Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Yahoo- & PayPal-Account gehackt - Trojaner?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 24.01.2012, 21:44   #1
atheos
 
Yahoo- & PayPal-Account gehackt - Trojaner? - Standard

Yahoo- & PayPal-Account gehackt - Trojaner?



Hallo zusammen,

ich hoffe ich poste im richtigen Forum, falls nicht bitte darauf hinweisen bzw. den Thread verschieben.

Meine Email-Adresse bei Yahoo wurde letzte Woche von einem Hacker übernommen. Dieser verwendete die Daten um sich Zugang zu meinem PayPal Account zu verschaffen (ich hatte dummerweise das gleiche Passwort für Yahoo & PP) und kaufte damit einen Code zum aufladen von Handy-Prepaid Karten.

Durch die von mir eingerichtete automatische Weiterleitung an eine andere Email-Adresse hat er den Code (der direkt nach Bezahlung per Email verschickt wurde) wohl nicht erhalten und kurz darauf eine Email in meinem Namen an den Prepaid-Anbieter gesendet und den Code erneut angefordert. Zum Beweis der PayPal-Transaktion hat er einen Screenshot mitgeschickt (s.u.). (Diese Mail habe ich im "Gesendet" Ordner bei Yahoo gefunden.)
Da der Täter die Passwörter bei Yahoo und PayPal nicht geändert hat und ich das ganze relativ schnell bemerkt habe, konnte ich mich einloggen und die Passwörter ändern.

Ich hatte ein 10-stelliges Passwort (nur Kleinschreibung, mit Zahlen) verwendet. Ich kann mir nur schwer vorstellen, dass der Täter (der offensichtlich kein Profi ist) das Passwort durch Brute-Force geknackt hat.
Ich bin mir ziemlich sicher, dass ich nicht auf Phishing Mails hereingefallen bin, ich bin bei sowas ziemlich aufmerksam.

Ich habe das System mit Avira AntiVir scannen lassen und nun auch die in diesem Forum (hier) empfohlenen Schritte befolgt (Logs s.u.).
GMer konnte ich bisher leider nicht vollständig durchlaufen lassen, weil der Scan mehrere Stunden dauert und ich den Rechner zum arbeiten brauche.
Malwarebytes hat wohl was gefunden, aber ich glaube die Dateien waren schon länger auf dem Rechner und nicht "aktiv".

Könnt ihr mir mit diesen Infos sagen, ob ich Malware auf dem Rechner habe und wie der Täter an mein Passwort gekommen ist?

Anbei der (von mir) anonymisierte Screenshot, den der Täter als Beweis für seine PP-Transaktion geschickt hat.

hxxp://www.abload.de/image.php?img=screen_anonym9wk06.jpg

Erlaubt dieser Screenshot irgendwelche Rückschlüsse auf die Identität des Täters? Für welche Programme stehen die beiden Symbole im Statusbereich neben der Windows-Uhr (die übrigens völlig falsch geht)?
Ich habe den Fall bei PayPal gemeldet und das Geld zurück bekommen.

Jetzt geht es mir hauptsächlich darum zu verhindern, dass ich noch Malware auf dem Rechner habe und sowas nochmal passieren kann.

Vielen Dank schon im Voraus für eure Hilfe!

OTL.txt:
Code:
ATTFilter
OTL logfile created on: 18.01.2012 10:30:46 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\***\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 66,13% Memory free
5,99 Gb Paging File | 4,69 Gb Available in Paging File | 78,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,08 Gb Total Space | 20,32 Gb Free Space | 14,10% Space Free | Partition Type: NTFS
Drive G: | 144,00 Gb Total Space | 4,38 Gb Free Space | 3,04% Space Free | Partition Type: NTFS
 
Computer Name: ***-SAMSUNG | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.18 10:28:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
PRC - [2011.12.14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2011.12.13 17:42:08 | 000,922,976 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011.07.26 18:39:11 | 001,496,528 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files\TrueCrypt\TrueCrypt.exe
PRC - [2011.06.28 17:34:42 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.06.06 20:55:32 | 002,903,448 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011.05.25 21:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.04.27 17:05:17 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.28 11:02:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.09.06 01:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.12.09 14:25:16 | 000,615,720 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2009.09.03 18:30:50 | 000,603,904 | ---- | M] (TuneUp Software GmbH) -- C:\Windows\System32\TUProgSt.exe
PRC - [2009.09.03 17:18:21 | 000,786,952 | ---- | M] (Pegtop Software) -- C:\Program Files\Pegtop\PStart\PStart.exe
PRC - [2009.05.26 17:11:52 | 000,206,848 | ---- | M] (iZ3D Inc.) -- C:\Program Files\iZ3D Driver\Win32\S3DCService.exe
PRC - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2008.05.22 16:33:54 | 000,688,128 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2008.05.21 15:44:30 | 000,299,008 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\MagicKBD\PerformanceManager.exe
PRC - [2008.05.20 19:02:08 | 000,372,736 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Program Files\Samsung\MagicKBD\MagicKBD.exe
PRC - [2006.04.18 03:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.10 07:20:10 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dd759df05fad8dc6d3404e8e02b40819\Microsoft.VisualBasic.ni.dll
MOD - [2011.10.14 08:30:50 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011.10.14 08:30:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011.10.14 08:30:44 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011.10.14 08:30:33 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.06.06 20:55:40 | 000,019,968 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\AcroTray.DEU
MOD - [2010.01.30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2006.08.12 11:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
MOD - [2005.07.12 15:34:22 | 000,045,056 | ---- | M] () -- C:\Program Files\Samsung\MagicKBD\EasyBoxDll.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.12.14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011.06.28 17:34:42 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 17:05:17 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.02.02 10:59:18 | 002,413,704 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2010.09.06 01:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010.08.15 11:29:32 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.03.25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009.12.30 19:34:04 | 000,321,320 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.12.09 14:25:16 | 000,615,720 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2009.09.03 18:30:50 | 000,603,904 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009.09.03 18:30:36 | 000,362,752 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.05.26 17:11:52 | 000,206,848 | ---- | M] (iZ3D Inc.) [Auto | Running] -- C:\Program Files\iZ3D Driver\Win32\S3DCService.exe -- (S3D Service (Win32)) S3D Service (Win32)
SRV - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008.11.07 10:37:38 | 000,027,904 | ---- | M] (TuneUp Software GmbH) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2007.11.08 00:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006.04.18 03:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.11.04 13:42:02 | 000,158,512 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2011.11.04 13:42:02 | 000,116,016 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2011.11.04 13:42:02 | 000,104,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2011.11.04 13:42:02 | 000,091,440 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2011.07.26 18:39:11 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2011.06.28 17:34:42 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.28 17:34:42 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\WinUSB.SYS -- (WINUSB)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.02.25 16:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010.01.13 15:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2009.12.09 14:10:40 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2009.11.21 03:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.11.12 05:14:28 | 000,066,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.10.17 19:26:22 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.09.28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.09.03 17:38:23 | 000,722,416 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.09.03 16:59:14 | 000,004,300 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\MEMIO.SYS -- (DOSMEMIO)
DRV - [2009.07.14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.29 15:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)
DRV - [2009.04.24 22:38:46 | 000,034,968 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\iZ3D Driver\Win32\S3DInjectionDriver.sys -- (iZ3DInjectionDriver)
DRV - [2009.03.29 16:44:56 | 000,014,976 | ---- | M] (GBM Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GRemoteBus.sys -- (GRemoteBus)
DRV - [2009.03.29 16:44:46 | 000,030,720 | ---- | M] (GBM Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GRemoteJoy.sys -- (GRemoteJoy)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.01.09 10:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2007.03.23 02:00:14 | 000,030,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\XPVCOM.sys -- (xpvcom)
DRV - [2006.11.30 14:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.14 08:11:54 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2003.12.22 14:42:30 | 000,008,825 | ---- | M] (Ing. Igor Cesko Company, Slovakia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IgorPlug.sys -- (IgorPlug)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 05 98 EC C5 6E D0 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {76C80A11-FAD4-406c-8246-F5ED4F9367B5}:0.1.7
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {636fd8b0-ce2b-4e00-b812-2afbe77ee899}:1.4.5
FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.12.21.1
FF - prefs.js..extensions.enabledItems: {f13b157f-b174-47e7-a34d-4815ddfdfeb8}:0.9.88.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.1.1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: forcetls@sid.stamm:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: vtzilla@virustotal.com:1.0
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.07.19 16:28:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.05.18 21:53:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.10 18:34:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.19 16:28:12 | 000,000,000 | ---D | M]
 
[2010.09.28 13:23:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions
[2010.09.28 13:23:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.01.18 09:32:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\s9ssfwdu.default\extensions
[2012.01.05 10:01:11 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\s9ssfwdu.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010.02.19 22:46:31 | 000,000,000 | ---D | M] (XPather) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\s9ssfwdu.default\extensions\{636fd8b0-ce2b-4e00-b812-2afbe77ee899}
[2010.02.07 18:24:56 | 000,000,000 | ---D | M] (Copy Links) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\s9ssfwdu.default\extensions\{76C80A11-FAD4-406c-8246-F5ED4F9367B5}
[2011.11.25 07:46:51 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\s9ssfwdu.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2011.11.19 12:35:18 | 000,000,000 | ---D | M] (WOT) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\s9ssfwdu.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.09.13 18:38:27 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\s9ssfwdu.default\extensions\zotero@chnm.gmu.edu
[2011.11.10 22:45:46 | 000,000,000 | ---D | M] (Zotero Word for Windows Integration) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\s9ssfwdu.default\extensions\zoteroWinWordIntegration@zotero.org
[2010.06.17 18:35:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\spdb3rpv.dev\extensions
[2009.09.03 16:51:14 | 000,002,172 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\s9ssfwdu.default\searchplugins\bing.xml
[2011.07.18 22:49:34 | 000,011,417 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\s9ssfwdu.default\searchplugins\ebay-durchsuchen.xml
[2012.01.17 21:43:00 | 000,005,547 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\s9ssfwdu.default\searchplugins\fooplot.xml
[2012.01.17 21:43:00 | 000,001,942 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\s9ssfwdu.default\searchplugins\mycroft-project.xml
[2009.09.03 17:16:07 | 000,001,987 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\s9ssfwdu.default\searchplugins\wolframalpha.xml
[2012.01.10 18:34:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.11.30 14:13:33 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.01.10 18:34:34 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S9SSFWDU.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S9SSFWDU.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S9SSFWDU.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S9SSFWDU.DEFAULT\EXTENSIONS\CANITBECHEAPER@TRAFFICBROKER.CO.UK.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S9SSFWDU.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S9SSFWDU.DEFAULT\EXTENSIONS\FIREFOXADDON@SIMILARWEB.COM.XPI
[2012.01.10 18:34:20 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.10 21:11:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.10 21:11:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.10 21:11:22 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.10 21:11:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.10 21:11:22 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.10 21:11:22 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.04.05 21:00:19 | 000,000,854 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe ()
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MagicKeyboard] C:\Program Files\Samsung\MagicKBD\PreMKbd.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [EPSON Stylus DX4000 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [PegtopPStart] C:\Program Files\Pegtop\PStart\PStart.exe (Pegtop Software)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TC-DP.bat - Shortcut.lnk = C:\TC-DP.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupControlXP Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{004C83E5-2F2F-41C8-B71F-1FB370CDE967}: DhcpNameServer = 10.120.136.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6AFB5FF8-BDB0-44B4-BE68-35330C7B6C5D}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE8EF8EF-DCC8-4133-9D3E-7E69B514CB88}: NameServer = 129.13.64.5,129.13.96.2
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{f024cca5-b18a-11de-a8f7-001167d44728}\Shell - "" = AutoRun
O33 - MountPoints2\{f024cca5-b18a-11de-a8f7-001167d44728}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk /r \??\G:)
O34 - HKLM BootExecute: (autocheck autochk /r \??\G:)
O34 - HKLM BootExecute: (autocheck autochk /r \??\G:)
O34 - HKLM BootExecute: (autocheck autochk /p \??\G:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe Acrobat Synchronizer - hkey= - key= - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.18 09:19:44 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.01.18 09:01:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.01.18 09:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.01.17 14:37:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\XING Connector
[2012.01.17 14:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\XING Connector
[2012.01.16 20:22:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\***
[2012.01.16 20:22:52 | 000,000,000 | ---D | C] -- C:\Program Files\***
[2012.01.12 17:54:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\RStudio
[2012.01.12 16:49:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\RStudio-Desktop
[2012.01.12 16:46:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio
[2012.01.12 16:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\RStudio
[2012.01.12 16:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
[2012.01.12 16:22:41 | 000,000,000 | ---D | C] -- C:\Program Files\JGR
[2012.01.04 13:58:18 | 000,000,000 | ---D | C] -- C:\doc
[2011.12.25 23:33:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011.12.25 23:33:35 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2011.12.25 23:33:35 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011.12.25 16:34:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Blender Foundation
[2011.12.25 16:33:31 | 000,000,000 | ---D | C] -- C:\Users\***\.thumbnails
[2011.12.25 16:29:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation
[2011.12.25 16:29:16 | 000,000,000 | ---D | C] -- C:\Program Files\Blender Foundation
[2011.12.25 04:47:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\RenPy
[2011.12.24 14:14:07 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Fotokalender
[2011.12.23 16:42:20 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\GTA San Andreas User Files
[2011.12.23 09:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8
[2011.12.23 02:05:36 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Calibre Portable
[2009.11.23 20:59:24 | 061,191,880 | ---- | C] (Google) -- C:\Users\***\AppData\Roaming\GoogleSketchUpProWEN.exe
[2009.11.07 12:29:07 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe414E.dll
[2009.09.04 08:03:31 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe31D9.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.18 10:00:00 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2012.01.18 09:47:31 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.18 09:47:31 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.18 09:40:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.18 09:37:39 | 000,618,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.18 09:37:39 | 000,107,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.18 09:31:51 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.18 09:31:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.18 09:31:15 | 2411,679,744 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.18 09:25:30 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.01.18 09:18:59 | 000,026,496 | ---- | M] () -- C:\Users\***\Documents\cc_20120118_091848.reg
[2012.01.17 10:50:08 | 000,002,624 | ---- | M] () -- C:\Users\***\.RData
[2012.01.12 17:54:01 | 000,000,282 | ---- | M] () -- C:\Users\***\Documents\.Rhistory
[2012.01.12 17:18:25 | 000,000,114 | ---- | M] () -- C:\Windows\System32\prsgrc.tgz
[2012.01.12 17:18:25 | 000,000,100 | ---- | M] () -- C:\Windows\System32\prsgrc.dll
[2012.01.12 17:18:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\gdovjvw.dll
[2012.01.12 17:18:24 | 000,000,350 | ---- | M] () -- C:\Windows\System32\gdovjvw.tgz
[2012.01.10 18:36:24 | 000,002,002 | ---- | M] () -- C:\Users\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.01.02 00:10:48 | 000,146,432 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.29 12:27:17 | 000,000,194 | ---- | M] () -- C:\Windows\System32\dmlg.dat
[2011.12.23 09:07:37 | 000,003,120 | ---- | M] () -- C:\Windows\System32\ALLFSAF8a.ocx
[2011.12.23 09:07:30 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.18 09:24:58 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.01.18 09:18:55 | 000,026,496 | ---- | C] () -- C:\Users\***\Documents\cc_20120118_091848.reg
[2012.01.17 10:50:08 | 000,002,624 | ---- | C] () -- C:\Users\***\.RData
[2012.01.12 16:22:49 | 000,000,657 | ---- | C] () -- C:\Users\***\.JGRprefsrc
[2012.01.12 16:22:42 | 000,032,256 | ---- | C] () -- C:\Users\Public\Desktop\jgr-1_62.exe
[2011.12.23 09:07:37 | 000,003,120 | ---- | C] () -- C:\Windows\System32\ALLFSAF8a.ocx
[2011.12.23 09:07:30 | 000,001,995 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk
[2011.11.30 10:46:11 | 000,073,728 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2011.11.03 13:18:54 | 000,172,524 | ---- | C] () -- C:\Windows\hpoins46.dat.temp
[2011.11.03 13:18:54 | 000,000,539 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2011.10.27 15:00:15 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.07.10 22:51:17 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{90ED7367-8835-4658-8E28-104F29B43D5C}
[2011.07.10 22:46:28 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{9A6A42DF-4841-4504-9F8C-FDBF7C35D052}
[2011.06.09 06:39:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.05.24 07:33:28 | 000,022,064 | ---- | C] () -- C:\Users\***\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR
[2011.02.24 14:59:23 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2011.02.24 14:59:23 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2011.01.08 13:55:07 | 000,000,194 | ---- | C] () -- C:\Windows\System32\dmlg.dat
[2010.12.07 17:05:54 | 000,024,053 | ---- | C] () -- C:\Users\***\AppData\Local\Temptmp9427.png
[2010.12.07 16:05:54 | 000,024,053 | ---- | C] () -- C:\Users\***\AppData\Local\Temptmp85A2.png
[2010.12.07 16:05:54 | 000,024,053 | ---- | C] () -- C:\Users\***\AppData\Local\Temptmp42EA.png
[2010.11.08 18:38:54 | 000,001,919 | ---- | C] () -- C:\Users\***\AppData\Roaming\gnuplot_history
[2010.10.04 07:23:40 | 000,026,355 | ---- | C] () -- C:\Users\***\AppData\Local\Temptmp86EE.jpg
[2010.10.04 07:23:10 | 000,029,504 | ---- | C] () -- C:\Users\***\AppData\Local\Temptmp871F.jpg
[2010.10.04 07:22:50 | 000,024,919 | ---- | C] () -- C:\Users\***\AppData\Local\Temptmp870E.jpg
[2010.10.04 07:22:22 | 000,028,305 | ---- | C] () -- C:\Users\***\AppData\Local\Temptmp8730.jpg
[2010.10.03 11:49:18 | 000,011,057 | ---- | C] () -- C:\Users\***\AppData\Local\Temptmp87B1.jpg
[2010.10.03 11:49:18 | 000,011,057 | ---- | C] () -- C:\Users\***\AppData\Local\Temptmp247E.jpg
[2010.10.03 11:49:08 | 000,016,965 | ---- | C] () -- C:\Users\***\AppData\Local\Temptmp87A1.jpg
[2010.10.03 11:49:08 | 000,016,965 | ---- | C] () -- C:\Users\***\AppData\Local\Temptmp246D.jpg
[2010.10.03 11:29:22 | 000,022,777 | ---- | C] () -- C:\Users\***\AppData\Local\Temptmp8790.jpg
[2010.10.03 11:29:22 | 000,022,777 | ---- | C] () -- C:\Users\***\AppData\Local\Temptmp245C.jpg
[2010.10.03 11:27:28 | 000,029,169 | ---- | C] () -- C:\Users\***\AppData\Local\Temptmp8780.jpg
[2010.10.03 11:27:28 | 000,029,169 | ---- | C] () -- C:\Users\***\AppData\Local\Temptmp243C.jpg
[2010.10.03 11:25:40 | 000,021,000 | ---- | C] () -- C:\Users\***\AppData\Local\Temptmp875F.jpg
[2010.10.03 11:25:40 | 000,021,000 | ---- | C] () -- C:\Users\***\AppData\Local\Temptmp242C.jpg
[2010.10.03 11:18:38 | 000,024,093 | ---- | C] () -- C:\Users\***\AppData\Local\Temptmp23DA.jpg
[2010.10.03 11:18:18 | 000,022,310 | ---- | C] () -- C:\Users\***\AppData\Local\Temptmp23EA.jpg
[2010.10.03 11:18:00 | 000,022,209 | ---- | C] () -- C:\Users\***\AppData\Local\Temptmp23A9.jpg
[2010.10.03 11:17:40 | 000,021,375 | ---- | C] () -- C:\Users\***\AppData\Local\Temptmp23B9.jpg
[2010.10.03 11:16:50 | 000,027,839 | ---- | C] () -- C:\Users\***\AppData\Local\Temptmp23FB.jpg
[2010.10.03 11:16:36 | 000,027,303 | ---- | C] () -- C:\Users\***\AppData\Local\Temptmp241B.jpg
[2010.07.18 22:09:03 | 000,007,662 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2010.07.14 14:24:09 | 000,038,467 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2010.06.15 11:37:45 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.06.10 18:05:50 | 000,001,233 | ---- | C] () -- C:\Users\***\AppData\Local\TemptmpE5E8.png
[2010.06.10 18:05:50 | 000,001,233 | ---- | C] () -- C:\Users\***\AppData\Local\TemptmpDE00.png
[2010.04.14 15:20:48 | 000,030,673 | ---- | C] () -- C:\Users\***\AppData\Local\Temptmp86DE.png
[2010.04.14 15:20:06 | 000,029,871 | ---- | C] () -- C:\Users\***\AppData\Local\Temptmp2398.png
[2010.04.04 06:26:20 | 000,046,764 | ---- | C] () -- C:\Users\***\AppData\Local\Temptmp2DAA.jpg
[2010.04.03 18:05:52 | 000,020,332 | ---- | C] () -- C:\Users\***\AppData\Local\Temptmp2DEB.jpg
[2010.04.03 17:39:18 | 000,194,339 | ---- | C] () -- C:\Users\***\AppData\Local\Temptmp2DCA.jpg
[2010.03.26 21:38:24 | 000,007,276 | ---- | C] () -- C:\Users\***\AppData\Local\Temptmp2D79.jpg
[2010.03.26 21:33:36 | 000,009,638 | ---- | C] () -- C:\Users\***\AppData\Local\Temptmp2D9A.jpg
[2010.03.26 17:36:48 | 000,044,944 | ---- | C] () -- C:\Users\***\AppData\Local\TemptmpAC95.png
[2010.03.26 17:36:48 | 000,044,944 | ---- | C] () -- C:\Users\***\AppData\Local\Temptmp2D0A.png
[2010.03.26 17:01:18 | 000,068,691 | ---- | C] () -- C:\Users\***\AppData\Local\TemptmpAC96.png
[2010.03.26 17:01:18 | 000,068,691 | ---- | C] () -- C:\Users\***\AppData\Local\Temptmp2D4A.png
[2010.03.20 23:17:42 | 000,014,059 | ---- | C] () -- C:\Users\***\AppData\Local\Temptmp3532.png
[2010.03.20 22:17:42 | 000,014,059 | ---- | C] () -- C:\Users\***\AppData\Local\TemptmpA920.png
[2010.03.20 16:51:26 | 000,025,984 | ---- | C] () -- C:\Users\***\AppData\Local\Temptmp3543.png
[2010.03.20 15:51:26 | 000,025,984 | ---- | C] () -- C:\Users\***\AppData\Local\TemptmpA942.png
[2010.03.20 05:07:44 | 000,016,916 | ---- | C] () -- C:\Users\***\AppData\Local\Temptmp3542.png
[2010.03.20 04:07:44 | 000,016,916 | ---- | C] () -- C:\Users\***\AppData\Local\TemptmpA941.png
[2010.03.14 22:51:08 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.02.27 12:54:03 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\chrtmp
[2010.02.23 14:52:32 | 000,038,502 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft Access 97-2003.ADR
[2010.02.20 01:53:26 | 000,000,917 | ---- | C] () -- C:\Users\***\AppData\Roaming\coreavc.ini
[2010.02.20 00:21:35 | 000,000,619 | ---- | C] () -- C:\Windows\eReg.dat
[2010.02.10 08:49:36 | 000,001,024 | ---- | C] () -- C:\Windows\System32\jue532v.dll
[2010.02.10 08:49:36 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll
[2010.02.10 08:49:36 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll
[2010.02.10 08:49:36 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2010.02.10 08:49:36 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2010.02.10 08:49:36 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll
[2010.02.10 08:49:36 | 000,000,072 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2010.02.10 08:49:36 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\ubl9clt.dll
[2010.02.10 08:49:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\gdovjvw.dll
[2010.01.20 14:04:20 | 000,013,040 | ---- | C] () -- C:\Users\***\AppData\Local\TemptmpCD02.png
[2010.01.20 13:04:20 | 000,013,040 | ---- | C] () -- C:\Users\***\AppData\Local\Temptmp8059.png
[2010.01.10 12:59:45 | 000,034,308 | ---- | C] () -- C:\ProgramData\mazuki.dll
[2010.01.05 17:14:52 | 000,184,674 | ---- | C] () -- C:\Windows\hpoins46.dat
[2010.01.05 17:14:52 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2010.01.03 12:34:11 | 000,303,104 | ---- | C] () -- C:\Windows\Uninstall_tkexe.exe
[2009.11.10 11:33:56 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2009.11.01 15:26:32 | 000,146,432 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.30 11:47:01 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.09.25 16:45:50 | 000,000,606 | ---- | C] () -- C:\Users\***\AppData\Roaming\AutoGK.ini
[2009.09.21 09:18:15 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND
[2009.09.04 10:42:30 | 000,185,344 | ---- | C] () -- C:\Windows\System32\PCGW32.DLL
[2009.09.04 10:26:39 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009.09.03 18:40:04 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\winscp.rnd
[2009.09.03 17:10:20 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2009.09.03 17:10:20 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2009.09.03 17:08:37 | 000,001,520 | ---- | C] () -- C:\Windows\System32\MagicKBD.INI
[2009.09.03 17:08:24 | 000,003,425 | ---- | C] () -- C:\Windows\System32\KBDR.INI
[2009.09.03 17:08:24 | 000,002,741 | ---- | C] () -- C:\Windows\System32\KBDD.INI
[2009.09.03 17:08:24 | 000,002,699 | ---- | C] () -- C:\Windows\System32\KBDO.INI
[2009.09.03 17:08:24 | 000,002,699 | ---- | C] () -- C:\Windows\System32\KBDC.INI
[2009.09.03 17:08:24 | 000,002,606 | ---- | C] () -- C:\Windows\System32\KBDB.INI
[2009.09.03 17:08:24 | 000,002,236 | ---- | C] () -- C:\Windows\System32\KBDQ.INI
[2009.09.03 17:08:24 | 000,001,956 | ---- | C] () -- C:\Windows\System32\KBDE.INI
[2009.09.03 17:08:24 | 000,001,885 | ---- | C] () -- C:\Windows\System32\KBDP.INI
[2009.09.03 17:08:24 | 000,001,857 | ---- | C] () -- C:\Windows\System32\KBDUU.INI
[2009.09.03 17:08:24 | 000,001,835 | ---- | C] () -- C:\Windows\System32\KBDG.INI
[2009.09.03 17:08:24 | 000,001,835 | ---- | C] () -- C:\Windows\System32\KBDA.INI
[2009.09.03 17:08:24 | 000,001,834 | ---- | C] () -- C:\Windows\System32\KBDU.INI
[2009.09.03 17:08:24 | 000,001,819 | ---- | C] () -- C:\Windows\System32\KBDN.INI
[2009.09.03 17:08:24 | 000,001,699 | ---- | C] () -- C:\Windows\System32\KBDT.INI
[2009.09.03 17:08:24 | 000,001,697 | ---- | C] () -- C:\Windows\System32\KBDV.INI
[2009.09.03 17:08:24 | 000,001,522 | ---- | C] () -- C:\Windows\System32\KBDS.INI
[2009.09.03 17:08:24 | 000,001,476 | ---- | C] () -- C:\Windows\System32\KBDF.INI
[2009.09.03 17:05:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.09.03 16:59:31 | 000,004,300 | ---- | C] () -- C:\Windows\System32\MEMIO.SYS
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 002,352,288 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,618,912 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,107,232 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.05.11 01:00:00 | 000,011,264 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll
[2009.05.11 00:59:58 | 000,147,456 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll
[2009.05.11 00:59:58 | 000,027,136 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll
[2009.05.11 00:59:56 | 000,010,752 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll
[2009.03.19 18:50:40 | 000,002,425 | ---- | C] () -- C:\Users\***\AppData\Local\Temptmp546.png
[2009.01.25 22:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.01.09 00:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.09.09 11:23:00 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sst1cl3.dll
[2007.03.23 02:00:14 | 000,030,032 | ---- | C] () -- C:\Windows\System32\drivers\XPVCOM.sys
[2002.10.15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2002.07.31 18:32:03 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 
========== LOP Check ==========
 
[2011.01.27 21:59:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2009.09.13 11:24:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acronis
[2011.08.27 13:15:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo
[2011.12.12 19:55:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\avidemux
[2011.12.25 16:34:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Blender Foundation
[2011.07.06 23:22:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Call Graph
[2012.01.18 09:10:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2009.09.03 17:38:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Pro
[2012.01.18 10:28:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2011.02.24 15:04:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Eclipse
[2011.04.01 17:07:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EventGhost
[2011.06.14 20:21:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EXIF Date Changer
[2010.01.03 16:26:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\fretsonfire
[2010.02.24 21:42:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GBM Software
[2011.10.14 00:20:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GeoSetter
[2011.05.02 22:22:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2011.11.30 12:33:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HD Tune Pro
[2010.08.27 22:02:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HDRsoft
[2011.11.30 20:59:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IBM
[2009.09.03 18:47:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InfraRecorder
[2010.02.23 14:22:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Itsth
[2009.09.04 10:42:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\iZ3D Driver
[2010.08.20 21:54:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JAlbum
[2010.02.07 22:04:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Juniper Networks
[2009.09.03 18:27:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KeePass
[2011.03.05 11:31:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MiniLyrics
[2011.08.13 12:29:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MZTools Software
[2009.12.22 22:26:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2009.09.03 17:18:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Pegtop
[2011.12.25 04:47:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RenPy
[2010.12.21 23:50:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\rockbox.org
[2012.01.12 17:54:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RStudio
[2009.10.16 16:50:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScummVM
[2011.04.14 22:06:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SIOL
[2011.04.14 22:16:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spamihilator
[2010.01.07 11:21:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stereoscopic Player
[2009.09.03 18:42:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Subversion
[2011.05.19 07:37:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Swiss Academic Software
[2009.09.04 09:25:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SystemRequirementsLab
[2009.11.19 01:19:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\think-cell
[2010.02.04 15:00:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thinstall
[2012.01.11 14:47:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2009.09.03 18:30:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2010.01.03 10:22:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TVRename
[2010.02.24 12:18:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UnknownApplicationVendor
[2010.07.08 22:22:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wuala
[2012.01.16 17:53:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XnView
[2012.01.18 10:00:00 | 000,000,496 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2011.07.26 06:16:04 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009.09.03 16:16:23 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.06.14 16:52:42 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.01.16 20:22:54 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2010.02.23 00:02:45 | 000,000,000 | ---D | M] -- C:\DDC TomTom Tool version 1.02b
[2012.01.04 13:58:37 | 000,000,000 | ---D | M] -- C:\doc
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.09.03 16:39:40 | 000,000,000 | ---D | M] -- C:\Intel
[2011.08.25 17:47:14 | 000,000,000 | ---D | M] -- C:\Lyrics
[2009.09.03 17:50:30 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2010.02.20 02:09:12 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.01.18 09:01:26 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.07.30 00:17:33 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.09.03 16:16:00 | 000,000,000 | -HSD | M] -- C:\Recovery
[2009.12.17 20:45:47 | 000,000,000 | ---D | M] -- C:\***
[2012.01.18 10:33:39 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.04.28 14:11:35 | 000,000,000 | ---D | M] -- C:\tacenergydemo
[2010.03.15 00:22:24 | 000,000,000 | ---D | M] -- C:\Temp
[2009.09.03 16:16:12 | 000,000,000 | R--D | M] -- C:\Users
[2012.01.18 09:31:20 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: AFD.SYS  >
[2011.04.25 03:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys
[2010.11.20 09:40:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
[2011.04.25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\System32\drivers\afd.sys
[2011.04.25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys
[2011.04.25 03:27:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys
[2011.04.25 04:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
[2009.07.14 00:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-18 08:28:35

< End of report >
         
Extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 18.01.2012 10:30:46 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\***\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 66,13% Memory free
5,99 Gb Paging File | 4,69 Gb Available in Paging File | 78,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,08 Gb Total Space | 20,32 Gb Free Space | 14,10% Space Free | Partition Type: NTFS
Drive G: | 144,00 Gb Total Space | 4,38 Gb Free Space | 3,04% Space Free | Partition Type: NTFS
 
Computer Name: ***-SAMSUNG | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Call Graph\CallGraph.exe" = C:\Program Files\Call Graph\CallGraph.exe:*:Enabled:Call Graph -- (Sedna Wireless Pvt. Ltd.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}" = IBM SPSS Statistics 19
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}" = HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6
"{0C262D84-FFA4-4621-8ED7-41F8287369F5}" = Google Apps Migration For Microsoft Outlook® 2.3.12.34
"{10B75CF6-5A54-4D7B-9169-70AD17181DE1}_is1" = ***
"{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}" = Microsoft SQL Server Compact 3.5 DEU
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18E1FD72-60FA-3E10-A66B-640970B5559F}" = Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1C3ADB5F-750E-4453-AC98-B75C5323845C}" = Microsoft SQL Server Compact 3.5 for Devices DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 29
"{26CA1B07-BC53-4196-B9C2-A11C6F6F3E08}_is1" = EXIF Date Changer v2.52
"{26ED1160-22B1-4b19-8C21-42A1BACAAF75}" = pdfforge Toolbar v4.9
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2B69AD59-FA30-47fc-B950-FA27E7D16A73}_is1" = MZ-Tools 3.0 für VBA
"{2C02693A-EF4F-42D1-9036-664B6C0D647E}" = Google SketchUp Pro 8
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{30BEF9F2-CD3F-4B13-9E5C-BFE2F9544572}_is1" = iZ3D Driver Remove
"{32A3A4F4-B792-11D6-A78A-00B0D0160160}" = Java(TM) SE Development Kit 6 Update 16
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3924C3E7-C440-4B23-9740-9A9EC0545F21}" = Crystal Reports Basic German Language Pack for Visual Studio 2008
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3d9ac095-e115-4e94-bdef-7f7edf17697d}" = Python 2.6.3
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{445174EA-3D3A-308E-84AD-446127E71441}" = Microsoft Visual Studio 2008 Professional Edition - DEU
"{454920FA-3DAC-49D4-9FFC-B817F0C9B6E2}" = ***
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8DFA73-06E7-43EB-BF2D-4E8B942C2F4F}" = Google Apps Sync™ for Microsoft Outlook® 2.5.3122.12
"{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}" = Microsoft Document Explorer 2008 Language Pack - DEU
"{4E3A817A-8033-3D7E-BCA9-102EFF3FD9CA}" = Microsoft Device Emulator Version 3.0 - DEU
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DB161C0-7C9C-41D7-8DA1-CB112F60946B}" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{650E4124-292E-4638-944C-99A880C9D0F0}" = Oracle VM VirtualBox 4.1.6
"{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager
"{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = Luminance HDR 2.0.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7E4CC93F-4394-40C4-B299-1D4AD03CCA3B}" = think-cell
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E8A5EF-EC2A-4ADE-BFF4-F7C680416825}" = MediaPortal StreamedMP Skin 1.7.1
"{85498904-0748-45AA-9482-6DB8EA971B91}" = DJ_AIO_06_F4500_SW_MIN
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0407-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95140000-007C-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Facebook 32-bit
"{95140000-007F-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{99F0C3CC-8DF0-3611-B190-CF4D1AF0E053}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9B2B0EAD-2CC7-4589-B3AA-D23BAB724065}" = CDRWIN 5
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{B1060346-9388-4C5B-AA52-176C39819E43}" = Microsoft .NET Compact Framework 2.0 SP2
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{C309F22B-19ED-4667-950C-2188A4B26E34}" = Google SketchUp Pro 7
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAA555E2-BD47-4791-8B86-40EC80485673}" = GLPK Lab
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU
"{E426EBEE-2F11-461F-9937-B40E62A3FFA4}" = Jalbum
"{E4BAE320-E34F-4F1F-94B8-949EC5D48CDF}" = Stereoscopic Player
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F5AEB5A7-D4EA-49A5-89F2-A799F1C620B9}" = TViXiE
"{F73D8560-EB17-4C8C-BA6C-8389419E8A98}" = ***
"{FD942F15-2D42-449E-8988-9E7ACE7D9CA8}" = ***
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Age of Empires 2.0" = Microsoft Age of Empires II
"Alpenvereinskarten Digital 2010_is1" = Alpenvereinskarten Digital 2010 (V 3.0.8)
"Aspell German Dictionary_is1" = Aspell German Dictionary-0.50-2
"Audacity_is1" = Audacity 1.2.6
"AutoGK" = Auto Gordian Knot 2.55
"Autopano Giga" = Autopano Giga
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Badaboom" = Badaboom 1.2.1.74
"Biet-O-Matic v2.12.5" = Biet-O-Matic v2.12.5
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"Blender" = Blender
"Call Graph" = Call Graph
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"CyberGhost VPN_is1" = CyberGhost VPN
"Deducer_is1" = Deducer
"DetailedInfo_is1" = ScrobblerDJ v1.26 for Media Monkey
"DivX Setup.divx.com" = DivX-Setup
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EventGhost_is1" = EventGhost 0.3.7.r1486
"FaceMorpher" = FaceMorpher 2.51
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"Fotoland_is1" = Fotoland
"GAMS_is1" = GAMS Distribution 23.7.3
"ggobi" = GGobi Interactive Graphics Platform
"Glpk-4.34_is1" = GnuWin32: Glpk-4.34
"Gnaural_is1" = Gnaural ver. 1.0.20101115
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"GRemoteServer" = GRemoteServer Pro(remove only)
"GSview 4.9" = GSview 4.9
"HaaliMkx" = Haali Media Splitter
"Hamachi" = Hamachi 1.0.3.0
"HD Tune Pro_is1" = HD Tune Pro 5.00
"IBM ILOG CPLEX Optimization Studio" = IBM ILOG CPLEX Optimization Studio (C:\Program Files\IBM\ILOG\CPLEX_Studio123)
"InfraRecorder" = InfraRecorder
"InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"InstallShield_{83E8A5EF-EC2A-4ADE-BFF4-F7C680416825}" = MediaPortal StreamedMP Skin 1.7.1
"IntelliJ IDEA 9.0.2" = IntelliJ IDEA 9.0.2
"JUDE Community_is1" = JUDE Community 5.5.2
"Juniper Network Connect 6.3.0" = Juniper Networks Network Connect 6.3.0
"Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Kalender" = TKexe
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.08
"LPSolve IDE_is1" = LPSolve IDE 5.5.2.0
"MediaMonkey_is1" = MediaMonkey 3.1
"MediaPortal" = MediaPortal
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Document Explorer 2008 Language Pack - DEU" = Microsoft Document Explorer 2008 Language Pack - DEU
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"Microsoft Visual Studio 2008 Professional Edition - DEU" = Microsoft Visual Studio 2008 Professional Edition - DEU
"MiKTeX 2.8" = MiKTeX 2.8
"MiniLyrics" = Minilyrics(remove only)
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Neuro-Programmer 2 Professional_is1" = Neuro-Programmer Professional 2.4.2
"Notepad++" = Notepad++
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Pegtop PStart" = Pegtop PStart
"PhotomatixPro3x32_is1" = Photomatix Pro version 3.2.6
"PremElem90" = Adobe Premiere Elements 9
"R for Windows 2.12.1_is1" = R for Windows 2.12.1
"R for Windows 2.13.0_is1" = R for Windows 2.13.0
"Rayman_is1" = Rayman
"Repast" = Repast 3.1
"RepastSimphony" = Repast Simphony IDE
"RStudio" = RStudio
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"The KMPlayer" = The KMPlayer (remove only)
"The Quest" = The Quest
"Trillian" = Trillian
"TrueCrypt" = TrueCrypt
"TVRename" = TV Rename
"VertusFluidMask3" = Vertus Fluid Mask 3 2.100.2-RC2
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU" = Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VobSub" = VobSub v2.23 (Remove Only)
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"winscp3_is1" = WinSCP 4.1.9
"XING Connector" = XING Connector 1.2
"XnView_is1" = XnView 1.96.2
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CreepSmash.com" = CreepSmash.com
"Dropbox" = Dropbox
"GanttProject 2.0.10" = GanttProject 2.0.10
"IBM ILOG CPLEX Optimization Studio" = IBM ILOG CPLEX Optimization Studio (C:\Program Files\IBM\ILOG\CPLEX_Studio123)
"Juniper_Setup_Client" = Juniper Networks Setup Client
"RouteConverter" = RouteConverter
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
Gmer Log (unvollständig):
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-01-19 08:15:14
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK3252GSX rev.LV011E
Running: 9xn3l2ss.exe; Driver: C:\Users\***\AppData\Local\Temp\kwrdypow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!ZwSaveKey + 13CD                                                                                       8344A9A9 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                              8346A4E2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE            peauth.sys                                                                                                          A684702C 102 Bytes  CALL C3916902 

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1072] kernel32.dll!SetUnhandledExceptionFilter               7715F4FB 5 Bytes  JMP 64E485A4 C:\Program Files\Common Files\Microsoft Shared\office14\mso.dll (Microsoft Office 2010 component/Microsoft Corporation)
.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[1072] ole32.dll!OleLoadFromStream                            774B6143 5 Bytes  JMP 6542940D C:\Program Files\Common Files\Microsoft Shared\office14\mso.dll (Microsoft Office 2010 component/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                             Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                             Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\00000067                                                                                   halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\00000093                                                                                     bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\00000095                                                                                     bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001167d44728                                         
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001167d44728@001d28279fa1                            0xA3 0x80 0x25 0xCC ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001167d44728@0021badbb8d2                            0xB0 0x68 0x2C 0x9B ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001167d44728@001a7d5282b3                            0xAA 0x68 0xCC 0x78 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x4E 0xC1 0x75 0x14 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x80 0xA1 0x4C 0xB4 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xF0 0x72 0x32 0x3F ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001167d44728 (not active ControlSet)                     
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001167d44728@001d28279fa1                                0xA3 0x80 0x25 0xCC ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001167d44728@0021badbb8d2                                0xB0 0x68 0x2C 0x9B ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001167d44728@001a7d5282b3                                0xAA 0x68 0xCC 0x78 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x4E 0xC1 0x75 0x14 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x80 0xA1 0x4C 0xB4 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xF0 0x72 0x32 0x3F ...
         
mbam-log-2012-01-18 (15-06-48).txt:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.18.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
*** :: ***-SAMSUNG [Administrator]

Schutz: Aktiviert

18.01.2012 15:06:48
mbam-log-2012-01-18 (15-06-48).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 177929
Laufzeit: 9 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\***\Downloads\sokoban722.exe (Trojan.FakeAlert.SecGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\GoogleSketchUpProWEN.exe (Trojan.Googlx.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Alt 25.01.2012, 11:35   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Yahoo- & PayPal-Account gehackt - Trojaner? - Standard

Yahoo- & PayPal-Account gehackt - Trojaner?



Zitat:
Erlaubt dieser Screenshot irgendwelche Rückschlüsse auf die Identität des Täters?
IMHO nein

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 26.01.2012, 06:26   #3
atheos
 
Yahoo- & PayPal-Account gehackt - Trojaner? - Standard

Yahoo- & PayPal-Account gehackt - Trojaner?



Danke für den Hinweis.

Malwarebytes Vollscan Log:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.25.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
*** :: ***-SAMSUNG [Administrator]

Schutz: Deaktiviert

25.01.2012 14:45:10
mbam-log-2012-01-25 (14-45-10).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 613847
Laufzeit: 5 Stunde(n), 22 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Program Files\***\***.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\Desktop\Serien\Google SketchUp Pro 8\keygen.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\Desktop\Serien\GTA SA\trainer.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
G:\***\Programme\***\***.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
ESET Log:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b3f18983feb3ed49b3bb9c7d29cdbc0f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-26 01:32:27
# local_time=2012-01-26 02:32:27 (+0100, W. Europe Standard Time)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 100 188472 102419328 46864 0
# compatibility_mode=5893 16776573 100 94 4018 79153955 0 0
# compatibility_mode=8192 67108863 100 0 3782 3782 0 0
# scanned=492626
# found=13
# cleaned=0
# scan_time=18824
C:\Program Files\Application Updater\ApplicationUpdater.exe	probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\***\***.exe	a variant of Win32/Inject.NDT trojan (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\***\***.exe	a variant of Win32/Inject.NDT trojan (unable to clean)	00000000000000000000000000000000	I
C:\Windows\Installer\11c47b7f.msi	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
${Memory}	a variant of Win32/Adware.Toolbar.Dealio application	00000000000000000000000000000000	I
         
__________________

Alt 26.01.2012, 14:33   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Yahoo- & PayPal-Account gehackt - Trojaner? - Standard

Yahoo- & PayPal-Account gehackt - Trojaner?



Zitat:
C:\Users\***\Desktop\Serien\Google SketchUp Pro 8\keygen.exe (RiskWare.Tool.CK)
Und sich dann noch wundern, dass irgendwer die Konten hacken konnte



Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!


In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.01.2012, 23:14   #5
atheos
 
Yahoo- & PayPal-Account gehackt - Trojaner? - Standard

Yahoo- & PayPal-Account gehackt - Trojaner?



Schade, aber ich kann die Einstellung verstehn.
Trotzdem danke für deine Zeit.


Antwort

Themen zu Yahoo- & PayPal-Account gehackt - Trojaner?
32 bit, antivir, audacity, automatische weiterleitung, autorun, avira, bho, cyberghost, dateisystem, desktop, document, error, excel.exe, firefox, geld, google earth, helper, heuristiks/extra, heuristiks/shuriken, hängen, install.exe, karte, langs, locker, logfile, microsoft office word, mp3, pdfforge toolbar, phishing, registry, required, rundll, scan, security, senden, sketchup, software, studio, super, system, trojaner, trojaner?, virus, virustotal.com, visual studio, webcheck



Ähnliche Themen: Yahoo- & PayPal-Account gehackt - Trojaner?


  1. Spam Mail vom eigenen Yahoo Account erhalten - Account gehackt?
    Log-Analyse und Auswertung - 28.08.2015 (8)
  2. Mein yahoo-E-Mail-Account wurde gehackt - nun habe ich Malware
    Plagegeister aller Art und deren Bekämpfung - 26.01.2015 (11)
  3. Yahoo Account versendet Spam. Trojaner-Verdacht. Windows 7 64bit
    Log-Analyse und Auswertung - 24.06.2014 (15)
  4. E-Mail Account gehackt - unauthorisierte Mails von meinem Account werden verschickt
    Log-Analyse und Auswertung - 19.04.2014 (5)
  5. Trojaner verschickt Emails über Yahoo-Account
    Plagegeister aller Art und deren Bekämpfung - 10.09.2012 (47)
  6. GMX Account gehackt von Trojaner
    Log-Analyse und Auswertung - 13.07.2012 (1)
  7. Trojaner verschickt Spam-Mails aus meinem yahoo-Account
    Plagegeister aller Art und deren Bekämpfung - 24.06.2012 (3)
  8. In Yahoo Mail Account gehackt
    Log-Analyse und Auswertung - 18.01.2012 (18)
  9. Email Account gehackt, Trojaner installiert?
    Log-Analyse und Auswertung - 21.11.2011 (8)
  10. Amazon Account gehackt. Trojaner?
    Log-Analyse und Auswertung - 16.10.2011 (1)
  11. battle.net/WoW Account gehackt, Trojaner
    Log-Analyse und Auswertung - 17.02.2011 (5)
  12. WoW Account gehackt. Wie werd ich den Trojaner/Keylogger los?
    Log-Analyse und Auswertung - 09.12.2009 (6)
  13. WOW Account gehackt - habe ich Trojaner?
    Log-Analyse und Auswertung - 04.10.2009 (7)
  14. WoW-Account gehackt, Trojaner am Werk?
    Log-Analyse und Auswertung - 13.08.2009 (4)
  15. Paypal Account gehackt! Keylogger auf dem Rechner?
    Log-Analyse und Auswertung - 07.07.2009 (0)
  16. yahoo account gehackt
    Log-Analyse und Auswertung - 16.01.2008 (3)
  17. Account wurde gehackt - Trojaner???
    Log-Analyse und Auswertung - 20.11.2007 (8)

Zum Thema Yahoo- & PayPal-Account gehackt - Trojaner? - Hallo zusammen, ich hoffe ich poste im richtigen Forum, falls nicht bitte darauf hinweisen bzw. den Thread verschieben. Meine Email-Adresse bei Yahoo wurde letzte Woche von einem Hacker übernommen. Dieser - Yahoo- & PayPal-Account gehackt - Trojaner?...
Archiv
Du betrachtest: Yahoo- & PayPal-Account gehackt - Trojaner? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.