| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: SearchplusnetworkWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.11.2012, 15:17
| #1 |
| |  Searchplusnetwork Guten Tag liebe trojaner-board members! Ich habe seit zwei Tagen nun diesen Virus (bis ich mal endlich drauf gekommen bin dass er sich nicht ganz einfach löscht) und habe dann google um hilfe gebeten und bin nun zu dem Entschluss gekommen euch um Hilfe zu bitten TT_TT!! Habe von dem was ich gefunden habe erst einmal einen Vollscan mit Malwarebytes nach der Aktualisierung gemacht und nach dem Suchlauf erstmal die gefundenen Dateien gelöscht. Und dann habe ich das OTL-Programm durchlaufen lassen. (ich hoffe bis dahin ist alles richtig?) Und hier sind die logfiles >< Code:
ATTFilter OTL logfile created on: 03.Nov.2012 14:49:54 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MMM.yyyy 5,98 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 24,67% Memory free 11,96 Gb Paging File | 6,09 Gb Available in Paging File | 50,87% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 906,34 Gb Total Space | 526,12 Gb Free Space | 58,05% Space Free | Partition Type: NTFS Computer Name: ***** | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\*****\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) PRC - C:\Users\*****\AppData\Roaming\GinyasBrowserCompanion\tbhcn.exe () PRC - C:\Users\*****\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Safari\Safari.exe (Apple Inc.) PRC - C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe (Apple Inc.) PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) PRC - C:\Users\*****\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe (Logitech, Inc.) PRC - C:\Users\*****\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LULnchr.exe (Logitech, Inc.) PRC - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe (Advanced Micro Devices, Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\jmesoft\JME_LOAD.exe () PRC - C:\Windows\jmesoft\hotkey.exe (Lenovo) PRC - C:\Windows\jmesoft\Service.exe () PRC - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.) PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) PRC - C:\Programme\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe (Lenovo) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Programme\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe (Lenovo) PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Windows\SysWOW64\WTMKM.exe () PRC - C:\Windows\SysWOW64\atwtusb.exe () PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Modules (No Company Name) ========== MOD - C:\Users\*****\AppData\Roaming\GinyasBrowserCompanion\tbhcn.exe () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () MOD - C:\Users\*****\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll () MOD - C:\Users\*****\AppData\Local\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll () MOD - C:\Users\*****\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll () MOD - C:\Users\*****\AppData\Local\Google\Chrome\Application\22.0.1229.94\libglesv2.dll () MOD - C:\Users\*****\AppData\Local\Google\Chrome\Application\22.0.1229.94\libegl.dll () MOD - C:\Users\*****\AppData\Local\Google\Chrome\Application\22.0.1229.94\avutil-51.dll () MOD - C:\Users\*****\AppData\Local\Google\Chrome\Application\22.0.1229.94\avformat-54.dll () MOD - C:\Users\*****\AppData\Local\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Safari\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Safari\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\Common Files\logishrd\SharedBin\LVAPI11.dll () MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll () MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll () MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll () MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll () MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll () MOD - C:\windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\SDL.dll () MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Programme\Lenovo\Lenovo Brightness System\ddcHelperWraper.dll () MOD - C:\Programme\Lenovo\Lenovo Brightness System\KeyStoneAdapter.dll () MOD - C:\Programme\Lenovo\Lenovo Eye Distance System\KeyStoneAdapter.dll () MOD - C:\Programme\Lenovo\Lenovo Eye Distance System\VideoPlayer.dll () MOD - C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll () MOD - C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll () MOD - C:\Windows\jmesoft\VistaVolume.dll () MOD - C:\Windows\SysWOW64\WTMKM.exe () MOD - C:\Windows\SysWOW64\atwtusb.exe () MOD - C:\Windows\SysWOW64\ATWTINK.DLL () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_b5e8a4c.dll () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (JME Keyboard) -- C:\Windows\jmesoft\Service.exe () SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (fbfmon) -- C:\Windows\SysNative\drivers\fbfmon.sys (Lenovo) DRV:64bit: - (BPntDrv) -- C:\Windows\SysNative\drivers\BPntDrv.sys (Lenovo) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO) DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (fwlanusb4) -- C:\Windows\SysNative\drivers\fwlanusb4.sys (AVM GmbH) DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (WinI2C-DDC) -- C:\Windows\SysNative\drivers\ddcdrv.sys (Nicomsoft Ltd.) DRV - (WinI2C-DDC) -- C:\Windows\SysWOW64\drivers\ddcdrv.sys (Nicomsoft Ltd.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/splitcam/{7B6E5621-DE6E-45A6-A2A6-DE250131F691} IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LEND&bmod=LEND IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data] IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchplusnetwork.com/?sp=st3 IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1001\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1001\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\DealBulldog Toolbar\tbhelper.dll () IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7LEND_deDE460 IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local> ========== FireFox ========== FF - prefs.js..CT2849855.browser.search.defaultthis.engineName: true FF - prefs.js..browser.search.defaultthis.engineName: "BittorrentBar_DE Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Plus! Network" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.searchplusnetwork.com/?sp=st3" FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\*****\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\*****\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\*****\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\*****\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.10.29 11:43:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.10.29 11:43:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.10.29 11:43:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 11:08:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.02 04:24:18 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 11:08:29 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.02 04:24:18 | 000,000,000 | ---D | M] [2012.05.06 13:36:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\Mozilla\Extensions [2012.11.02 23:27:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\tsckl2du.default\extensions [2012.11.02 18:35:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\tsckl2du.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.10.03 13:18:11 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\tsckl2du.default\extensions\ich@maltegoetz.de [2012.11.03 13:02:08 | 000,002,790 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\tsckl2du.default\searchplugins\Plusnetwork.xml [2012.10.29 11:08:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.29 11:08:29 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.25 12:41:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.16 19:33:39 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.25 12:41:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.25 12:41:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.25 12:41:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.25 12:41:12 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.searchplusnetwork.com/?sp=st3 CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.searchplusnetwork.com/?sp=st3 CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\*****\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\windows\system32\TVUAx\npTVUAx.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.1.3_0\ CHR - Extension: Angry Birds = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: Missing e = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid\2.13.8_0\ CHR - Extension: BEAST's Trollseob = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmdeifkiokjbojlohpdmohmjgfgpncl\1.0_0\ CHR - Extension: YouTube = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: BrainPOP Featured Movie = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdikkckjinnmjpgkjjpnfmmbcpbhmklf\2.0_0\ CHR - Extension: Adblock Plus = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3_0\ CHR - Extension: Bouncy Mouse = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdllcbmneiklcmbeclfegccdjholomb\1.2.1_0\ CHR - Extension: Korean Word of the Day = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckfjiefnealemoefbkgpdiejkmecadlh\1.21_0\ CHR - Extension: Kaspersky URL Advisor = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\ CHR - Extension: T-Brain = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecfpgmcalfhhkdaoeaaiobmfdoiibjhm\2.1.0_0\ CHR - Extension: PanicButton = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm\0.14.2.2_0\ CHR - Extension: Tumblr - Custom Photosets = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffjnllilgappblckchbklmifljphgllc\1.1.0_0\ CHR - Extension: Stylish = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\0.10_0\ CHR - Extension: Simple Highlighter = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\hljnlfolmbmibdjaikiaepgepgnldclj\2.1.6.8_0\ CHR - Extension: YouTube Downloader: MP3 / HD Video Download = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokfcbmfpgeajcgkaeigohghnkhjmcbj\13.0_0\ CHR - Extension: Test & Improve Your Knowledge = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilagnajmjdobfhidldegnpomkhinccdi\1.3_0\ CHR - Extension: Virtual Keyboard = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\ CHR - Extension: hipster floral n\u00B07 TUMBLR = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jepkopdkhfahanmlkfoajjhjoccnacom\1.0_0\ CHR - Extension: Tumblr - Cheetah = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhibbakdhegdffecbamcdmgjlghiiojg\1.0_0\ CHR - Extension: Hangul Type Attack = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnmkoafmojamndpjlhgedghjlbeghfj\1.0.1_0\ CHR - Extension: BEAST's Kikwang tumblr logo = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kidclfkpljelkbgdeepilkglmbobbipl\1.0_0\ CHR - Extension: Auto HD For YouTube = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak\3.0.5_0\ CHR - Extension: Glitter (\uFF89\u25D5\u30EE\u25D5)\uFF89*\u2665:\uFF65\uFF9F\u2727 tumblr logo = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpokkeejnpbeaaelcbaeefddjhmcigna\1.0_0\ CHR - Extension: dict.cc = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\llcnidbddlogggdbiacchoamnhdmeibj\2.3.17.1_0\ CHR - Extension: Thesaurus Extension = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnlghihanpgbalbphnffoehfkbcfcpic\1.1_0\ CHR - Extension: Quick Note = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.4.2_0\ CHR - Extension: TOEFL IELTS GRE SAT in Korean = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nggipcnlmnibahjhiibndcehdhbfffhl\3.3.18_0\ CHR - Extension: Brain Training = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\okchoagaoilphggnegfokcbfacndlckm\13.4832.8999_0\ CHR - Extension: Gmail = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Anti-Banner = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\ CHR - Extension: Steins; Gate Theme2 = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\plddppaedppoghagchoehpmpojfmjlnf\2_0\ CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.1.3_0\ CHR - Extension: Angry Birds = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: Missing e = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid\2.13.8_0\ CHR - Extension: BEAST's Trollseob = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmdeifkiokjbojlohpdmohmjgfgpncl\1.0_0\ CHR - Extension: YouTube = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: BrainPOP Featured Movie = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdikkckjinnmjpgkjjpnfmmbcpbhmklf\2.0_0\ CHR - Extension: Adblock Plus = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3_0\ CHR - Extension: Bouncy Mouse = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdllcbmneiklcmbeclfegccdjholomb\1.2.1_0\ CHR - Extension: Korean Word of the Day = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckfjiefnealemoefbkgpdiejkmecadlh\1.21_0\ CHR - Extension: Kaspersky URL Advisor = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\ CHR - Extension: T-Brain = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecfpgmcalfhhkdaoeaaiobmfdoiibjhm\2.1.0_0\ CHR - Extension: PanicButton = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm\0.14.2.2_0\ CHR - Extension: Tumblr - Custom Photosets = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffjnllilgappblckchbklmifljphgllc\1.1.0_0\ CHR - Extension: Stylish = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\0.10_0\ CHR - Extension: Simple Highlighter = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\hljnlfolmbmibdjaikiaepgepgnldclj\2.1.6.8_0\ CHR - Extension: YouTube Downloader: MP3 / HD Video Download = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokfcbmfpgeajcgkaeigohghnkhjmcbj\13.0_0\ CHR - Extension: Test & Improve Your Knowledge = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilagnajmjdobfhidldegnpomkhinccdi\1.3_0\ CHR - Extension: Virtual Keyboard = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\ CHR - Extension: hipster floral n\u00B07 TUMBLR = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jepkopdkhfahanmlkfoajjhjoccnacom\1.0_0\ CHR - Extension: Tumblr - Cheetah = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhibbakdhegdffecbamcdmgjlghiiojg\1.0_0\ CHR - Extension: Hangul Type Attack = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnmkoafmojamndpjlhgedghjlbeghfj\1.0.1_0\ CHR - Extension: BEAST's Kikwang tumblr logo = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kidclfkpljelkbgdeepilkglmbobbipl\1.0_0\ CHR - Extension: Auto HD For YouTube = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak\3.0.5_0\ CHR - Extension: Glitter (\uFF89\u25D5\u30EE\u25D5)\uFF89*\u2665:\uFF65\uFF9F\u2727 tumblr logo = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpokkeejnpbeaaelcbaeefddjhmcigna\1.0_0\ CHR - Extension: dict.cc = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\llcnidbddlogggdbiacchoamnhdmeibj\2.3.17.1_0\ CHR - Extension: Thesaurus Extension = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnlghihanpgbalbphnffoehfkbcfcpic\1.1_0\ CHR - Extension: Quick Note = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.4.2_0\ CHR - Extension: TOEFL IELTS GRE SAT in Korean = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nggipcnlmnibahjhiibndcehdhbfffhl\3.3.18_0\ CHR - Extension: Brain Training = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\okchoagaoilphggnegfokcbfacndlckm\13.4832.8999_0\ CHR - Extension: Gmail = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Anti-Banner = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\ CHR - Extension: Steins; Gate Theme2 = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\plddppaedppoghagchoehpmpojfmjlnf\2_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\64\AutocompletePro64.dll (SimplyGen) O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {963B125B-8B21-49A2-A3A8-E37092276531} - No CLSID value found. O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll () O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (DealBulldog Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1475071530-2637788333-518923065-1001\..\Toolbar\WebBrowser: (no name) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - No CLSID value found. O3 - HKU\S-1-5-21-1475071530-2637788333-518923065-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\S-1-5-21-1475071530-2637788333-518923065-1001\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [atwtusb] C:\windows\SysWow64\atwtusb.exe () O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [jmekey] C:\Windows\jmesoft\hotkey.exe (Lenovo) O4 - HKLM..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe () O4 - HKLM..\Run: [Lenovo Dynamic Brightness System] C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe (Lenovo) O4 - HKLM..\Run: [Lenovo Eye Distance System] C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe (Lenovo) O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [MacrokeyManager] C:\windows\SysWow64\WTMKM.exe () O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" File not found O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1475071530-2637788333-518923065-1001..\Run: [Akamai NetSession Interface] C:\Users\*****\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-1475071530-2637788333-518923065-1001..\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED File not found O4 - HKU\S-1-5-21-1475071530-2637788333-518923065-1001..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKU\S-1-5-21-1475071530-2637788333-518923065-1001..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.) O4 - HKU\S-1-5-21-1475071530-2637788333-518923065-1001..\Run: [SplitCam] C:\Program Files (x86)\WebCamEffects\WebCamEffects.exe File not found O4 - HKU\S-1-5-21-1475071530-2637788333-518923065-1001..\Run: [WebCamEffects] C:\Program Files (x86)\WebCamEffects\WebCamEffects.exe File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = C:\Users\*****\AppData\Roaming\GinyasBrowserCompanion\tbhcn.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.7.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF44D5DC-8B79-4410-8EDB-D83C48E652F0}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2310029-BFA6-40A4-A279-7737462D4295}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\base64 - No CLSID value found O18:64bit: - Protocol\Handler\chrome - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\prox - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\base64 - No CLSID value found O18 - Protocol\Handler\chrome - No CLSID value found O18 - Protocol\Handler\prox - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.04.06 12:20:47 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O33 - MountPoints2\{07df2a8d-1dd9-11e1-9539-c89cdc756861}\Shell - "" = AutoRun O33 - MountPoints2\{07df2a8d-1dd9-11e1-9539-c89cdc756861}\Shell\AutoRun\command - "" = E:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.03 13:58:12 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{A5A50261-513B-4380-848C-A8F1468127BE} [2012.11.03 13:44:44 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes [2012.11.03 13:44:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.03 13:44:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012.11.03 13:44:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.03 13:44:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.03 13:33:52 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Anvisoft [2012.11.03 13:32:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft [2012.11.03 13:32:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft [2012.11.03 13:32:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft [2012.11.02 15:23:59 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{989B7267-A00A-491C-911A-D775EB3F4965} [2012.11.02 04:22:42 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\GinyasBrowserCompanion [2012.11.02 04:21:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DealBulldog Toolbar [2012.11.02 04:21:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutocompletePro [2012.11.01 23:40:28 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{4BB21410-E159-4FFE-B457-0FEDA992DEEF} [2012.11.01 11:40:03 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{54CF5F7B-3D19-4A38-9AB1-B123FD7A18B8} [2012.10.31 13:19:51 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{3A2B8A0B-F955-4F6B-8C9E-16C1B9DD5D82} [2012.10.30 11:53:56 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{D4A8F4CF-86E8-42C0-84D8-7E0BC8EDB8A2} [2012.10.29 23:13:12 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{F107431F-2A2E-4455-8AE5-1A95F1378529} [2012.10.29 11:08:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.29 11:03:41 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{ECAAD5C9-E4DE-46FF-85F1-3B5411FE9AFD} [2012.10.28 12:21:30 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{569C83D4-9F06-4D0D-840E-ED3669CC00B5} [2012.10.27 17:36:01 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{A8B65607-DC8D-493F-BD26-A1435E1FD2C5} [2012.10.26 16:42:34 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{9D2FFC57-DEDB-4B42-9FD8-25BD100C099E} [2012.10.25 21:09:25 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\city [2012.10.25 10:40:27 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{873CF28D-7B62-44AA-8139-46DD34477B9C} [2012.10.24 17:57:53 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{D4E8B401-9EE5-46F7-8ED3-492ABA3451B9} [2012.10.22 22:48:17 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{3567D20F-4993-4146-A3BC-AA9D25E88795} [2012.10.22 18:59:02 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_42.dll [2012.10.22 18:57:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2012.10.22 18:57:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp [2012.10.20 13:22:06 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{97AE2C45-501C-4E81-831F-DCE5C27E340D} [2012.10.19 23:10:58 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{1C6F74C0-44FA-4572-8984-10608D159217} [2012.10.19 11:10:32 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{E4A06C0C-658A-490F-923A-9BF9B9EF3A30} [2012.10.18 12:16:13 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{1D9814F0-AD93-4EBB-8ACF-3A37020D7885} [2012.10.17 21:22:55 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\pRAKTIKAS [2012.10.17 12:02:22 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{A1F89F48-D014-4C8C-9A62-F5914C6E3AA7} [2012.10.16 12:55:21 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{48C96AF4-2454-4F80-ACDC-ED2AC1699E75} [2012.10.15 17:33:00 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{F3AC9F8E-D9D5-42C6-8AAF-33A023639DD7} [2012.10.15 12:06:37 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Neuer Ordner (2) [2012.10.15 12:06:31 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{841DF7FC-CC29-4FF0-8C26-A50AD5200351} [2012.10.14 13:24:19 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{6DD27EBC-EFB5-4DCA-AAF2-331006A8D7FE} [2012.10.13 23:56:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.10.13 23:55:57 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll [2012.10.13 23:55:57 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe [2012.10.13 23:55:31 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll [2012.10.13 23:09:02 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Neuer Ordner [2012.10.13 23:04:43 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{4F1B8CD8-9EB5-42B3-98ED-FD105E92E448} [2012.10.13 11:04:17 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{780FCA23-D2AC-4DC1-B70C-3F3E00DB9C6B} [2012.10.11 12:54:25 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{2D374976-3B58-4E0E-87D2-8430360A05CD} [2012.10.10 13:29:02 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{E2332BE2-DB32-4C96-9D45-022CFAD21A98} [2012.10.10 12:11:51 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe [2012.10.10 12:11:51 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe [2012.10.10 12:11:51 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe [2012.10.10 12:11:47 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll [2012.10.10 12:11:47 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll [2012.10.10 12:11:47 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll [2012.10.10 12:11:47 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe [2012.10.10 12:11:47 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll [2012.10.10 12:11:47 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll [2012.10.10 12:11:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe [2012.10.10 12:11:47 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll [2012.10.10 12:11:47 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll [2012.10.10 12:11:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll [2012.10.10 12:11:47 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll [2012.10.10 12:11:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.10 12:11:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.10.10 12:11:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe [2012.10.10 12:11:45 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.10 12:11:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.10.10 12:11:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.10 12:11:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.10.10 12:11:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.10 12:11:42 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.10.10 12:11:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.10 12:11:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.10 12:11:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.10 12:11:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.10.10 12:11:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.10.10 12:11:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.10 12:11:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.10 12:11:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.10.10 12:11:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.10.10 12:11:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.10.10 12:11:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.10.10 12:11:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.10.10 12:11:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.10.10 12:11:40 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.10.10 12:11:40 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.10.10 12:11:40 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.10.10 12:11:40 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.10 12:11:40 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.10 12:11:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.10 12:11:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.10.10 12:11:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.10 12:11:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.10.10 12:11:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.10.10 12:11:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.10.10 12:11:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.10 12:11:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.10 12:11:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.10 12:11:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.10.10 12:11:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.10 12:11:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.10.10 12:11:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.10.10 12:11:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.10.10 12:11:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.10.10 12:11:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.10.10 12:11:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.10.10 12:11:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.10 12:11:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.10.10 12:11:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.10.10 12:11:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.10 12:11:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.10 12:11:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.10.10 12:11:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.10.10 12:11:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.10.10 12:11:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.10.10 12:11:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.10.10 12:11:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.10.10 12:11:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.10.10 12:11:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.10.10 12:11:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe [2012.10.10 12:11:36 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll [2012.10.10 12:11:26 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll [2012.10.10 12:11:26 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll [2012.10.09 11:31:19 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{0602A2FF-8E8C-467A-8408-7CC3790F06D3} [2012.10.08 22:24:05 | 010,220,472 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe [2012.10.08 18:17:01 | 000,000,000 | ---D | C] -- C:\Users\*****\Synfig [2012.10.08 17:08:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synfig [2012.10.08 17:08:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Synfig [2012.10.08 14:45:45 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\DigiCel [2012.10.08 14:45:45 | 000,000,000 | ---D | C] -- C:\ProgramData\DigiCel [2012.10.08 14:19:51 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{B8533D22-9D93-44B4-A4CF-9731B48E6B9B} [2012.10.07 22:18:12 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{44E28E7A-0894-47F9-9E17-B1BD21EC89CA} [2012.10.06 12:50:39 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{97437139-570E-4512-889B-11718F65C60D} [2012.10.06 00:02:15 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{70D97F23-CF1C-420F-9341-032291E55825} [2012.10.04 22:36:18 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TwistedBrush [2012.10.04 22:35:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pixarra [2012.10.04 22:01:22 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{AB415652-66C8-4E43-A0B5-42990253A75C} [2011.10.22 00:25:37 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe [6 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] [1 C:\Users\*****\Desktop\*.tmp files -> C:\Users\*****\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.03 14:46:01 | 000,001,132 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1475071530-2637788333-518923065-1001UA.job [2012.11.03 14:06:06 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012.11.03 13:09:15 | 000,030,736 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.03 13:09:15 | 000,030,736 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.03 13:05:59 | 001,498,742 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012.11.03 13:05:59 | 000,654,150 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2012.11.03 13:05:59 | 000,616,032 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012.11.03 13:05:59 | 000,130,022 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2012.11.03 13:05:59 | 000,106,412 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012.11.03 13:02:28 | 000,393,693 | ---- | M] () -- C:\windows\SysNative\fastboot.set [2012.11.03 13:00:27 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.11.03 13:00:22 | 523,018,239 | -HS- | M] () -- C:\hiberfil.sys [2012.11.03 01:46:00 | 000,001,080 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1475071530-2637788333-518923065-1001Core.job [2012.11.02 23:09:45 | 000,890,783 | ---- | M] () -- C:\Users\*****\Desktop\kiseobbbb01.gif [2012.11.02 23:08:52 | 001,001,158 | ---- | M] () -- C:\Users\*****\Desktop\kiseobbbb02.gif [2012.11.02 23:08:31 | 008,789,073 | ---- | M] () -- C:\Users\*****\Desktop\kiseobbb.psd [2012.11.02 22:58:35 | 018,125,140 | ---- | M] () -- C:\Users\*****\Desktop\kiseobbbb.psd [2012.11.02 22:17:20 | 000,959,991 | ---- | M] () -- C:\Users\*****\Desktop\kiseob02.gif [2012.11.02 22:05:05 | 000,797,781 | ---- | M] () -- C:\Users\*****\Desktop\kiseob01.gif [2012.11.02 04:22:44 | 000,002,260 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk [2012.11.02 04:22:44 | 000,000,043 | ---- | M] () -- C:\END [2012.10.29 11:43:40 | 000,637,272 | ---- | M] (Kaspersky Lab) -- C:\windows\SysNative\drivers\klif.sys [2012.10.15 22:30:24 | 013,303,808 | ---- | M] () -- C:\Users\*****\Desktop\bg.sai [2012.10.15 19:23:49 | 000,062,106 | ---- | M] () -- C:\Users\*****\Desktop\Untitled-1.png [2012.10.14 22:31:52 | 000,042,289 | ---- | M] () -- C:\Users\*****\Desktop\lalalaalalalalalalalalala.PNG [2012.10.14 14:25:38 | 005,434,122 | ---- | M] () -- C:\Users\*****\Desktop\2012-09-13 16.15.png [2012.10.13 23:55:20 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll [2012.10.13 23:55:20 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll [2012.10.13 23:55:20 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe [2012.10.13 23:55:20 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe [2012.10.13 23:55:20 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe [2012.10.13 23:55:20 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll [2012.10.10 12:06:38 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2012.10.10 12:06:38 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2012.10.10 12:06:29 | 010,220,472 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe [2012.10.08 17:08:58 | 000,000,051 | ---- | M] () -- C:\Users\*****\.gtkrc-2.0 [2012.10.08 16:48:48 | 000,029,384 | ---- | M] () -- C:\Users\*****\AppData\Local\Temppenciltemp.png [2012.10.04 22:47:18 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys [6 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] [1 C:\Users\*****\Desktop\*.tmp files -> C:\Users\*****\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.02 23:09:45 | 000,890,783 | ---- | C] () -- C:\Users\*****\Desktop\kiseobbbb01.gif [2012.11.02 23:08:52 | 001,001,158 | ---- | C] () -- C:\Users\*****\Desktop\kiseobbbb02.gif [2012.11.02 22:57:28 | 018,125,140 | ---- | C] () -- C:\Users\*****\Desktop\kiseobbbb.psd [2012.11.02 22:17:19 | 000,959,991 | ---- | C] () -- C:\Users\*****\Desktop\kiseob02.gif [2012.11.02 22:16:18 | 008,789,073 | ---- | C] () -- C:\Users\*****\Desktop\kiseobbb.psd [2012.11.02 22:05:04 | 000,797,781 | ---- | C] () -- C:\Users\*****\Desktop\kiseob01.gif [2012.11.02 04:22:44 | 000,002,260 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk [2012.11.02 04:22:44 | 000,000,043 | ---- | C] () -- C:\END [2012.11.02 04:21:26 | 000,810,496 | ---- | C] () -- C:\windows\SysNative\xvidcore.dll [2012.11.02 04:21:26 | 000,183,808 | ---- | C] () -- C:\windows\SysNative\xvidvfw.dll [2012.11.02 04:21:26 | 000,080,896 | ---- | C] () -- C:\windows\SysNative\ff_vfw.dll [2012.11.02 04:20:22 | 000,389,120 | ---- | C] () -- C:\windows\SysWow64\actskn43.ocx [2012.11.02 04:20:22 | 000,389,120 | ---- | C] () -- C:\windows\SysNative\actskn43.ocx [2012.10.15 19:23:47 | 000,062,106 | ---- | C] () -- C:\Users\*****\Desktop\Untitled-1.png [2012.10.15 19:11:45 | 013,303,808 | ---- | C] () -- C:\Users\*****\Desktop\bg.sai [2012.10.14 22:31:52 | 000,042,289 | ---- | C] () -- C:\Users\*****\Desktop\lalalaalalalalalalalalala.PNG [2012.10.14 14:25:25 | 005,434,122 | ---- | C] () -- C:\Users\*****\Desktop\2012-09-13 16.15.png [2012.10.08 17:08:58 | 000,000,051 | ---- | C] () -- C:\Users\*****\.gtkrc-2.0 [2012.09.29 21:54:52 | 000,033,540 | ---- | C] () -- C:\windows\SysWow64\CoreFLACDecoder-uninstall.exe [2012.09.16 17:18:16 | 000,029,384 | ---- | C] () -- C:\Users\*****\AppData\Local\Temppenciltemp.png [2012.09.03 12:16:51 | 000,000,218 | ---- | C] () -- C:\Users\*****\AppData\Local\recently-used.xbel [2012.04.10 15:29:54 | 000,000,088 | RHS- | C] () -- C:\ProgramData\725FF4218E.sys [2012.04.10 15:29:53 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2012.01.31 00:15:42 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll [2012.01.31 00:15:42 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll [2012.01.31 00:15:42 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll [2012.01.31 00:15:42 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll [2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\windows\SysWow64\LogiDPP.dll [2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\windows\SysWow64\DevManagerCore.dll [2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\windows\SysWow64\LogiDPPApp.exe [2011.12.11 22:37:24 | 000,000,017 | ---- | C] () -- C:\windows\SysWow64\shortcut_ex.dat [2011.12.04 18:10:02 | 000,364,192 | ---- | C] () -- C:\windows\SysWow64\atwtusb.exe [2011.12.04 18:10:02 | 000,045,056 | ---- | C] () -- C:\windows\SysWow64\InstallService.exe [2011.12.04 18:10:01 | 001,969,824 | ---- | C] () -- C:\windows\SysWow64\WTMKM.exe [2011.12.04 18:10:00 | 000,180,224 | ---- | C] () -- C:\windows\SysWow64\ATWTINK.DLL [2011.12.04 18:10:00 | 000,102,048 | ---- | C] () -- C:\windows\RmTablet.exe [2011.12.04 18:10:00 | 000,013,951 | R--- | C] () -- C:\windows\SysWow64\Photoshop Elements.ini [2011.12.04 18:10:00 | 000,010,361 | R--- | C] () -- C:\windows\SysWow64\PhotoImpact XL SE.ini [2011.12.04 18:10:00 | 000,007,633 | R--- | C] () -- C:\windows\SysWow64\Vista.ini [2011.12.04 18:10:00 | 000,007,341 | R--- | C] () -- C:\windows\SysWow64\XP_2000.ini [2011.12.04 18:10:00 | 000,000,607 | R--- | C] () -- C:\windows\SysWow64\MKProfile.ini [2011.12.04 18:09:55 | 000,006,422 | ---- | C] () -- C:\windows\aiptbl.ini [2011.12.03 19:06:07 | 000,017,408 | ---- | C] () -- C:\Users\*****\AppData\Local\WebpageIcons.db [2011.12.03 18:49:19 | 001,499,556 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011.10.22 00:55:06 | 000,201,728 | ---- | C] () -- C:\windows\SetDrive.exe [2011.10.22 00:55:06 | 000,036,864 | ---- | C] () -- C:\windows\WinWait.exe [2011.10.22 00:01:43 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll [2011.07.15 03:44:54 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2011.06.11 07:45:16 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll [2011.02.12 20:35:47 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.04 22:14:16 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Autodesk [2012.06.26 13:40:26 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\.anki [2012.08.21 21:26:46 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ambient Design [2012.11.03 13:36:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Anvisoft [2012.10.11 16:15:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Audacity [2012.04.06 12:25:28 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Autodesk [2012.11.03 13:17:56 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\BitTorrent [2011.12.04 18:45:56 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Canon [2012.10.08 14:45:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DigiCel [2012.11.03 13:02:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GinyasBrowserCompanion [2012.07.07 12:17:48 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Leadertech [2012.07.05 13:42:10 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Maxthon3 [2012.07.05 13:35:12 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Octoshape [2012.03.03 23:02:31 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OpenCandy [2011.12.30 18:55:23 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OpenOffice.org [2012.01.20 06:37:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Origin [2011.12.02 21:07:23 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PhotoFiltre Studio X [2012.05.06 10:21:06 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PowerISO [2012.04.07 13:30:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Samsung [2011.12.30 21:07:26 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SoftGrid Client [2011.12.02 20:38:42 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SYSTEMAX Software Development [2012.04.07 13:52:10 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Temp [2011.12.03 18:49:49 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TP ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 171 bytes -> C:\ProgramData\Temp:F8B88761 < End of report > |
|
06.11.2012, 21:57
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Searchplusnetwork Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Zitat:
__________________ |
|
| Themen zu Searchplusnetwork |
| adblock, adobe, akamai, avg, avg secure search, avp.exe, bho, bonjour, document, downloader, error, firefox, flash player, format, google, home, kaspersky, lenovo, lws.exe, mp3, plug-in, realtek, registry, secure search, security, senden, software, stick, sweetpacks, tastatur, trojaner-board, usb, usb 3.0, virus, windows, youtube downloader |
Linear-Darstellung
