\FlashPlayerPlugin_11_3_300_270.exe (Adobe Systems, Inc.)
O4 - HKU\Benjamin_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\Benjamin_ON_C..\Run: [Defender] C:\Users\Benjamin\AppData\Local\Temp\svchost.exe (Sun Microsystems)
O4 - HKU\Benjamin_ON_C..\Run: [Facebook Update] C:\Users\Benjamin\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\Benjamin_ON_C..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_C..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\UpdatusUser_ON_C..\RunOnce: [mctadmin]  File not found
O4 - Startup: C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk ()
O4 - Startup: C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F560} hxxp://download.flatcast.net/objects/NpFv522.dll (Flatcast Viewer 5.2)
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F561} hxxp://download.flatcast.net/objects/NpFv530.dll (Flatcast Viewer 5.3)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exeC:\Users\Benjamin\AppData\Roaming\appConf32.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{3a7b732d-d4ed-11e1-8767-8000600fe800}\Shell - "" = AutoRun
O33 - MountPoints2\{3a7b732d-d4ed-11e1-8767-8000600fe800}\Shell\AutoRun\command - "" = D:\Setup.exe
O33 - MountPoints2\{5e628bc0-e7e1-11e1-adec-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5e628bc0-e7e1-11e1-adec-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{7c1a3ce6-d500-11e1-9237-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7c1a3ce6-d500-11e1-9237-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Run.exe
O33 - MountPoints2\{a50373a5-d418-11e1-9adc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a50373a5-d418-11e1-9adc-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Run.exe
O34 - HKLM BootExecute: (autocheck autochk /p \??\E:) -  File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/08/17 08:05:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/17 08:05:50 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2012/08/17 08:05:50 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/17 08:05:49 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/08/17 08:05:48 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/08/17 08:05:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/17 08:05:48 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/08/17 08:05:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/17 08:05:47 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/08/17 08:05:47 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/08/17 08:05:47 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/17 08:05:46 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2012/08/17 08:05:46 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012/08/17 08:05:46 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/17 06:58:40 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2012/08/17 06:58:40 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2012/08/17 06:58:40 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2012/08/17 06:58:40 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2012/08/17 06:58:38 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2012/08/17 06:58:38 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2012/08/17 06:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2012/08/17 06:35:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ
[2012/08/17 05:46:20 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2012/08/17 05:46:11 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2012/08/17 05:46:11 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/08/17 05:46:11 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/08/17 05:46:05 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2012/08/17 05:46:05 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2012/08/17 05:46:05 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/17 05:46:00 | 000,956,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2012/08/16 16:30:27 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\OpenCandy
[2012/08/16 16:28:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012/08/16 16:28:37 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\DAEMON Tools Lite
[2012/08/16 16:28:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012/08/16 16:21:18 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\YourFileDownloader
[2012/08/16 16:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012/08/16 16:07:57 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Net
[2012/08/16 16:06:23 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\DAEMON Tools USB
[2012/08/16 16:04:58 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools USB
[2012/08/16 15:59:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft
[2012/08/16 15:53:01 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Desktop\Alcohol 120% 1.9.6.4719_CRACK
[2012/08/16 14:58:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Franzis
[2012/08/15 10:02:29 | 000,000,000 | ---D | C] -- C:\Program Files\BPK
[2012/08/15 10:02:29 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BlazingTools Perfect Keylogger
[2012/08/15 10:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlazingTools Perfect Keylogger
[2012/08/15 09:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\KSP
[2012/08/15 09:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free KGB Key Logger
[2012/08/12 03:54:29 | 000,152,064 | -H-- | C] (Adobe Systems, Inc.) -- C:\Users\Benjamin\AppData\Roaming\FlashPlayerPlugin_11_3_300_270.exe
[2012/08/10 17:54:37 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\UAs
[2012/08/10 17:06:46 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\xmldm
[2012/08/10 16:42:49 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\dclogs
[2012/08/10 16:42:43 | 001,235,968 | ---- | C] (Sun Microsystems) -- C:\Users\Benjamin\AppData\Roaming\rundll32.exe
[2012/08/10 16:15:02 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\kock
[2012/08/05 16:48:54 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/08/01 15:27:00 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Local\AMD
[2012/08/01 15:26:42 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/08/01 15:22:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/08/01 15:22:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/08/01 15:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/08/01 15:22:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012/08/01 15:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/08/01 15:22:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012/08/01 15:22:13 | 000,046,136 | ---- | C] (Advanced Micro Devices) -- C:\Windows\System32\drivers\amdiox64.sys
[2012/08/01 14:05:43 | 000,000,000 | ---D | C] -- C:\AMD
[2012/07/31 17:49:23 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MgameEU
[2012/07/31 17:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MgameEU
[2012/07/31 17:48:21 | 000,000,000 | ---D | C] -- C:\MgameEU
[2012/07/31 14:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Media
[2012/07/31 14:58:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LEGO Media
[2012/07/31 14:51:01 | 000,155,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\LMRT.dll
[2012/07/31 14:51:01 | 000,140,800 | ---- | C] (The Duck Corporation) -- C:\Windows\SysWow64\tm20dec.ax
[2012/07/31 14:51:01 | 000,038,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\LMRTREND.dll
[2012/07/31 14:50:58 | 000,217,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\strmdll.dll
[2012/07/31 14:50:58 | 000,182,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft3.dll
[2012/07/31 14:50:58 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unam4ie.exe
[2012/07/31 14:50:56 | 001,088,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\danim.dll
[2012/07/31 14:50:56 | 000,194,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qcut.dll
[2012/07/31 14:50:56 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciqtz.drv
[2012/07/31 14:50:54 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\w95inf32.dll
[2012/07/31 14:50:54 | 000,002,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\w95inf16.dll
[2012/07/31 14:50:21 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe
[2012/07/31 07:28:21 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Documents\LEGO Interactive
[2012/07/31 07:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Interactive
[2012/07/31 07:25:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LEGO Interactive
[2012/07/31 06:38:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2012/07/31 06:32:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/07/31 06:32:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2012/07/31 06:17:54 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Desktop\config
[2012/07/31 06:15:39 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpchbuspipe.dll
[2012/07/31 06:15:31 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vpchbus.sys
[2012/07/31 06:15:31 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vpcusb.sys
[2012/07/31 06:13:57 | 000,000,000 | ---D | C] -- C:\Program Files\Windows XP Mode
[2012/07/31 05:59:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\directx
[2012/07/30 08:37:29 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Local\Ilivid Player
[2012/07/29 12:25:07 | 000,025,640 | ---- | C] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2012/07/26 17:34:40 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\GameRanger
[2012/07/26 17:09:12 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
[2012/07/26 17:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
[2012/07/26 17:09:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameSpy Arcade
[2012/07/26 12:13:21 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Documents\Stronghold Crusader
[2012/07/26 11:47:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firefly Studios
[2012/07/25 14:43:47 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Local\Facebook
[2012/07/24 10:52:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\{4AE9D997-D987-49BD-B2B2-722F375AAD1C}
[2012/07/24 10:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012/07/24 10:21:25 | 000,038,456 | ---- | C] (Advanced Micro Devices) -- C:\Windows\System32\drivers\usbfilter.sys
[2012/07/24 10:21:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2012/07/24 10:20:34 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Desktop\win7_chipset
[2012/07/24 10:20:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Etron Technology
[2012/07/24 10:19:55 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Desktop\Etron
[2012/07/24 10:19:23 | 000,646,248 | ---- | C] (Realtek                                            ) -- C:\Windows\System32\drivers\Rt64win7.sys
[2012/07/24 10:18:52 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Desktop\W7
[2012/07/24 10:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NEC Electronics
[2012/07/24 10:10:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NEC Electronics
[2012/07/23 17:31:41 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Desktop\Minecraft server neu
[2012/07/23 17:27:27 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Desktop\minecraft server - Copy
[2012/07/23 16:00:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
[2012/07/23 16:00:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIGABYTE
[2012/07/23 16:00:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2012/07/23 15:53:27 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\ATI
[2012/07/23 15:53:27 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Local\ATI
[2012/07/23 15:49:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012/07/23 15:49:44 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/07/23 15:49:40 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/07/23 15:48:50 | 000,000,000 | ---D | C] -- C:\ATI
[2012/07/23 12:43:39 | 000,560,184 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2012/07/22 21:04:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012/07/22 21:03:55 | 002,604,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll
[2012/07/22 21:03:55 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSX64.dll
[2012/07/22 21:03:55 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSH64.dll
[2012/07/22 21:03:55 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP64.dll
[2012/07/22 21:03:55 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW64.dll
[2012/07/22 21:03:54 | 002,528,872 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtPgEx64.dll
[2012/07/22 21:03:54 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSnMg64.cpl
[2012/07/22 21:03:53 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtlCPAPI64.dll
[2012/07/22 21:03:51 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCfg64.dll
[2012/07/22 21:03:48 | 003,213,928 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO64.dll
[2012/07/22 21:03:48 | 001,914,472 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApi64.dll
[2012/07/22 21:03:48 | 001,247,848 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTCOM64.dll
[2012/07/22 21:03:48 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP64A.dll
[2012/07/22 21:03:48 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT64.dll
[2012/07/22 21:03:48 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA64.dll
[2012/07/22 21:03:48 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED64A.dll
[2012/07/22 21:03:48 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL64A.dll
[2012/07/22 21:03:48 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG64A.dll
[2012/07/22 21:03:47 | 000,099,432 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RCoInst64.dll
[2012/07/22 21:03:46 | 000,886,360 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\MBAPO64.dll
[2012/07/22 21:03:46 | 000,746,072 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBAPO32.dll
[2012/07/22 21:03:46 | 000,080,984 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\MBWrp64.dll
[2012/07/22 21:03:46 | 000,064,600 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\MBppld64.dll
[2012/07/22 21:03:46 | 000,060,504 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\MBPPCn64.dll
[2012/07/22 21:03:45 | 002,132,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2012/07/22 21:03:45 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2012/07/22 21:03:44 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO64.dll
[2012/07/22 21:03:43 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTAC64.dll
[2012/07/22 21:03:43 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTAR64.dll
[2012/07/22 20:59:07 | 000,107,552 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\System32\RTNUninst64.dll
[2012/07/22 18:36:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012/07/22 16:50:38 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Local\Diagnostics
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Benjamin\AppData\Roaming\*.tmp files -> C:\Users\Benjamin\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/08/19 12:34:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/19 12:33:45 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad
[2012/08/19 12:32:50 | 000,004,096 | ---- | M] () -- C:\Users\Benjamin\AppData\Roaming\aCvHAGfQbKvt.exe
[2012/08/19 12:32:36 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/19 12:32:26 | 2132,729,855 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/19 12:24:38 | 000,001,901 | ---- | M] () -- C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/08/19 12:09:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/19 11:48:01 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1983738729-2347632295-1724513288-1000UA.job
[2012/08/19 11:30:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/19 10:35:49 | 000,670,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/19 10:35:49 | 000,123,958 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/19 08:46:06 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/19 08:46:06 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/18 16:18:49 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1983738729-2347632295-1724513288-1000Core.job
[2012/08/17 08:30:19 | 000,293,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/17 06:53:37 | 000,002,130 | ---- | M] () -- C:\Users\Public\Desktop\Saints Row The Third.lnk
[2012/08/17 06:53:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2012/08/16 16:30:24 | 000,001,954 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012/08/16 16:30:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012/08/16 16:27:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free KGB Key Logger
[2012/08/15 17:30:19 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/15 17:30:19 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/15 10:02:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlazingTools Perfect Keylogger
[2012/08/12 03:54:43 | 000,152,064 | -H-- | M] (Adobe Systems, Inc.) -- C:\Users\Benjamin\AppData\Roaming\FlashPlayerPlugin_11_3_300_270.exe
[2012/08/10 17:07:04 | 000,006,400 | ---- | M] () -- C:\Users\Benjamin\AppData\Roaming\BAcroIEHelpe.dll
[2012/08/10 17:07:02 | 000,200,336 | ---- | M] () -- C:\Users\Benjamin\AppData\Roaming\AcroIEHelpe.dll
[2012/08/10 17:06:56 | 000,000,016 | ---- | M] () -- C:\Users\Benjamin\AppData\Roaming\blckdom.res
[2012/08/10 16:42:44 | 001,235,968 | ---- | M] (Sun Microsystems) -- C:\Users\Benjamin\AppData\Roaming\rundll32.exe
[2012/08/08 07:15:42 | 475,863,670 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/07 18:08:41 | 000,038,209 | ---- | M] () -- C:\untitled.mp3
[2012/08/07 14:14:11 | 000,017,405 | ---- | M] () -- C:\Users\Benjamin\Documents\Bewerbungsschreiben seb 2012 07.08..odt
[2012/08/07 13:32:09 | 000,013,948 | ---- | M] () -- C:\Users\Benjamin\Documents\Lebenslauf Seb 2012 07.08.odt
[2012/08/05 17:10:11 | 000,001,547 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/08/02 15:10:04 | 000,005,561 | ---- | M] () -- C:\Users\Benjamin\AppData\Local\recently-used.xbel
[2012/08/01 15:22:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/07/31 17:49:23 | 000,001,621 | ---- | M] () -- C:\Users\UpdatusUser\Desktop\OPERATION7.lnk
[2012/07/31 17:49:23 | 000,001,621 | ---- | M] () -- C:\Users\Benjamin\Desktop\OPERATION7.lnk
[2012/07/31 17:49:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MgameEU
[2012/07/31 15:01:59 | 000,002,217 | ---- | M] () -- C:\Users\Public\Desktop\Rock Raiders - Hoher Modus.lnk
[2012/07/31 14:58:21 | 000,002,371 | ---- | M] () -- C:\Users\Public\Desktop\Rock Raiders - Standardmodus.lnk
[2012/07/31 14:58:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Media
[2012/07/31 14:50:53 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\w95inf32.dll
[2012/07/31 14:50:53 | 000,002,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\w95inf16.dll
[2012/07/31 07:28:08 | 000,000,502 | ---- | M] () -- C:\Windows\eReg.dat
[2012/07/31 07:26:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Interactive
[2012/07/30 08:42:52 | 000,010,302 | ---- | M] () -- C:\Filterscript_Interiors.amx
[2012/07/30 06:02:06 | 001,590,276 | ---- | M] () -- C:\test.amx
[2012/07/29 12:25:07 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2012/07/29 12:01:38 | 000,000,010 | ---- | M] () -- C:\Windows\GSetup.ini
[2012/07/26 17:34:44 | 000,001,090 | ---- | M] () -- C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk
[2012/07/26 17:34:44 | 000,001,076 | ---- | M] () -- C:\Users\Benjamin\Desktop\GameRanger.lnk
[2012/07/26 17:34:44 | 000,001,056 | ---- | M] () -- C:\Users\Benjamin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GameRanger.lnk
[2012/07/26 17:09:34 | 000,001,024 | ---- | M] () -- C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GameSpy Arcade.lnk
[2012/07/26 17:09:34 | 000,001,024 | ---- | M] () -- C:\Users\Benjamin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GameSpy Arcade.lnk
[2012/07/26 17:09:34 | 000,001,000 | ---- | M] () -- C:\Users\UpdatusUser\Desktop\GameSpy Arcade.lnk
[2012/07/26 17:09:34 | 000,001,000 | ---- | M] () -- C:\Users\Benjamin\Desktop\GameSpy Arcade.lnk
[2012/07/26 17:09:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
[2012/07/26 11:51:41 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2012/07/24 10:52:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
[2012/07/24 10:24:17 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2012/07/24 10:24:17 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\GVTunner.ref
[2012/07/24 10:11:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NEC Electronics
[2012/07/23 16:03:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
[2012/07/23 16:00:55 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\ET6.lnk
[2012/07/22 16:51:40 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012/07/22 15:22:05 | 043,446,272 | ---- | M] () -- C:\Users\Benjamin\Desktop\Reaktor_5_Player_570_PC.zip.incomplete
[2012/07/22 15:22:05 | 012,865,536 | ---- | M] () -- C:\Users\Benjamin\Desktop\Kontakt_5_Player_503_PC.zip.incomplete
[2012/07/22 15:21:01 | 016,883,508 | ---- | M] () -- C:\Users\Benjamin\Desktop\Controller_Editor_145U_PC.zip.incomplete
[2012/07/21 08:52:39 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Benjamin\AppData\Roaming\*.tmp files -> C:\Users\Benjamin\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/08/19 12:24:38 | 004,503,728 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad
[2012/08/19 12:24:38 | 000,001,901 | ---- | C] () -- C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/08/17 06:53:37 | 000,002,130 | ---- | C] () -- C:\Users\Public\Desktop\Saints Row The Third.lnk
[2012/08/16 16:30:24 | 000,001,954 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012/08/12 03:54:43 | 000,004,096 | ---- | C] () -- C:\Users\Benjamin\AppData\Roaming\aCvHAGfQbKvt.exe
[2012/08/10 17:07:04 | 000,006,400 | ---- | C] () -- C:\Users\Benjamin\AppData\Roaming\BAcroIEHelpe.dll
[2012/08/10 17:07:02 | 000,200,336 | ---- | C] () -- C:\Users\Benjamin\AppData\Roaming\AcroIEHelpe.dll
[2012/08/10 17:06:56 | 000,000,016 | ---- | C] () -- C:\Users\Benjamin\AppData\Roaming\blckdom.res
[2012/08/07 17:37:57 | 000,038,209 | ---- | C] () -- C:\untitled.mp3
[2012/08/07 13:37:52 | 000,017,405 | ---- | C] () -- C:\Users\Benjamin\Documents\Bewerbungsschreiben seb 2012 07.08..odt
[2012/08/07 13:30:34 | 000,013,948 | ---- | C] () -- C:\Users\Benjamin\Documents\Lebenslauf Seb 2012 07.08.odt
[2012/08/02 15:10:04 | 000,005,561 | ---- | C] () -- C:\Users\Benjamin\AppData\Local\recently-used.xbel
[2012/07/31 17:49:23 | 000,001,621 | ---- | C] () -- C:\Users\UpdatusUser\Desktop\OPERATION7.lnk
[2012/07/31 17:49:23 | 000,001,621 | ---- | C] () -- C:\Users\Benjamin\Desktop\OPERATION7.lnk
[2012/07/31 14:58:21 | 000,002,371 | ---- | C] () -- C:\Users\Public\Desktop\Rock Raiders - Standardmodus.lnk
[2012/07/31 14:58:21 | 000,002,217 | ---- | C] () -- C:\Users\Public\Desktop\Rock Raiders - Hoher Modus.lnk
[2012/07/31 14:50:56 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2012/07/31 14:50:56 | 000,005,672 | ---- | C] () -- C:\Windows\SysWow64\quartz.vxd
[2012/07/31 07:28:08 | 000,000,502 | ---- | C] () -- C:\Windows\eReg.dat
[2012/07/30 08:42:52 | 000,010,302 | ---- | C] () -- C:\Filterscript_Interiors.amx
[2012/07/29 17:11:14 | 001,590,276 | ---- | C] () -- C:\test.amx
[2012/07/29 12:01:38 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012/07/26 17:34:44 | 000,001,090 | ---- | C] () -- C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk
[2012/07/26 17:34:44 | 000,001,076 | ---- | C] () -- C:\Users\Benjamin\Desktop\GameRanger.lnk
[2012/07/26 17:34:44 | 000,001,062 | ---- | C] () -- C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk
[2012/07/26 17:34:44 | 000,001,056 | ---- | C] () -- C:\Users\Benjamin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GameRanger.lnk
[2012/07/26 17:09:34 | 000,001,024 | ---- | C] () -- C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GameSpy Arcade.lnk
[2012/07/26 17:09:34 | 000,001,024 | ---- | C] () -- C:\Users\Benjamin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GameSpy Arcade.lnk
[2012/07/26 17:09:34 | 000,001,000 | ---- | C] () -- C:\Users\UpdatusUser\Desktop\GameSpy Arcade.lnk
[2012/07/26 17:09:34 | 000,001,000 | ---- | C] () -- C:\Users\Benjamin\Desktop\GameSpy Arcade.lnk
[2012/07/25 14:43:50 | 000,000,940 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1983738729-2347632295-1724513288-1000UA.job
[2012/07/25 14:43:50 | 000,000,918 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1983738729-2347632295-1724513288-1000Core.job
[2012/07/24 10:19:23 | 000,074,272 | ---- | C] () -- C:\Windows\System32\RtNicProp64.dll
[2012/07/23 16:18:25 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2012/07/23 16:18:25 | 000,000,004 | ---- | C] () -- C:\Windows\SysWow64\GVTunner.ref
[2012/07/23 16:00:55 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\ET6.lnk
[2012/07/22 21:03:48 | 000,150,996 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/07/22 16:51:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/07/22 15:19:54 | 043,446,272 | ---- | C] () -- C:\Users\Benjamin\Desktop\Reaktor_5_Player_570_PC.zip.incomplete
[2012/07/22 15:19:54 | 016,883,508 | ---- | C] () -- C:\Users\Benjamin\Desktop\Controller_Editor_145U_PC.zip.incomplete
[2012/07/22 15:19:54 | 012,865,536 | ---- | C] () -- C:\Users\Benjamin\Desktop\Kontakt_5_Player_503_PC.zip.incomplete
[2012/07/04 01:34:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/07/04 01:34:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/07/01 14:38:01 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/10 17:43:55 | 000,205,276 | ---- | C] () -- C:\Windows\hpwins26.dat
[2012/04/18 13:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/18 00:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 00:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 00:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/08/27 03:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009/08/18 02:31:57 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/12/09 11:23:13 | 000,052,688 | RHS- | C] () -- C:\Users\Benjamin\AppData\Roaming\appConf32.exe
 
========== LOP Check ==========
 
[2012/07/25 14:52:05 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\.minecraft
[2012/06/28 15:42:00 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Armagetron
[2012/08/17 11:14:34 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Audacity
[2012/05/31 17:37:31 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Babylon
[2012/08/17 06:35:12 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\DAEMON Tools Lite
[2012/08/16 16:06:23 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\DAEMON Tools USB
[2012/08/11 18:14:26 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\dclogs
[2012/08/14 16:20:30 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\FileZilla
[2012/07/26 17:34:44 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\GameRanger
[2012/06/16 17:55:04 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Image-Line
[2012/07/01 14:44:06 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Iminent
[2012/08/10 16:15:02 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\kock
[2012/05/27 14:27:59 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\loadtbs
[2012/06/05 09:06:56 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\MonoDevelop-Unity-2.8
[2012/08/16 16:30:30 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\OpenCandy
[2012/06/04 14:43:08 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\OpenOffice.org
[2012/06/05 06:05:13 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\PACE Anti-Piracy
[2012/07/01 13:48:54 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Stardock
[2012/06/22 17:06:30 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\SynthMaker
[2012/07/16 09:46:07 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\TeamViewer
[2012/05/27 17:24:01 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\TS3Client
[2012/08/10 17:54:37 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\UAs
[2012/08/05 16:57:39 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Unity
[2012/08/19 12:33:58 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\uTorrent
[2012/08/10 17:55:02 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\xmldm
[2012/08/16 16:21:18 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\YourFileDownloader
[2012/08/01 15:22:56 | 000,000,000 | ---D | M] -- C:\ProgramData\AMD
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012/06/28 15:41:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Armagetron
[2012/05/31 17:37:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2012/08/17 06:35:11 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2012/08/16 16:17:40 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Net
[2012/08/16 16:14:44 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools USB
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012/07/01 13:48:29 | 000,000,000 | ---D | M] -- C:\ProgramData\GameStop
[2012/07/01 13:53:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Gibraltar
[2012/07/01 14:44:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Iminent
[2012/07/01 14:16:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Ironclad Games
[2012/08/15 09:57:08 | 000,000,000 | ---D | M] -- C:\ProgramData\KSP
[2012/05/30 18:02:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Native Instruments
[2012/06/05 06:05:13 | 000,000,000 | ---D | M] -- C:\ProgramData\PACE Anti-Piracy
[2012/07/01 13:46:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Stardock
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012/05/31 13:58:34 | 000,000,000 | -H-D | M] -- C:\ProgramData\{00E0164B-B182-4800-96DA-F8D39B3A7189}
[2012/05/30 17:59:53 | 000,000,000 | -H-D | M] -- C:\ProgramData\{01AD1010-597E-4367-9DEC-23AD9A33492A}
[2012/05/31 13:58:49 | 000,000,000 | -H-D | M] -- C:\ProgramData\{39F0D482-6A42-445B-B6E2-506945189709}
[2012/05/30 17:59:12 | 000,000,000 | -H-D | M] -- C:\ProgramData\{49FAB1E7-7D4E-4015-BBCA-E52669133FB7}
[2012/07/24 10:52:05 | 000,000,000 | -H-D | M] -- C:\ProgramData\{4AE9D997-D987-49BD-B2B2-722F375AAD1C}
[2012/05/30 18:05:16 | 000,000,000 | -H-D | M] -- C:\ProgramData\{62CAB22A-9020-41D6-A410-EAB112E32063}
[2012/07/01 13:48:42 | 000,000,000 | -H-D | M] -- C:\ProgramData\{79B7B63C-5992-4F92-9E81-21B6907F23B6}
[2012/05/31 13:52:40 | 000,000,000 | -H-D | M] -- C:\ProgramData\{9327ACE9-CC82-4A33-9B33-291ACA1E267B}
[2012/05/31 13:59:07 | 000,000,000 | -H-D | M] -- C:\ProgramData\{A2B67EC8-CE44-4813-AAC0-BACC1FAF50BE}
[2012/05/31 13:56:52 | 000,000,000 | -H-D | M] -- C:\ProgramData\{A9158F4E-7914-4019-808A-D4D4993E9958}
[2012/05/31 13:57:33 | 000,000,000 | -H-D | M] -- C:\ProgramData\{C1CF19B4-9194-417A-8B85-84F1471783CE}
[2012/05/31 13:59:01 | 000,000,000 | -H-D | M] -- C:\ProgramData\{F21A5765-AACF-4530-991E-CE1346273F96}
[2012/08/18 16:18:49 | 000,000,918 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1983738729-2347632295-1724513288-1000Core.job
[2012/08/19 11:48:01 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1983738729-2347632295-1724513288-1000UA.job
[2012/07/22 17:21:56 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1202 bytes -> C:\Users\Benjamin\AppData\Local\elq3b5yEKHEw86b:DoNQuBPm53jplBGQlNF
@Alternate Data Stream - 1161 bytes -> C:\Users\Benjamin\AppData\Local\Temp:u1GUJ0JOFwPASzOTdqewuUOK
@Alternate Data Stream - 1121 bytes -> C:\Users\Benjamin\AppData\Local\Temp:gCuWnZQfhqRLmf4rfxA2
< End of report >
s
         
Wenn es nun einen gibt, der mir aufgrund dessen helfen kann bitte ich diesen dies zu tun.

Mit freundlichen grüßen
Benjamin Stern

//EDIT: Mein System : Windows 7 Ultimate 64 Bit
//EDIT : Der Bildschirm ist nun entsperrt allerdings schließt sich mein Taskmanager sobald ich ihn öffne, der Bildschirm entsperrte sich seltsamerweise automatisch

Geändert von bennIY (18.08.2012 um 19:41 Uhr)

Alt 19.08.2012, 18:02   #2
t'john
/// Helfer-Team
 
Bildschirmsperre Virus entfernen - Standard

Bildschirmsperre Virus entfernen





1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 19.08.2012, 21:17   #3
bennIY
 
Bildschirmsperre Virus entfernen - Standard

Bildschirmsperre Virus entfernen



Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.19.06

Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Benjamin :: BENJAMIN-PC [Administrator]

Schutz: Deaktiviert

21.08.2012 22:47:54
mbam-log-2012-08-21 (22-47-54).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 132202
Laufzeit: 22 Minute(n), 32 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Malwarebytes Antimalware

und nun OTL
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.08.2012 23:11:15 - Run 1
OTL by OldTimer - Version 3.2.58.0     Folder = C:\Users\Benjamin\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,82 Gb Available Physical Memory | 72,93% Memory free
15,96 Gb Paging File | 14,04 Gb Available in Paging File | 87,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,79 Gb Total Space | 46,49 Gb Free Space | 19,97% Space Free | Partition Type: NTFS
Drive D: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 4,51 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: BENJAMIN-PC | User Name: Benjamin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Benjamin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Benjamin\AppData\Roaming\MAXON\bin_4E1079FE\updates\MAXON Installer.exe (MAXON Computer GmbH)
PRC - C:\Users\Benjamin\AppData\Roaming\MAXON\bin_4E1079FE\updates\MAXON Installer Help.exe (MAXON Computer GmbH)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Users\Benjamin\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe (TeamSpeak Systems GmbH)
PRC - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Users\Benjamin\Desktop\Cinema 4D\Maxon.Cinema.4D.R13.029.MULTiLANGUAGE.HYBRiD-MUS3\Crack\keygen.exe ()
PRC - E:\bin\MAXON Installer.exe (MAXON Computer GmbH)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Benjamin\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Updater.DEU ()
MOD - C:\Users\Benjamin\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Annots.DEU ()
MOD - C:\Users\Benjamin\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_AcroForm.DEU ()
MOD - C:\Users\Benjamin\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_PPKLite.DEU ()
MOD - C:\Users\Benjamin\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_DigSig.DEU ()
MOD - C:\Users\Benjamin\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_EScript.DEU ()
MOD - C:\Users\Benjamin\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_weblink.DEU ()
MOD - C:\Users\Benjamin\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_rdlang32.deu ()
MOD - C:\Users\Benjamin\AppData\Local\TeamSpeak 3 Client\plugins\clientquery_plugin.dll ()
MOD - C:\Users\Benjamin\AppData\Local\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win32.dll ()
MOD - C:\Users\Benjamin\AppData\Local\TeamSpeak 3 Client\soundbackends\directsound_win32.dll ()
MOD - C:\Users\Benjamin\AppData\Local\TeamSpeak 3 Client\plugins\appscanner_plugin.dll ()
MOD - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll ()
MOD - C:\Users\Benjamin\AppData\Local\TeamSpeak 3 Client\QtGui4.dll ()
MOD - C:\Users\Benjamin\AppData\Local\TeamSpeak 3 Client\QtCore4.dll ()
MOD - C:\Users\Benjamin\AppData\Local\TeamSpeak 3 Client\QtNetwork4.dll ()
MOD - C:\Users\Benjamin\AppData\Local\TeamSpeak 3 Client\imageformats\qjpeg4.dll ()
MOD - C:\Users\Benjamin\AppData\Local\TeamSpeak 3 Client\imageformats\qgif4.dll ()
MOD - C:\Users\Benjamin\Desktop\Cinema 4D\Maxon.Cinema.4D.R13.029.MULTiLANGUAGE.HYBRiD-MUS3\Crack\keygen.exe ()
MOD - E:\bin\resource\modules\onlineupdater\onlineupdater.cdl ()
MOD - E:\bin\resource\modules\xtensions\xtensions.cdl ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (Web Assistant Updater) -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe ()
SRV:64bit: - (sfs2x-service) -- C:\Program Files\SmartFoxServer2X\SFS2X\sfs2x-service.exe (GOTOANDPLAY snc)
SRV:64bit: - (NIHardwareService) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (SumatraPDFUpdater) -- C:\Users\Benjamin\AppData\LocalLow\SumatraPDF\IE\SumatraPDFUpdater.exe ()
SRV - (Photon Socket Server: InstanceLoadBalancing) -- C:\Users\Benjamin\Desktop\Photon Unity\deploy\bin_Win64\PhotonSocketServer.exe (Exit Games GmbH)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NIWinCDEmu) -- C:\Windows\SysNative\drivers\NIWinCDEmu.sys ()
DRV:64bit: - (AODDriver4.1) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (ta6avs) -- C:\Windows\SysNative\drivers\ta6avs.sys (Native Instruments GmbH)
DRV:64bit: - (ta6usb_svc) -- C:\Windows\SysNative\drivers\ta6usb.sys (Native Instruments GmbH)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SaiU0CC3) -- C:\Windows\SysNative\drivers\SaiU0CC3.sys (Saitek)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (AODDriver) -- C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys (Advanced Micro Devices)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1983738729-2347632295-1724513288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-1983738729-2347632295-1724513288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-1983738729-2347632295-1724513288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-1983738729-2347632295-1724513288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\S-1-5-21-1983738729-2347632295-1724513288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1983738729-2347632295-1724513288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 8D 84 F6 E6 38 CD 01  [binary data]
IE - HKU\S-1-5-21-1983738729-2347632295-1724513288-1000\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found
IE - HKU\S-1-5-21-1983738729-2347632295-1724513288-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1983738729-2347632295-1724513288-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1983738729-2347632295-1724513288-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1983738729-2347632295-1724513288-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=220512_53ctrl&babsrc=SP_ss&mntrId=70b79f1d000000000000001bb950cc00
IE - HKU\S-1-5-21-1983738729-2347632295-1724513288-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://findgala.com/?&uid=5575&q={searchTerms}
IE - HKU\S-1-5-21-1983738729-2347632295-1724513288-1000\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
IE - HKU\S-1-5-21-1983738729-2347632295-1724513288-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb155/?search={searchTerms}&loc=IB_DS&a=6OyG2y066o&i=26
IE - HKU\S-1-5-21-1983738729-2347632295-1724513288-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\npctrl.1.0.20926.0.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Benjamin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Benjamin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Windows\DOWNLO~1\NpFv522.dll (1 mal 1 Software GmbH)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.06.25 19:22:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.06.25 19:22:47 | 000,000,000 | ---D | M]
 
[2012.06.25 19:22:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.iminent.com/?appId=83944D90-1227-423E-A035-D48917BF8BAD
CHR - default_search_provider: Iminent (Enabled)
CHR - default_search_provider: search_url = hxxp://search.iminent.com/?appId=83944D90-1227-423E-A035-D48917BF8BAD&ref=toolbox&q={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://search.iminent.com/?appId=83944D90-1227-423E-A035-D48917BF8BAD
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Web Assistant = C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.458_0\
CHR - Extension: SumatraPDF = C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibhppgjkanllkaefhbhloijppmjnfmje\2.0.18_0\
 
O1 HOSTS File: ([2012.07.12 16:03:38 | 000,001,401 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 68.168.222.227 Google Analytics Official Website - Web Analytics & Reporting ? Google Analytics.
O1 - Hosts: 68.168.222.227 ad-emea.doubleclick.net.
O1 - Hosts: 68.168.222.227 StatCounter - Free Invisible Web Tracker, Hit Counter and Web Stats.
O1 - Hosts: 108.163.215.51 Google Analytics Official Website - Web Analytics & Reporting ? Google Analytics.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 StatCounter - Free Invisible Web Tracker, Hit Counter and Web Stats.
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SumatraPDF) - {EA58BBDF-F45C-4F28-8E52-CD5AA70D2C1E} - C:\Users\Benjamin\AppData\LocalLow\SumatraPDF\IE\SumatraPDF.dll (Krzysztof Kowalczyk)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Benjamin\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ABC] C:\Program Files (x86)\JthAbcKeylogger\Keylogger.exe File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1983738729-2347632295-1724513288-1000..\Run: [Adobe Flash Player] C:\Users\Benjamin\AppData\Roaming\FlashPlayerPlugin_11_3_300_270.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-21-1983738729-2347632295-1724513288-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1983738729-2347632295-1724513288-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F560} hxxp://download.flatcast.net/objects/NpFv522.dll (Flatcast Viewer 5.2)
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F561} hxxp://download.flatcast.net/objects/NpFv530.dll (Flatcast Viewer 5.3)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E3A2968-ED15-4FB7-956D-4839D38DAC01}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82375876-19AA-4AE3-AC3A-33D55DF98A4F}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exeC:\Users\Benjamin\AppData\Roaming\appConf32.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.03.24 13:06:41 | 000,000,053 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2008.11.04 20:12:58 | 000,000,070 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3a7b732d-d4ed-11e1-8767-8000600fe800}\Shell - "" = AutoRun
O33 - MountPoints2\{3a7b732d-d4ed-11e1-8767-8000600fe800}\Shell\AutoRun\command - "" = D:\Setup.exe
O33 - MountPoints2\{5e628bc0-e7e1-11e1-adec-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5e628bc0-e7e1-11e1-adec-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2011.06.29 14:41:32 | 000,410,312 | R--- | M] (MAXON Computer GmbH)
O33 - MountPoints2\{7c1a3ce6-d500-11e1-9237-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7c1a3ce6-d500-11e1-9237-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Run.exe
O33 - MountPoints2\{a50373a5-d418-11e1-9adc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a50373a5-d418-11e1-9adc-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Run.exe
O34 - HKLM BootExecute: (autocheck autochk /p \??\E:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.21 23:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\MAXON
[2012.08.21 22:56:25 | 000,598,016 | ---- | C] (OldTimer Tools) -- C:\Users\Benjamin\Desktop\OTL.exe
[2012.08.21 22:54:49 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2012.08.21 22:54:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAXON
[2012.08.21 22:54:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAXON
[2012.08.21 22:51:27 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\MAXON
[2012.08.21 21:59:20 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Desktop\Maxon.Cinema.4D.R13.029.MULTiLANGUAGE.HYBRiD-MUS3
[2012.08.21 21:32:16 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\Malwarebytes
[2012.08.21 21:32:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.21 21:32:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.21 21:32:11 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.21 21:32:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.21 07:02:45 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.08.20 23:24:20 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.08.19 22:52:06 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Desktop\Cinema 4D
[2012.08.19 22:42:28 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Desktop\Cryptload 1.1.8
[2012.08.17 14:05:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.17 14:05:50 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.17 14:05:50 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.17 14:05:49 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.17 14:05:48 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.17 14:05:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.17 14:05:48 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.08.17 14:05:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.08.17 14:05:47 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.08.17 14:05:47 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.08.17 14:05:47 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.08.17 14:05:46 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.17 14:05:46 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.17 12:58:40 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2012.08.17 12:58:40 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2012.08.17 12:58:40 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2012.08.17 12:58:40 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2012.08.17 12:58:38 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2012.08.17 12:58:38 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2012.08.17 12:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2012.08.17 12:35:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ
[2012.08.17 11:46:20 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.08.17 11:46:11 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.08.17 11:46:11 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.08.17 11:46:11 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.08.17 11:46:05 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.17 11:46:05 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.17 11:46:05 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.17 11:46:00 | 000,956,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.08.16 22:30:27 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\OpenCandy
[2012.08.16 22:28:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012.08.16 22:28:37 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\DAEMON Tools Lite
[2012.08.16 22:28:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012.08.16 22:21:18 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\YourFileDownloader
[2012.08.16 22:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012.08.16 22:07:57 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Net
[2012.08.16 22:06:23 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\DAEMON Tools USB
[2012.08.16 22:04:58 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools USB
[2012.08.16 21:59:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft
[2012.08.16 21:53:01 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Desktop\Alcohol 120% 1.9.6.4719_CRACK
[2012.08.16 20:58:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Franzis
[2012.08.15 16:02:29 | 000,000,000 | ---D | C] -- C:\Program Files\BPK
[2012.08.15 16:02:29 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BlazingTools Perfect Keylogger
[2012.08.15 16:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlazingTools Perfect Keylogger
[2012.08.15 15:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\KSP
[2012.08.15 15:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free KGB Key Logger
[2012.08.12 09:54:29 | 000,152,064 | -H-- | C] (Adobe Systems, Inc.) -- C:\Users\Benjamin\AppData\Roaming\FlashPlayerPlugin_11_3_300_270.exe
[2012.08.10 23:54:37 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\UAs
[2012.08.10 23:06:46 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\xmldm
[2012.08.10 22:42:49 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\dclogs
[2012.08.10 22:42:43 | 001,235,968 | ---- | C] (Sun Microsystems) -- C:\Users\Benjamin\AppData\Roaming\rundll32.exe
[2012.08.10 22:15:02 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\kock
[2012.08.05 22:48:54 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.08.01 21:27:00 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Local\AMD
[2012.08.01 21:26:42 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.08.01 21:22:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012.08.01 21:22:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.08.01 21:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012.08.01 21:22:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012.08.01 21:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012.08.01 21:22:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012.08.01 21:22:13 | 000,046,136 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdiox64.sys
[2012.08.01 20:05:43 | 000,000,000 | ---D | C] -- C:\AMD
[2012.07.31 23:49:23 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MgameEU
[2012.07.31 23:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MgameEU
[2012.07.31 23:48:21 | 000,000,000 | ---D | C] -- C:\MgameEU
[2012.07.31 20:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Media
[2012.07.31 20:58:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LEGO Media
[2012.07.31 20:51:01 | 000,155,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\LMRT.dll
[2012.07.31 20:51:01 | 000,140,800 | ---- | C] (The Duck Corporation) -- C:\Windows\SysWow64\tm20dec.ax
[2012.07.31 20:51:01 | 000,038,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\LMRTREND.dll
[2012.07.31 20:50:58 | 000,217,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\strmdll.dll
[2012.07.31 20:50:58 | 000,182,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft3.dll
[2012.07.31 20:50:58 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unam4ie.exe
[2012.07.31 20:50:56 | 001,088,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\danim.dll
[2012.07.31 20:50:56 | 000,194,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qcut.dll
[2012.07.31 20:50:56 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciqtz.drv
[2012.07.31 20:50:54 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\w95inf32.dll
[2012.07.31 20:50:54 | 000,002,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\w95inf16.dll
[2012.07.31 20:50:21 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe
[2012.07.31 13:28:21 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Documents\LEGO Interactive
[2012.07.31 13:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Interactive
[2012.07.31 13:25:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LEGO Interactive
[2012.07.31 12:38:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2012.07.31 12:32:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012.07.31 12:32:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012.07.31 12:17:54 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Desktop\config
[2012.07.31 12:15:39 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vpchbuspipe.dll
[2012.07.31 12:15:31 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpchbus.sys
[2012.07.31 12:15:31 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcusb.sys
[2012.07.31 12:13:57 | 000,000,000 | ---D | C] -- C:\Program Files\Windows XP Mode
[2012.07.31 11:59:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\directx
[2012.07.30 14:37:29 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Local\Ilivid Player
[2012.07.29 18:25:07 | 000,025,640 | ---- | C] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2012.07.26 23:34:40 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\GameRanger
[2012.07.26 23:09:12 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
[2012.07.26 23:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
[2012.07.26 23:09:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameSpy Arcade
[2012.07.26 18:13:21 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Documents\Stronghold Crusader
[2012.07.26 17:47:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firefly Studios
[2012.07.25 20:43:47 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Local\Facebook
[2012.07.24 16:52:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\{4AE9D997-D987-49BD-B2B2-722F375AAD1C}
[2012.07.24 16:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012.07.24 16:21:25 | 000,038,456 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\usbfilter.sys
[2012.07.24 16:21:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012.07.24 16:20:34 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Desktop\win7_chipset
[2012.07.24 16:20:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Etron Technology
[2012.07.24 16:19:55 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Desktop\Etron
[2012.07.24 16:19:23 | 000,646,248 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2012.07.24 16:18:52 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Desktop\W7
[2012.07.24 16:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NEC Electronics
[2012.07.24 16:10:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NEC Electronics
[2012.07.23 23:31:41 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Desktop\Minecraft server neu
[2012.07.23 23:27:27 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Desktop\minecraft server - Copy
[2012.07.23 22:00:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
[2012.07.23 22:00:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIGABYTE
[2012.07.23 22:00:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2012.07.23 21:53:27 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\ATI
[2012.07.23 21:53:27 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Local\ATI
[2012.07.23 21:49:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012.07.23 21:49:44 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012.07.23 21:49:40 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012.07.23 21:48:50 | 000,000,000 | ---D | C] -- C:\ATI
[2012.07.23 18:43:39 | 000,560,184 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2012.07.23 03:04:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012.07.23 03:03:55 | 002,604,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012.07.23 03:03:55 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012.07.23 03:03:55 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012.07.23 03:03:55 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012.07.23 03:03:55 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012.07.23 03:03:54 | 002,528,872 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2012.07.23 03:03:54 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2012.07.23 03:03:53 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2012.07.23 03:03:51 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2012.07.23 03:03:48 | 003,213,928 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2012.07.23 03:03:48 | 001,914,472 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2012.07.23 03:03:48 | 001,247,848 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2012.07.23 03:03:48 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012.07.23 03:03:48 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012.07.23 03:03:48 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012.07.23 03:03:48 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012.07.23 03:03:48 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012.07.23 03:03:48 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012.07.23 03:03:47 | 000,099,432 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2012.07.23 03:03:46 | 000,886,360 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBAPO64.dll
[2012.07.23 03:03:46 | 000,746,072 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBAPO32.dll
[2012.07.23 03:03:46 | 000,080,984 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBWrp64.dll
[2012.07.23 03:03:46 | 000,064,600 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBppld64.dll
[2012.07.23 03:03:46 | 000,060,504 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBPPCn64.dll
[2012.07.23 03:03:45 | 002,132,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012.07.23 03:03:45 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012.07.23 03:03:44 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012.07.23 03:03:43 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2012.07.23 03:03:43 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2012.07.23 02:59:07 | 000,107,552 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2012.07.23 00:36:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Benjamin\AppData\Roaming\*.tmp files -> C:\Users\Benjamin\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.21 23:11:04 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Users\Benjamin\Desktop\OTL.exe
[2012.08.21 22:43:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.21 22:42:57 | 2132,729,855 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.21 22:41:54 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.08.21 22:41:46 | 000,004,096 | ---- | M] () -- C:\Users\Benjamin\AppData\Roaming\aCvHAGfQbKvt.exe
[2012.08.21 22:40:42 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.21 22:20:51 | 000,792,124 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.21 22:20:51 | 000,670,648 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.21 22:20:51 | 000,123,958 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.21 22:10:08 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.21 21:36:44 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.08.21 21:32:12 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.20 00:30:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.19 23:48:01 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1983738729-2347632295-1724513288-1000UA.job
[2012.08.19 23:29:05 | 524,288,000 | ---- | M] () -- C:\Users\Benjamin\Desktop\MX4D.R13.029.MULTi.HYBRiD.part03.rar
[2012.08.19 22:34:53 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.19 22:34:53 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.19 22:27:50 | 000,001,901 | ---- | M] () -- C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.18 22:18:49 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1983738729-2347632295-1724513288-1000Core.job
[2012.08.17 14:30:19 | 000,293,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.17 12:53:37 | 000,002,130 | ---- | M] () -- C:\Users\Public\Desktop\Saints Row The Third.lnk
[2012.08.16 22:30:24 | 000,001,954 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.08.16 22:28:54 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2012.08.15 23:30:19 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.15 23:30:19 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.12 09:54:43 | 000,152,064 | -H-- | M] (Adobe Systems, Inc.) -- C:\Users\Benjamin\AppData\Roaming\FlashPlayerPlugin_11_3_300_270.exe
[2012.08.10 23:07:04 | 000,006,400 | ---- | M] () -- C:\Users\Benjamin\AppData\Roaming\BAcroIEHelpe.dll
[2012.08.10 23:07:02 | 000,200,336 | ---- | M] () -- C:\Users\Benjamin\AppData\Roaming\AcroIEHelpe.dll
[2012.08.10 23:06:56 | 000,000,016 | ---- | M] () -- C:\Users\Benjamin\AppData\Roaming\blckdom.res
[2012.08.10 22:42:44 | 001,235,968 | ---- | M] (Sun Microsystems) -- C:\Users\Benjamin\AppData\Roaming\rundll32.exe
[2012.08.08 13:15:42 | 475,863,670 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.08.08 00:08:41 | 000,038,209 | ---- | M] () -- C:\untitled.mp3
[2012.08.07 20:14:11 | 000,017,405 | ---- | M] () -- C:\Users\Benjamin\Documents\Bewerbungsschreiben seb 2012 07.08..odt
[2012.08.07 19:32:09 | 000,013,948 | ---- | M] () -- C:\Users\Benjamin\Documents\Lebenslauf Seb 2012 07.08.odt
[2012.08.02 21:10:04 | 000,005,561 | ---- | M] () -- C:\Users\Benjamin\AppData\Local\recently-used.xbel
[2012.07.31 23:49:23 | 000,001,621 | ---- | M] () -- C:\Users\Benjamin\Desktop\OPERATION7.lnk
[2012.07.31 21:01:59 | 000,002,217 | ---- | M] () -- C:\Users\Public\Desktop\Rock Raiders - Hoher Modus.lnk
[2012.07.31 20:58:21 | 000,002,371 | ---- | M] () -- C:\Users\Public\Desktop\Rock Raiders - Standardmodus.lnk
[2012.07.31 20:50:53 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\w95inf32.dll
[2012.07.31 20:50:53 | 000,002,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\w95inf16.dll
[2012.07.31 13:28:08 | 000,000,502 | ---- | M] () -- C:\Windows\eReg.dat
[2012.07.30 14:42:52 | 000,010,302 | ---- | M] () -- C:\Filterscript_Interiors.amx
[2012.07.30 12:02:06 | 001,590,276 | ---- | M] () -- C:\test.amx
[2012.07.29 18:25:07 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2012.07.29 18:01:38 | 000,000,010 | ---- | M] () -- C:\Windows\GSetup.ini
[2012.07.26 23:34:44 | 000,001,076 | ---- | M] () -- C:\Users\Benjamin\Desktop\GameRanger.lnk
[2012.07.26 23:34:44 | 000,001,056 | ---- | M] () -- C:\Users\Benjamin\Application Data\Microsoft\Internet Explorer\Quick Launch\GameRanger.lnk
[2012.07.26 23:09:34 | 000,001,024 | ---- | M] () -- C:\Users\Benjamin\Application Data\Microsoft\Internet Explorer\Quick Launch\GameSpy Arcade.lnk
[2012.07.26 23:09:34 | 000,001,000 | ---- | M] () -- C:\Users\Benjamin\Desktop\GameSpy Arcade.lnk
[2012.07.24 16:24:17 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2012.07.24 16:24:17 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\GVTunner.ref
[2012.07.23 22:00:55 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\ET6.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Benjamin\AppData\Roaming\*.tmp files -> C:\Users\Benjamin\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.21 21:32:12 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.19 23:14:55 | 524,288,000 | ---- | C] () -- C:\Users\Benjamin\Desktop\MX4D.R13.029.MULTi.HYBRiD.part03.rar
[2012.08.19 18:24:38 | 004,503,728 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.08.19 18:24:38 | 000,001,901 | ---- | C] () -- C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.17 12:53:37 | 000,002,130 | ---- | C] () -- C:\Users\Public\Desktop\Saints Row The Third.lnk
[2012.08.16 22:30:24 | 000,001,954 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.08.12 09:54:43 | 000,004,096 | ---- | C] () -- C:\Users\Benjamin\AppData\Roaming\aCvHAGfQbKvt.exe
[2012.08.10 23:07:04 | 000,006,400 | ---- | C] () -- C:\Users\Benjamin\AppData\Roaming\BAcroIEHelpe.dll
[2012.08.10 23:07:02 | 000,200,336 | ---- | C] () -- C:\Users\Benjamin\AppData\Roaming\AcroIEHelpe.dll
[2012.08.10 23:06:56 | 000,000,016 | ---- | C] () -- C:\Users\Benjamin\AppData\Roaming\blckdom.res
[2012.08.07 23:37:57 | 000,038,209 | ---- | C] () -- C:\untitled.mp3
[2012.08.07 19:37:52 | 000,017,405 | ---- | C] () -- C:\Users\Benjamin\Documents\Bewerbungsschreiben seb 2012 07.08..odt
[2012.08.07 19:30:34 | 000,013,948 | ---- | C] () -- C:\Users\Benjamin\Documents\Lebenslauf Seb 2012 07.08.odt
[2012.08.02 21:10:04 | 000,005,561 | ---- | C] () -- C:\Users\Benjamin\AppData\Local\recently-used.xbel
[2012.07.31 23:49:23 | 000,001,621 | ---- | C] () -- C:\Users\Benjamin\Desktop\OPERATION7.lnk
[2012.07.31 20:58:21 | 000,002,371 | ---- | C] () -- C:\Users\Public\Desktop\Rock Raiders - Standardmodus.lnk
[2012.07.31 20:58:21 | 000,002,217 | ---- | C] () -- C:\Users\Public\Desktop\Rock Raiders - Hoher Modus.lnk
[2012.07.31 20:50:56 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2012.07.31 20:50:56 | 000,005,672 | ---- | C] () -- C:\Windows\SysWow64\quartz.vxd
[2012.07.31 13:28:08 | 000,000,502 | ---- | C] () -- C:\Windows\eReg.dat
[2012.07.30 14:42:52 | 000,010,302 | ---- | C] () -- C:\Filterscript_Interiors.amx
[2012.07.29 23:11:14 | 001,590,276 | ---- | C] () -- C:\test.amx
[2012.07.29 18:01:38 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012.07.26 23:34:44 | 000,001,076 | ---- | C] () -- C:\Users\Benjamin\Desktop\GameRanger.lnk
[2012.07.26 23:34:44 | 000,001,062 | ---- | C] () -- C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk
[2012.07.26 23:34:44 | 000,001,056 | ---- | C] () -- C:\Users\Benjamin\Application Data\Microsoft\Internet Explorer\Quick Launch\GameRanger.lnk
[2012.07.26 23:09:34 | 000,001,024 | ---- | C] () -- C:\Users\Benjamin\Application Data\Microsoft\Internet Explorer\Quick Launch\GameSpy Arcade.lnk
[2012.07.26 23:09:34 | 000,001,000 | ---- | C] () -- C:\Users\Benjamin\Desktop\GameSpy Arcade.lnk
[2012.07.25 20:43:50 | 000,000,940 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1983738729-2347632295-1724513288-1000UA.job
[2012.07.25 20:43:50 | 000,000,918 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1983738729-2347632295-1724513288-1000Core.job
[2012.07.24 16:19:23 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2012.07.23 22:18:25 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2012.07.23 22:18:25 | 000,000,004 | ---- | C] () -- C:\Windows\SysWow64\GVTunner.ref
[2012.07.23 22:00:55 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\ET6.lnk
[2012.07.23 03:03:48 | 000,150,996 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2012.07.22 22:51:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.07.04 07:34:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.07.04 07:34:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.07.01 20:38:01 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.10 23:43:55 | 000,205,276 | ---- | C] () -- C:\Windows\hpwins26.dat
[2012.05.24 09:53:19 | 000,002,048 | -HS- | C] () -- C:\Users\Benjamin\AppData\Local\{2c0d4899-1ff3-56b0-c938-7ab25120bc79}\@
[2012.04.18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2008.12.09 17:23:13 | 000,052,688 | RHS- | C] () -- C:\Users\Benjamin\AppData\Roaming\appConf32.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1202 bytes -> C:\Users\Benjamin\AppData\Local\elq3b5yEKHEw86b:DoNQuBPm53jplBGQlNF
@Alternate Data Stream - 1161 bytes -> C:\Users\Benjamin\AppData\Local\Temp:u1GUJ0JOFwPASzOTdqewuUOK
@Alternate Data Stream - 1121 bytes -> C:\Users\Benjamin\AppData\Local\Temp:gCuWnZQfhqRLmf4rfxA2

< End of report >
         
--- --- ---
__________________

Alt 19.08.2012, 22:07   #4
t'john
/// Helfer-Team
 
Bildschirmsperre Virus entfernen - Standard

Bildschirmsperre Virus entfernen



Zitat:
PRC - C:\Users\Benjamin\Desktop\Cinema 4D\Maxon.Cinema.4D.R13.029.MULTiLANGUAGE.HYBRiD-MUS3\Crack\keygen.exe ()
Was glaubst du, warum es Cracks gibt?

Damit sich Leute wie du das Ding sich auf den Rechner spielen und der Rechner damit durch Backdoors kriminellen zur verfuegung steht.
__________________
Mfg, t'john
Das TB unterstützen

Alt 19.08.2012, 22:43   #5
bennIY
 
Bildschirmsperre Virus entfernen - Standard

Bildschirmsperre Virus entfernen



Das war zeugs von einem USB Stick eines freundes, er wollte bei mir Daten sichern von einem Crack hat er nicht geredet allerdings habe ich das keygending (nun weis ich auch was es ist) nicht ausgeführt.
//EDIT: Ich werde ihn drauf ansprechen allerdings bestand das Problem schon vorher diese Daten sicherten wir, nachdem der Desktop einmal nicht gesperrt wurde


Alt 19.08.2012, 22:47   #6
t'john
/// Helfer-Team
 
Bildschirmsperre Virus entfernen - Standard

Bildschirmsperre Virus entfernen



Das PRC im Log bedeutet: wird gerade ausgefuehrt.


Die Benutzung von Cracks und Keygens ist illegal und verstoesst gegen unseren Kodex.

Anleitungen zum Neuaufsetzen (bebildert) > Windows 7 neu aufsetzen > Vista > XP

1. Datenrettung:



2. Formatieren, Windows neu instalieren:



3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
__________________
--> Bildschirmsperre Virus entfernen

Alt 19.08.2012, 22:58   #7
bennIY
 
Bildschirmsperre Virus entfernen - Standard

Bildschirmsperre Virus entfernen



Ist dieser Schritt Notwendig, mein System wurde erst neu gemacht.
In wieweit beeinträchtigt dieser Crack mein PC, mein Freund wollte bei mir Cinema 4D retten redete aber nicht von einer gecrackten Version dafür muss ich mich ausdrücklich entschuldigen, warum diese gerade ausgeführt weis ich nicht aber ich sehe, dass dieser sich automatisch öffnet sobald der pc hochfährt.
Ist es notwendig die Festplatte neu zu machen oder wird mir auf Grund des befundes keine Hilfe mehr geboten( verständlich)?

Alt 19.08.2012, 23:08   #8
t'john
/// Helfer-Team
 
Bildschirmsperre Virus entfernen - Standard

Bildschirmsperre Virus entfernen



Mit dem Crack hat du einen Rootkit ins System gebracht.

ZAccess.

Wenn du mit Emsisoft scannst, wirst du ihn finden.

http://www.trojaner-board.de/56634-rootkits.html
Er ist kompromittiert und ist nicht mehr vertrauenswuerdig. Du solletest von einem sauberen System aus alle deine Passwoerter aendern.
Ich empfehle dir dringendst den PC vom Netz zu trennen und neu aufzusetzen.
__________________
Mfg, t'john
Das TB unterstützen

Alt 19.08.2012, 23:12   #9
bennIY
 
Bildschirmsperre Virus entfernen - Standard

Bildschirmsperre Virus entfernen



Dieser Crack wurde aber erst nach dem ich infiziert war aufgespielt, der Fehler liegt also noch wo anderst.
//EDIT: Ich Formatiere meine Festplatte, das Problem das ich sehe ist, das ich eine externe Festplatte finden muss und die hat hier nicht jeder darum kann das eine Woche Dauern.
Passwörter sind auf diesem Computer nicht gefärdet ich logge mich nirgendwo ein auser. . . TrojanerBoard

//Edit 2: Natoll nun wird mein Bildschirm auch im abgesicherten Modus gesperrt und in reatogo X-PE ist das der datenträger C Gesperrt, gibt es eine Möglichkeit zumindest zur Datenrettung den Bildschirm zu entsperren?

Geändert von bennIY (19.08.2012 um 23:30 Uhr)

Alt 19.08.2012, 23:47   #10
t'john
/// Helfer-Team
 
Bildschirmsperre Virus entfernen - Standard

Bildschirmsperre Virus entfernen



Beim schnellen ueberfliegen habe ich 3 Infektionen allein in diesem Monat endtdeckt.
Wie die entstanden sind, weisst nur du.

Seztz neu auf und betrete das Internet erst, wenn alle Software aktuell ist.

Und Haende weg von Cracks und Keygens.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Bildschirmsperre Virus entfernen
adobe, autorun, bho, bildschirm, bildschirmsperre, defender, desktop, entfernen, error, firefox, flash player, format, geld, gesperrt, helper, iminent, langs, launch, limited.com/facebook, logfile, nvidia update, object, plug-in, problem, realtek, registry, rundll, scan, software, svchost.exe, usb 3.0, virus, virus entfernen, visual studio, win64, windows xp



Ähnliche Themen: Bildschirmsperre Virus entfernen


  1. V9 Virus entfernen
    Plagegeister aller Art und deren Bekämpfung - 28.08.2015 (11)
  2. Babylon toolbar entfernen, BrowserCompanion entfernen, DealPly entfernen, GinyasBrowserCompanions entfernen
    Log-Analyse und Auswertung - 17.12.2014 (9)
  3. Windows 7 64-bit: Kurzzeitige Bildschirmsperre, beschädigter abgesicherter Modus.
    Log-Analyse und Auswertung - 22.12.2013 (13)
  4. Interpol Virus Bildschirmsperre
    Log-Analyse und Auswertung - 19.12.2013 (5)
  5. Virus mit Bildschirmsperre, abegsichter Modus nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 07.12.2013 (30)
  6. Windows 7: Interpol Meldung, Bildschirmsperre
    Plagegeister aller Art und deren Bekämpfung - 18.10.2013 (15)
  7. Windows 7: Interpol Trojaner mit Bildschirmsperre
    Log-Analyse und Auswertung - 04.10.2013 (3)
  8. Virus entfernen
    Plagegeister aller Art und deren Bekämpfung - 03.07.2013 (53)
  9. 100€, GVU, Bildschirmsperre
    Plagegeister aller Art und deren Bekämpfung - 17.02.2013 (4)
  10. MOM.exe Virus entfernen?
    Plagegeister aller Art und deren Bekämpfung - 11.02.2013 (2)
  11. wgsdgsdgdsgsd.exe mit Bildschirmsperre
    Log-Analyse und Auswertung - 30.01.2013 (13)
  12. Bildschirmsperre: Bundespolizei trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (4)
  13. GVU 2.07 Virus entfernen
    Log-Analyse und Auswertung - 27.09.2012 (18)
  14. BKA Virus - wie entfernen
    Log-Analyse und Auswertung - 09.07.2012 (1)
  15. S.M.A.R.T. HDD Virus entfernen
    Log-Analyse und Auswertung - 30.04.2012 (1)
  16. S.M.A.R.T. HDD Virus entfernen
    Plagegeister aller Art und deren Bekämpfung - 11.04.2012 (1)
  17. S.M.A.R.T. HDD Virus entfernen
    Plagegeister aller Art und deren Bekämpfung - 06.04.2012 (7)

Zum Thema Bildschirmsperre Virus entfernen - Hallo Community, dank eines Menschen der den ganzen Tag nichts besseres zu tun hat als Vieren zu programmieren habe ich das Problem, dass mein Bildschirm auf ewig nach dem Start - Bildschirmsperre Virus entfernen...
Archiv
Du betrachtest: Bildschirmsperre Virus entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.