Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: "BKA" Virus oder Spyeye? Gibt es eine lösung?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.08.2011, 16:48   #1
Ssouls
 
"BKA" Virus oder Spyeye? Gibt es eine  lösung? - Standard

"BKA" Virus oder Spyeye? Gibt es eine lösung?



Hallo ich habe seid zwei tagen den ominösen BKA- Virus bei dem ein Fenster erscheint und man zum zahlen aufgefordert wird und der pc solange gesperrt bleibt.
Da ich gleich wusste das es sich um malware handelt, habe ich erstmal google bemüht um nach lösungen zu suchen.

Jedoch habe ich keine der genannten exe-dateien wie zb. "jasha" oder etwas in der registry entdeckt.

Ich konnte das erscheinen des BKA-Bildes unterbinden indem ich vor dem pc-start den Internetkontakt unterbunden habe.
Jetzt konnte ich wenigstens wieder auf den Task-manager zugreifen und habe einen prozess entdeckt der sich "systray. exe stub " nennt, mittlerweile weiß ich das es sich um einen virus handelt.

Ich habe versucht den prozess zu beenden und den kompletten temp-ordner indem sich die exe befindet gelöscht.

Bis ich festgestellt habe das sich nach circa 2 minuten die exe unter einem andere namen nochmal startet und wieder einen eintrag im "temp" anlegt.

weitere vorgehensmaßnahmen:

malwarebytes geupdated und installiert ---> ausgeführt

viele ergebnisse aber keine lösung des problems!
Das gleiche habe ich mit SpyBot Search & Destroy gemacht und CCleaner.

Alles ohne erfolg.

Ich bin eigentlich kein freund des einfachen format c schrittes deswegen versuche ich dieses immer anders zu lösen.

Ich hoffe das Ihr vielleicht noch irgendwelche Ideen habt wo sich dieser Virus
versteckt das er sich jedesmal ausführen kann.

mfg Ssouls

Alt 24.08.2011, 20:55   #2
Ssouls
 
"BKA" Virus oder Spyeye? Gibt es eine  lösung? - Standard

"BKA" Virus oder Spyeye? Gibt es eine lösung?



ich habe gerade die anderen threads hier gelesen und mir auch dieses "OTL" besorgt, aber ich wollte jetzt nicht irgendwelche scan/fixes einfügen.

Wie soll ich jetzt vorgehen?
was muss ich alles ausschalten bei diesem scan?

Update: ich habe es mithilfe der Kaspersky rescue disc geschafft das, dass
"BKA" nicht mehr erscheint, jedoch finde ich im Taskmanager immernoch die
"Systray. exe stub " welche mir immernoch sorgen bereitet....

bitte um Hilfe =(

Code:
ATTFilter
OTL logfile created on: 24.08.2011 21:08:15 - Run 1
OTL by OldTimer - Version 3.2.26.5     Folder = C:\Users\Ssouls\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,34 Gb Available Physical Memory | 79,21% Memory free
12,44 Gb Paging File | 10,63 Gb Available in Paging File | 85,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,19 Gb Total Space | 6,31 Gb Free Space | 8,08% Space Free | Partition Type: NTFS
Drive F: | 1005,98 Mb Total Space | 1005,95 Mb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive G: | 70,86 Gb Total Space | 4,16 Gb Free Space | 5,87% Space Free | Partition Type: NTFS
 
Computer Name: SSOULS-PC | User Name: Ssouls | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.08.24 20:48:44 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Ssouls\Desktop\OTL.exe
PRC - [2011.08.24 20:32:04 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Users\Ssouls\AppData\Local\Temp\7iAE53F.exe
PRC - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.07.06 11:21:10 | 002,341,288 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
PRC - [2011.07.06 11:20:48 | 002,384,296 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
PRC - [2011.07.06 11:20:24 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe
PRC - [2011.07.06 11:20:02 | 000,169,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2011.07.06 11:19:58 | 000,909,224 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2011.07.06 11:19:56 | 001,060,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2011.06.28 19:26:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 23:12:07 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.10 10:14:16 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.09.07 18:55:02 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009.10.12 11:46:34 | 000,087,336 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe
PRC - [2009.09.07 17:17:12 | 000,505,152 | ---- | M] (D-Link Corp.) -- C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe
PRC - [2009.02.05 13:43:26 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
PRC - [2008.01.21 04:48:50 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WerFault.exe
PRC - [2007.04.30 19:43:54 | 003,450,608 | ---- | M] (Stardock) -- C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
PRC - [2007.02.04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.01.30 03:41:12 | 004,254,560 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2009.08.06 16:15:10 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-547 revA\WlanDll.dll
MOD - [2009.07.06 14:11:34 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-547 revA\WlanWPS.dll
MOD - [2007.04.30 19:18:50 | 000,112,400 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\DockShellHook.dll
MOD - [2007.04.23 00:19:28 | 000,026,392 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\Docklets\Calendar\Calendar.dll
MOD - [2007.04.21 16:20:26 | 000,214,800 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\Docklets\Search\SearchDocklet.dll
MOD - [2007.04.21 13:47:52 | 000,059,592 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\zlib.dll
MOD - [2007.04.19 14:23:48 | 000,095,944 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\CrashRpt.dll
MOD - [2002.11.19 14:11:40 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Common Files\Stardock\ODImg.dll
MOD - [2002.03.13 19:46:32 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\ODImg.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.03.09 22:08:08 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.07.06 11:20:24 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe -- (SDHookService)
SRV - [2011.07.06 11:20:02 | 000,169,624 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe -- (SDWSCService)
SRV - [2011.07.06 11:19:58 | 000,909,224 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe -- (SDUpdateService)
SRV - [2011.07.06 11:19:56 | 001,060,272 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe -- (SDScannerService)
SRV - [2011.06.28 19:26:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 23:12:07 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.09.07 18:55:02 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.04.02 16:19:36 | 000,091,456 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010.03.09 22:09:42 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.10.12 11:46:34 | 000,087,336 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2009.06.29 22:21:52 | 003,110,016 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009.02.05 13:43:26 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2008.09.26 19:02:28 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\D-Link\DWA-547 revA\jswpsapi.exe -- (jswpsapi)
SRV - [2008.07.27 20:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.04.13 08:49:00 | 000,101,528 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.07.06 19:52:42 | 000,025,912 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.06.28 19:26:31 | 000,123,784 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.28 19:26:31 | 000,088,288 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.11.09 15:35:24 | 000,021,992 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010.10.26 18:32:50 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.04.01 14:44:06 | 000,026,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2010.02.06 10:35:05 | 000,021,832 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2010.01.25 19:57:54 | 000,010,240 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2009.10.27 13:10:18 | 000,030,208 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motmodem.sys -- (motmodem)
DRV:64bit: - [2009.07.29 19:12:00 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009.07.29 19:11:59 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.07.20 17:41:32 | 001,447,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2009.06.19 18:07:44 | 000,020,992 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motccgp.sys -- (motccgp)
DRV:64bit: - [2009.05.08 12:56:26 | 000,053,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motodrv.sys -- (MotDev)
DRV:64bit: - [2009.03.27 01:23:54 | 000,019,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)
DRV:64bit: - [2009.03.20 02:03:00 | 000,460,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2009.03.20 02:03:00 | 000,014,120 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2009.03.19 16:34:18 | 000,029,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.01.29 18:18:12 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2009.01.29 18:11:38 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2008.11.10 14:26:30 | 000,184,832 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008.10.21 10:22:44 | 000,145,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV:64bit: - [2008.10.21 10:22:44 | 000,128,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017obex.sys -- (s0017obex)
DRV:64bit: - [2008.10.21 10:22:44 | 000,034,856 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV:64bit: - [2008.10.21 10:22:42 | 000,152,616 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017mdm.sys -- (s0017mdm)
DRV:64bit: - [2008.10.21 10:22:42 | 000,133,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008.10.21 10:22:42 | 000,019,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017mdfl.sys -- (s0017mdfl)
DRV:64bit: - [2008.10.21 10:22:40 | 000,113,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV:64bit: - [2008.09.17 14:14:00 | 000,012,744 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)
DRV:64bit: - [2008.06.27 08:51:10 | 000,088,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008.05.15 03:28:52 | 000,026,624 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2008.01.21 04:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2007.11.02 16:52:02 | 000,008,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motswch.sys -- (MotoSwitchService)
DRV:64bit: - [2007.11.02 14:22:30 | 000,138,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s217unic.sys -- (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM)
DRV:64bit: - [2007.11.02 14:22:30 | 000,124,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s217obex.sys -- (s217obex)
DRV:64bit: - [2007.11.02 14:22:28 | 000,108,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s217bus.sys -- (s217bus) Sony Ericsson Device 217 driver (WDM)
DRV:64bit: - [2006.10.07 04:13:22 | 000,550,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
DRV - [2011.08.24 20:31:45 | 000,023,080 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011.07.06 11:20:14 | 000,048,888 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys -- (SDHookDriver)
DRV - [2010.12.18 13:03:58 | 000,025,280 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2009.09.17 18:40:11 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2008.08.14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2005.01.01 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 52 4C 2C 52 35 F5 CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.6&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Ssouls\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1002170-0-npoctoshape.dll (Octoshape ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\program files (x86)\Mozilla Firefox\components [2011.08.18 15:23:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\program files (x86)\Mozilla Firefox\plugins [2011.07.11 13:53:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.12\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.19 17:08:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2009.12.30 11:08:55 | 000,000,000 | ---D | M]
 
[2011.03.28 15:37:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ssouls\AppData\Roaming\mozilla\Extensions
[2011.03.28 15:37:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ssouls\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.08.16 09:24:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ssouls\AppData\Roaming\mozilla\Firefox\Profiles\7tnpvp76.default\extensions
[2010.04.28 18:48:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ssouls\AppData\Roaming\mozilla\Firefox\Profiles\7tnpvp76.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.04 19:19:13 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\Ssouls\AppData\Roaming\mozilla\Firefox\Profiles\7tnpvp76.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2011.06.28 14:11:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ssouls\AppData\Roaming\mozilla\Firefox\Profiles\7tnpvp76.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}-trash
[2010.05.26 20:27:44 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Ssouls\AppData\Roaming\mozilla\Firefox\Profiles\7tnpvp76.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.07.02 10:45:31 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ssouls\AppData\Roaming\mozilla\Firefox\Profiles\7tnpvp76.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.01.23 16:48:20 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Ssouls\AppData\Roaming\mozilla\Firefox\Profiles\7tnpvp76.default\extensions\engine@conduit.com
[2011.06.21 11:30:32 | 000,002,342 | ---- | M] () -- C:\Users\Ssouls\AppData\Roaming\Mozilla\Firefox\Profiles\7tnpvp76.default\searchplugins\icq-search.xml
[2011.07.11 13:53:05 | 000,000,950 | ---- | M] () -- C:\Users\Ssouls\AppData\Roaming\Mozilla\Firefox\Profiles\7tnpvp76.default\searchplugins\icqplugin.xml
[2011.07.24 01:48:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.04.17 22:51:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.26 07:48:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.22 13:02:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.25 00:02:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.23 18:14:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.24 01:48:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- 
[2011.08.18 15:23:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.07.11 13:53:51 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.07.11 13:53:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.07.11 13:53:51 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.07.11 13:53:51 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.07.11 13:53:51 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.07.11 13:53:51 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.04.03 14:24:28 | 000,381,363 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 	static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1 	ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 	onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1 	orbitservice.ubi.com
O1 - Hosts: 127.0.0.1 	ubisoft-orbit-savegames.s3.amazonaws.com
O1 - Hosts: 127.0.0.1	gosredirector.ea.com
O1 - Hosts: 127.0.0.1	blazeserver.blazeemu.org
O1 - Hosts: 127.0.0.1	gosgvaprod-qos01.ea.com
O1 - Hosts: 127.0.0.1	gosiadprod-qos01.ea.com
O1 - Hosts: 127.0.0.1	gossjcprod-qos01.ea.com
O1 - Hosts: 127.0.0.1	demangler.ea.com
O1 - Hosts: 127.0.0.1	vmp.tools.gos.ea.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 13132 more lines...
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [4Y3Y0C3AYUZY9G7HH] C:\SystemSrv\0E4736D0AA8.exe (Underground InformatioN Center)
O4 - Startup: C:\Users\Ssouls\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Ssouls\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Ssouls\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - SDWinLogon.dll -  File not found
O24 - Desktop WallPaper: C:\Users\Ssouls\Pictures\golden_hues-1680x1050.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ssouls\Pictures\golden_hues-1680x1050.jpg
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{418bb2cc-7ade-11de-b770-00040ec9efc8}\Shell - "" = AutoRun
O33 - MountPoints2\{418bb2cc-7ade-11de-b770-00040ec9efc8}\Shell\AutoRun\command - "" = H:\SETUP.EXE
O33 - MountPoints2\{7711fc9d-7ab8-11de-992c-00241d83c100}\Shell - "" = AutoRun
O33 - MountPoints2\{7711fc9d-7ab8-11de-992c-00241d83c100}\Shell\AutoRun\command - "" = E:\pushinst.exe
O33 - MountPoints2\{d8b59723-e11e-11df-b426-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d8b59723-e11e-11df-b426-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup\rsrc\Autorun.exe
O33 - MountPoints2\{d8b59723-e11e-11df-b426-806e6f6e6963}\Shell\dinstall\command - "" = E:\Directx\dxsetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5827050D-14D4-EDBE-A896-39AF09D58509} - Microsoft Windows Media Player
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {A5A68853-AE80-F48C-3993-9ABDF4AFA567} - Internet Explorer
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: mumservice - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2080.01.15 07:30:11 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2080.01.15 07:26:15 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2080.01.15 07:23:39 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2080.01.15 07:22:50 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2080.01.15 07:22:38 | 000,000,000 | -HSD | C] -- C:\Boot
[2080.01.15 07:16:30 | 000,000,000 | ---D | C] -- C:\Windows.old
[2080.01.15 07:14:54 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011.08.24 20:47:18 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Ssouls\Desktop\OTL.exe
[2011.08.24 20:26:28 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2011.08.24 15:24:33 | 000,000,000 | ---D | C] -- C:\Users\Ssouls\Desktop\Backup thunderbird
[2011.08.24 15:23:16 | 000,000,000 | ---D | C] -- C:\Users\Ssouls\Desktop\Backup firefox
[2011.08.24 15:22:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
[2011.08.24 15:22:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MozBackup
[2011.08.24 15:18:34 | 000,000,000 | ---D | C] -- C:\Users\Ssouls\Desktop\Documents\MozBackup-1.5.1-SK
[2011.08.24 15:15:14 | 000,000,000 | ---D | C] -- C:\Users\Ssouls\Desktop\Thunderbird
[2011.08.24 15:06:39 | 000,000,000 | ---D | C] -- C:\Users\Ssouls\Desktop\download
[2011.08.24 14:59:33 | 000,000,000 | ---D | C] -- C:\Users\Ssouls\Desktop\Dokument
[2011.08.24 14:59:19 | 000,000,000 | R--D | C] -- C:\Users\Ssouls\Desktop\Documents
[2011.08.24 14:56:35 | 000,000,000 | ---D | C] -- C:\Users\Ssouls\Desktop\Musik1
[2011.08.24 14:37:58 | 000,000,000 | ---D | C] -- C:\Users\Ssouls\AppData\Local\Temp
[2011.08.24 14:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.08.24 14:13:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2011.08.24 14:13:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2011.08.24 11:50:48 | 000,000,000 | ---D | C] -- C:\Users\Ssouls\AppData\Roaming\Malwarebytes
[2011.08.24 11:50:44 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.08.24 11:50:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.24 11:50:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.24 11:50:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.08.18 18:16:28 | 000,000,000 | ---D | C] -- C:\Users\Ssouls\Desktop\SC2 Replays
[2011.08.16 19:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011.08.16 19:58:44 | 000,000,000 | ---D | C] -- C:\Users\Ssouls\AppData\Roaming\FileZilla
[2011.08.16 19:58:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2011.08.15 14:50:12 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2011.08.15 14:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2011.08.15 14:50:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2011.08.15 14:43:02 | 000,000,000 | ---D | C] -- C:\Users\Ssouls\Desktop\junkof
[2011.08.15 10:37:28 | 000,000,000 | ---D | C] -- C:\Users\Ssouls\Desktop\Bookcopy
[2011.08.10 08:04:28 | 000,000,000 | ---D | C] -- C:\Users\Ssouls\Desktop\Dateiordner_Allgemeiner_Dateiordner
[2011.07.28 22:38:24 | 000,000,000 | ---D | C] -- C:\Users\Ssouls\AppData\Local\WDTVMovieDBGenerator
[2011.07.28 22:36:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WDTV MSG 1.7.0
[2011.07.28 01:00:19 | 000,000,000 | ---D | C] -- C:\Users\Ssouls\Desktop\WDTV MSG 1.7.0
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2080.01.15 07:27:23 | 000,060,826 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2080.01.15 07:22:39 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011.08.24 20:48:44 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Ssouls\Desktop\OTL.exe
[2011.08.24 20:46:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.24 20:33:23 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2011.08.24 20:32:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.24 20:31:59 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2011.08.24 20:31:59 | 000,000,308 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011.08.24 20:31:27 | 000,004,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.24 20:31:27 | 000,004,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.24 20:31:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.24 20:31:19 | 4293,386,239 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.24 16:30:11 | 000,805,088 | ---- | M] () -- C:\Users\Ssouls\Desktop\Documents\cc_20110824_162944.reg
[2011.08.24 15:22:47 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2011.08.24 14:13:53 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2011.08.24 11:50:44 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.22 11:11:15 | 611,900,369 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.08.19 16:27:11 | 000,049,955 | ---- | M] () -- C:\Users\Ssouls\Desktop\WiWi_WS_11-1218.8.pdf
[2011.08.17 13:32:39 | 000,152,064 | ---- | M] () -- C:\Users\Ssouls\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.16 21:59:13 | 000,000,953 | ---- | M] () -- C:\Users\Ssouls\Desktop\FileZilla.lnk
[2011.08.16 21:37:56 | 000,014,711 | ---- | M] () -- C:\Users\Ssouls\Desktop\S00custom-options
[2011.08.16 21:07:12 | 001,448,226 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.08.16 21:07:12 | 000,633,360 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.08.16 21:07:12 | 000,591,476 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.08.16 21:07:12 | 000,127,364 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.08.16 21:07:12 | 000,105,356 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.08.16 20:37:07 | 000,065,536 | ---- | M] () -- C:\Users\Ssouls\Desktop\wdtvhack.app.bin
[2011.08.16 19:54:22 | 004,076,719 | ---- | M] () -- C:\Users\Ssouls\Desktop\FileZilla_3.2.7.1_win32-setup.exe
[2011.08.15 14:59:01 | 095,972,434 | ---- | M] () -- C:\Users\Ssouls\Desktop\OL_Oh Land.zip
[2011.08.15 14:41:15 | 007,048,102 | ---- | M] () -- C:\Users\Ssouls\Desktop\junkof.zip
[2011.08.11 16:43:06 | 054,052,268 | ---- | M] () -- C:\Users\Ssouls\Desktop\wdtvlive_1.06.15_V.zip
[2011.08.11 15:40:33 | 000,507,782 | ---- | M] () -- C:\Users\Ssouls\Desktop\UmweltökonomieÜbung.pdf
[2011.08.10 08:42:53 | 004,089,761 | ---- | M] () -- C:\Users\Ssouls\Desktop\Umwelökonomie - Kopie.pdf
[2011.08.10 07:34:50 | 000,000,104 | ---- | M] () -- C:\Users\Ssouls\Desktop\Internet - Verknüpfung.lnk
[2011.08.09 11:13:25 | 000,123,488 | ---- | M] () -- C:\Users\Ssouls\Desktop\3118_mouzMaNa_ESCGoOdy.SC2replay
[2011.08.08 20:31:10 | 000,000,680 | ---- | M] () -- C:\Users\Ssouls\AppData\Local\d3d9caps.dat
[2011.07.28 22:37:02 | 000,002,517 | ---- | M] () -- C:\Users\Ssouls\Desktop\WDTV MSG 1.7.0.lnk
[2011.07.28 00:59:36 | 019,982,692 | ---- | M] () -- C:\Users\Ssouls\Desktop\WDTV MSG 1.7.0.zip
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2080.01.15 07:27:05 | 000,000,604 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk
[2080.01.15 07:22:39 | 000,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK
[2080.01.15 07:22:38 | 000,333,203 | RHS- | C] () -- C:\bootmgr
[2011.08.24 16:29:48 | 000,805,088 | ---- | C] () -- C:\Users\Ssouls\Desktop\Documents\cc_20110824_162944.reg
[2011.08.24 15:22:47 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2011.08.24 14:14:04 | 000,000,316 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2011.08.24 14:14:04 | 000,000,308 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011.08.24 14:13:59 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2011.08.24 14:13:53 | 000,002,024 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2011.08.24 14:13:53 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2011.08.24 14:13:50 | 000,017,272 | ---- | C] () -- C:\Windows\SysNative\sdnclean64.exe
[2011.08.24 11:50:44 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.24 11:50:40 | 000,025,912 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2011.08.19 16:27:11 | 000,049,955 | ---- | C] () -- C:\Users\Ssouls\Desktop\WiWi_WS_11-1218.8.pdf
[2011.08.16 21:59:13 | 000,000,953 | ---- | C] () -- C:\Users\Ssouls\Desktop\FileZilla.lnk
[2011.08.16 20:37:07 | 000,065,536 | ---- | C] () -- C:\Users\Ssouls\Desktop\wdtvhack.app.bin
[2011.08.16 19:54:14 | 004,076,719 | ---- | C] () -- C:\Users\Ssouls\Desktop\FileZilla_3.2.7.1_win32-setup.exe
[2011.08.15 14:48:18 | 095,972,434 | ---- | C] () -- C:\Users\Ssouls\Desktop\OL_Oh Land.zip
[2011.08.15 14:40:32 | 007,048,102 | ---- | C] () -- C:\Users\Ssouls\Desktop\junkof.zip
[2011.08.11 16:42:07 | 054,052,268 | ---- | C] () -- C:\Users\Ssouls\Desktop\wdtvlive_1.06.15_V.zip
[2011.08.11 15:44:46 | 000,014,711 | ---- | C] () -- C:\Users\Ssouls\Desktop\S00custom-options
[2011.08.11 15:40:33 | 000,507,782 | ---- | C] () -- C:\Users\Ssouls\Desktop\UmweltökonomieÜbung.pdf
[2011.08.11 15:35:57 | 004,089,761 | ---- | C] () -- C:\Users\Ssouls\Desktop\Umwelökonomie - Kopie.pdf
[2011.08.10 21:10:50 | 000,274,432 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2011.08.10 07:34:50 | 000,000,104 | ---- | C] () -- C:\Users\Ssouls\Desktop\Internet - Verknüpfung.lnk
[2011.08.09 11:13:23 | 000,123,488 | ---- | C] () -- C:\Users\Ssouls\Desktop\3118_mouzMaNa_ESCGoOdy.SC2replay
[2011.07.28 22:36:53 | 000,002,517 | ---- | C] () -- C:\Users\Ssouls\Desktop\WDTV MSG 1.7.0.lnk
[2011.07.28 00:58:38 | 019,982,692 | ---- | C] () -- C:\Users\Ssouls\Desktop\WDTV MSG 1.7.0.zip
[2010.11.18 10:47:07 | 000,000,004 | ---- | C] () -- C:\Users\Ssouls\AppData\Roaming\steam_md4.dat
[2010.11.08 22:53:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.03.25 18:48:28 | 000,214,720 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.03.25 18:48:26 | 002,373,712 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.03.25 18:48:26 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.02.22 18:28:51 | 000,000,588 | ---- | C] () -- C:\ProgramData\mw2mmgr.inc
[2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.08.11 20:41:21 | 000,000,680 | ---- | C] () -- C:\Users\Ssouls\AppData\Local\d3d9caps.dat
[2009.08.06 13:47:33 | 000,000,424 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009.07.28 13:41:09 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.07.28 13:41:09 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009.07.28 12:47:02 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.07.27 16:38:05 | 000,152,064 | ---- | C] () -- C:\Users\Ssouls\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.27 16:12:12 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009.07.27 16:05:21 | 000,001,460 | ---- | C] () -- C:\Users\Ssouls\AppData\Local\d3d9caps64.dat
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008.01.21 04:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007.06.21 08:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2004.03.24 09:24:46 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\frapsvid.dll
 
========== LOP Check ==========
 
[2010.02.17 15:45:50 | 000,000,000 | ---D | M] -- C:\Users\Ssouls\AppData\Roaming\Bioshock2
[2010.05.03 16:56:17 | 000,000,000 | ---D | M] -- C:\Users\Ssouls\AppData\Roaming\Bump Technologies, Inc
[2009.12.27 15:46:47 | 000,000,000 | ---D | M] -- C:\Users\Ssouls\AppData\Roaming\Canon
[2010.03.22 17:24:43 | 000,000,000 | ---D | M] -- C:\Users\Ssouls\AppData\Roaming\Command and Conquer 4
[2009.07.27 20:55:33 | 000,000,000 | ---D | M] -- C:\Users\Ssouls\AppData\Roaming\DAEMON Tools Lite
[2010.10.26 18:37:07 | 000,000,000 | ---D | M] -- C:\Users\Ssouls\AppData\Roaming\DAEMON Tools Pro
[2011.01.24 17:04:59 | 000,000,000 | ---D | M] -- C:\Users\Ssouls\AppData\Roaming\Dropbox
[2011.04.10 12:37:32 | 000,000,000 | ---D | M] -- C:\Users\Ssouls\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.08.31 16:54:18 | 000,000,000 | ---D | M] -- C:\Users\Ssouls\AppData\Roaming\DWA-547A1E
[2011.08.22 09:18:51 | 000,000,000 | ---D | M] -- C:\Users\Ssouls\AppData\Roaming\FileZilla
[2011.01.22 15:01:11 | 000,000,000 | ---D | M] -- C:\Users\Ssouls\AppData\Roaming\FKMonitor
[2009.08.23 10:47:10 | 000,000,000 | ---D | M] -- C:\Users\Ssouls\AppData\Roaming\GetRightToGo
[2011.04.13 20:27:50 | 000,000,000 | ---D | M] -- C:\Users\Ssouls\AppData\Roaming\ICQ
[2010.10.21 13:32:31 | 000,000,000 | ---D | M] -- C:\Users\Ssouls\AppData\Roaming\Intermedia Software
[2009.08.15 12:02:24 | 000,000,000 | ---D | M] -- C:\Users\Ssouls\AppData\Roaming\IrfanView
[2011.07.03 14:37:16 | 000,000,000 | ---D | M] -- C:\Users\Ssouls\AppData\Roaming\Leadertech
[2010.12.13 10:20:58 | 000,000,000 | ---D | M] -- C:\Users\Ssouls\AppData\Roaming\morty productions
[2010.01.27 15:07:33 | 000,000,000 | ---D | M] -- C:\Users\Ssouls\AppData\Roaming\motorola
[2010.01.29 13:59:56 | 000,000,000 | ---D | M] -- C:\Users\Ssouls\AppData\Roaming\MyPhoneExplorer
[2010.09.21 18:32:57 | 000,000,000 | ---D | M] -- C:\Users\Ssouls\AppData\Roaming\Octoshape
[2009.12.27 15:42:34 | 000,000,000 | ---D | M] -- C:\Users\Ssouls\AppData\Roaming\OpenOffice.org
[2011.05.27 14:21:37 | 000,000,000 | ---D | M] -- C:\Users\Ssouls\AppData\Roaming\RIFT
[2010.08.25 07:21:15 | 000,000,000 | ---D | M] -- C:\Users\Ssouls\AppData\Roaming\runic games
[2009.08.06 13:47:25 | 000,000,000 | ---D | M] -- C:\Users\Ssouls\AppData\Roaming\ScanSoft
[2011.02.10 15:01:53 | 000,000,000 | ---D | M] -- C:\Users\Ssouls\AppData\Roaming\ThumbGen
[2011.03.28 15:37:08 | 000,000,000 | ---D | M] -- C:\Users\Ssouls\AppData\Roaming\Thunderbird
[2011.03.11 16:22:36 | 000,000,000 | ---D | M] -- C:\Users\Ssouls\AppData\Roaming\TS3Client
[2010.03.11 17:32:06 | 000,000,000 | ---D | M] -- C:\Users\Ssouls\AppData\Roaming\Ubisoft
[2011.07.20 09:05:13 | 000,000,000 | ---D | M] -- C:\Users\Ssouls\AppData\Roaming\uTorrent
[2011.08.24 20:33:23 | 000,000,324 | ---- | M] () -- C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
[2011.08.24 20:31:59 | 000,000,308 | ---- | M] () -- C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011.08.24 20:31:59 | 000,000,316 | ---- | M] () -- C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
[2011.08.24 16:50:58 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009.07.27 16:05:37 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2080.01.15 07:22:38 | 000,000,000 | -HSD | M] -- C:\Boot
[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.07.27 16:03:46 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.08.30 18:12:26 | 000,000,000 | ---D | M] -- C:\Fraps
[2011.08.24 22:30:11 | 000,000,000 | ---D | M] -- C:\Kaspersky Rescue Disk 10.0
[2011.01.24 12:26:51 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.07.21 09:48:43 | 000,000,000 | ---D | M] -- C:\MyAc 1.6.2.4
[2011.03.23 12:19:51 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2008.01.21 05:04:13 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.03.23 11:16:53 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.08.24 15:22:47 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.08.24 14:13:57 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.07.27 16:03:46 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.08.24 21:09:14 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.08.19 14:37:29 | 000,000,000 | -H-D | M] -- C:\SystemSrv
[2010.05.16 19:20:28 | 000,000,000 | ---D | M] -- C:\Temp
[2011.01.22 15:23:57 | 000,000,000 | R--D | M] -- C:\Users
[2011.08.22 11:11:15 | 000,000,000 | ---D | M] -- C:\Windows
[2080.01.15 07:16:30 | 000,000,000 | ---D | M] -- C:\Windows.old
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2011.07.06 11:21:10 | 002,341,288 | ---- | M] (Safer-Networking Ltd.) MD5=29CDB9AA9FC6FA066122EF6140CA8A20 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\SysWOW64\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008.10.29 08:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2008.10.28 04:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008.10.29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\explorer.exe
[2008.10.29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2008.10.30 07:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008.01.21 04:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008.01.21 04:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 04:49:53 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 04:50:29 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\SysWOW64\regedit.exe
[2008.01.21 04:50:29 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_5aa1fb3ac896d9c8\regedit.exe
[2008.01.21 04:49:53 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_504d50e8943617cd\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] () MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] () MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008.01.21 04:49:47 | 000,406,016 | ---- | M] () MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\SysNative\winlogon.exe
[2008.01.21 04:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2008.01.21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SysWOW64\winlogon.exe
[2008.01.21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2011.05.17 16:02:04 | 001,421,312 | ---- | M] ([RTsK] Team) MD5=E4DB6BBD98252A921EAABDD1714088C6 -- C:\Windows\SysWOW64\hls\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0

< End of report >
         
__________________


Geändert von Ssouls (24.08.2011 um 21:29 Uhr)

Antwort

Themen zu "BKA" Virus oder Spyeye? Gibt es eine lösung?
beenden, entdeck, ergebnisse, exe-dateien, fenster, festgestellt, format, freund, gesperrt, google, installiert, kontakt, lösung, malware, namen, nennt, prozess, registry, search, spybot, startet, suche, task-manager, unterbinden, virus, zahlen



Ähnliche Themen: "BKA" Virus oder Spyeye? Gibt es eine lösung?


  1. Trojaner/Virus "Polizei Warnung" auf meinem Smartphone + Lösung
    Smartphone, Tablet & Handy Security - 10.05.2017 (3)
  2. Link Klick öffnet zunächst eine Link Fremde Seite " Casino Werbung " " Siele Werbung " "Erotik Seiten " oder ähnliches!
    Plagegeister aller Art und deren Bekämpfung - 26.08.2015 (17)
  3. Ständiger Hinweis "Avast! Web-Schutz hat eine schädliche Website oder Datei blockiert"
    Plagegeister aller Art und deren Bekämpfung - 30.07.2015 (7)
  4. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  5. Gibt es eine Art "Bildschirmauflösungsbug"?
    Alles rund um Windows - 12.11.2014 (9)
  6. Ständiger Hinweis "Avast! Web-Schutz hat eine schädliche Website oder Datei blockiert"
    Plagegeister aller Art und deren Bekämpfung - 30.08.2014 (7)
  7. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  8. Gibt es einen Schutz vor "Malware Defense", "Antivirus 2010pro" und Co?
    Antiviren-, Firewall- und andere Schutzprogramme - 30.12.2012 (25)
  9. "Falsche" E-Mail von Freund mit Link ins Netz -> Virus oder nur "Werbung"?
    Log-Analyse und Auswertung - 30.07.2012 (1)
  10. Neuinstallation nach Virus "Spyeye"
    Log-Analyse und Auswertung - 27.06.2011 (8)
  11. Systembereinigung korrekt durchgeführt nach Malware "spyeye"?
    Plagegeister aller Art und deren Bekämpfung - 01.03.2011 (3)
  12. Virus oder Wurm " Perflib_Perfdata_1cc " & " Perflib_Perfdata_228 "
    Log-Analyse und Auswertung - 23.08.2010 (23)
  13. "Windows Security Center" gibt ständig Virus/Trojaner Warnungen heraus
    Plagegeister aller Art und deren Bekämpfung - 14.01.2010 (47)
  14. Gibt es jetzt schon eine Lösung für das Fauxvirusproblem ?
    Plagegeister aller Art und deren Bekämpfung - 30.12.2008 (1)
  15. internet spinnt. ie gibt immer meldung wegen "virus attack" --- need help
    Log-Analyse und Auswertung - 27.05.2008 (1)
  16. Gibt es eine Art "Doppelstecker"?
    Netzwerk und Hardware - 04.02.2005 (13)
  17. Wo gibt es eine Bauanleitung für einen "Koffer-PC" ?
    Netzwerk und Hardware - 03.05.2003 (3)

Zum Thema "BKA" Virus oder Spyeye? Gibt es eine lösung? - Hallo ich habe seid zwei tagen den ominösen BKA- Virus bei dem ein Fenster erscheint und man zum zahlen aufgefordert wird und der pc solange gesperrt bleibt. Da ich gleich - "BKA" Virus oder Spyeye? Gibt es eine lösung?...
Archiv
Du betrachtest: "BKA" Virus oder Spyeye? Gibt es eine lösung? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.