Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
bka trojaner 100euro forderung

bka trojaner 100euro forderung


Log-Analyse und Auswertung: bka trojaner 100euro forderung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 31.03.2012, 22:10   #1
knizzle707
 
bka trojaner 100euro forderung - Standard

bka trojaner 100euro forderung


hallo,
habe seit ein paar stunden den bka trojaner. windows wird beim anmelden gesperrt. habe gestern einige verdächtige dateien gelöscht (z.b. mehrfach agodsi.exe), die von antivir identifiziert wurden. daher vermute ich, dass "autostart" und "temp" betroffen ist.
nachdem ich auf euer forum gekommen bin, habe ich jetzt diverse scans durchgeführt und logs gespeichert. leider sind die otl logs sehr widerspenstig. (lassen sich nicht im anhang unterbringen und sind zu lang zum posten). deshalb hier nur eine gekürzte version. weitere otl logs psote ich dann auf anfrage.
dds:
Code:
ATTFilter
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 MINIMAL
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_22
Run by Spliff Richard at 21:46:44 on 2012-03-31
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.1771.1354 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\helppane.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\msinfo32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?AF=109989&babsrc=HP_ss&mntrId=9e21111e00000000000068a3c48f68fa
uDefault_Page_URL = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
uRun: [{E8F33710-936B-1B3C-2AFA-655FAC1E489C}] "C:\Users\Spliff Richard\AppData\Roaming\Yvap\zuitdib.exe"
uRun: [{FB95CC7B-23E8-2F4F-5599-2A8F7AFBDFC7}] "C:\Users\Spliff Richard\AppData\Roaming\Vugyyxe\agodsi.exe"
uRun: [5GVA2ZXEZF9G7Y3IVNDDZRT] C:\x64drvsys\56B02FD4CE0.exe
uRun: [<NO NAME>] C:\Users\SPLIFF~1\AppData\Local\Temp\ch8l0.exe
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [H2O] C:\Program Files (x86)\SyncroSoft\Pos\H2O\cledx.exe
StartupFolder: C:\Users\SPLIFF~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube to MP3 Converter - C:\Users\Spliff Richard\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{25173FD8-9C2B-4466-96E9-ADF5C6EC6A21} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{25173FD8-9C2B-4466-96E9-ADF5C6EC6A21}\142736F627D2532333631313 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{CAB38119-811F-459D-A6FF-4BBD3C1ACB96} : DhcpNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{2EECD738-5844-4a99-B4B6-146BF802613B}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{d2ce3e00-f94a-4740-988e-03dc2f38c34f}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{8dcb7100-df86-4384-8842-8fa844297b3f}
{98889811-442D-49dd-99D7-DC866BE87DBC}
mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [H2O] C:\Program Files (x86)\SyncroSoft\Pos\H2O\cledx.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Spliff Richard\AppData\Roaming\Mozilla\Firefox\Profiles\x9jfrg00.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
S1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
S1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
S1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-1-13 86224]
S2 AntiVirService;Avira Echtzeit Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-1-13 110032]
S2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 CxAudMsg;CxAudMsg;C:\Windows\system32\CxAudMsg64.exe --> C:\Windows\system32\CxAudMsg64.exe [?]
S2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-4-8 352848]
S2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-5-12 873064]
S2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
S2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-3-25 244624]
S2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-2 2804568]
S2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-2-15 257344]
S2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [2012-3-14 690352]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-9-28 172912]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-03-31 13:19:43	--------	d-----w-	C:\Users\Spliff Richard\AppData\Local\{1CD312BA-C7BC-4034-A124-E4837BAACE14}
2012-03-30 09:44:07	8669240	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C6715097-437E-4A8D-A8A9-EA9843BBF651}\mpengine.dll
2012-03-22 22:00:05	--------	d-----w-	C:\Users\Spliff Richard\AppData\Local\{CA493D59-500D-4BDB-A223-CFC6DA5B87C1}
2012-03-22 21:26:45	--------	d-----w-	C:\Users\Spliff Richard\AppData\Local\{7E76AD93-C438-40C1-B7B1-592C2847290A}
2012-03-21 14:10:14	--------	d-----w-	C:\Program Files (x86)\NVIDIA Corporation
2012-03-21 14:07:49	--------	d-----w-	C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-03-21 13:57:43	--------	d-----w-	C:\Users\Spliff Richard\AppData\Local\2K Games
2012-03-21 13:54:59	444776	----a-w-	C:\Windows\SysWow64\d3dx10_35.dll
2012-03-21 13:48:42	--------	d-----w-	C:\AiO-Files
2012-03-21 13:05:36	--------	d-----w-	C:\Program Files (x86)\2K Games
2012-03-21 11:15:40	283200	----a-w-	C:\Windows\System32\drivers\dtsoftbus01.sys
2012-03-21 11:15:13	--------	d-----w-	C:\Program Files (x86)\DAEMON Tools Lite
2012-03-21 11:14:03	--------	d-----w-	C:\Users\Spliff Richard\AppData\Roaming\DAEMON Tools Lite
2012-03-21 11:13:57	--------	d-----w-	C:\ProgramData\DAEMON Tools Lite
2012-03-21 11:11:00	592824	----a-w-	C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-21 11:10:59	44472	----a-w-	C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-18 19:56:22	--------	d-----w-	C:\Users\Spliff Richard\Uncompressor
2012-03-17 15:14:44	21888	----a-w-	C:\Windows\SysWow64\drivers\synUSB64.sys
2012-03-17 15:14:40	45056	----a-w-	C:\Windows\SysWow64\Synsopos.exe
2012-03-17 15:14:38	401462	----a-w-	C:\Windows\SysWow64\temp.000
2012-03-17 15:14:32	147456	----a-w-	C:\Windows\SysWow64\SynsoLChk.dll
2012-03-17 15:14:30	700416	----a-w-	C:\Windows\SysWow64\SYNSOACC.dll
2012-03-17 15:14:30	17784	----a-w-	C:\Windows\SysWow64\drivers\NSynas32.sys
2012-03-17 15:14:29	--------	d-----w-	C:\Program Files (x86)\Syncrosoft
2012-03-15 21:55:33	5559152	----a-w-	C:\Windows\System32\ntoskrnl.exe
2012-03-15 21:55:31	3968368	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-15 21:55:29	3913584	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 15:04:26	1544192	----a-w-	C:\Windows\System32\DWrite.dll
2012-03-14 15:04:26	1077248	----a-w-	C:\Windows\SysWow64\DWrite.dll
2012-03-14 15:04:24	3145728	----a-w-	C:\Windows\System32\win32k.sys
2012-03-14 15:03:59	9216	----a-w-	C:\Windows\System32\rdrmemptylst.exe
2012-03-14 15:03:58	77312	----a-w-	C:\Windows\System32\rdpwsx.dll
2012-03-14 15:03:58	149504	----a-w-	C:\Windows\System32\rdpcorekmts.dll
2012-03-14 15:03:42	826880	----a-w-	C:\Windows\SysWow64\rdpcore.dll
2012-03-14 15:03:42	23552	----a-w-	C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 15:03:42	210944	----a-w-	C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 15:03:42	1031680	----a-w-	C:\Windows\System32\rdpcore.dll
2012-03-12 15:53:36	--------	d-----w-	C:\Users\Spliff Richard\AppData\Roaming\Vugyyxe
2012-03-12 15:53:36	--------	d-----w-	C:\Users\Spliff Richard\AppData\Roaming\Vanu
2012-03-11 15:48:24	--------	d-----w-	C:\Users\Spliff Richard\AppData\Local\{05C6AA34-C316-431E-84DF-2DDEA963E6B1}
2012-03-11 15:42:06	--------	d-----w-	C:\Users\Spliff Richard\AppData\Local\{3747E101-C032-4860-B195-F819F21FE717}
2012-03-11 15:16:11	--------	d-----w-	C:\Users\Spliff Richard\AppData\Local\{A63C3F59-F27C-4E22-BC78-81C4E8F0E25C}
2012-03-11 15:16:10	--------	d-----w-	C:\Users\Spliff Richard\AppData\Local\{F5CA6D1D-057F-4789-8CEF-C1E8FF6A31E9}
2012-03-11 15:15:59	--------	d-----w-	C:\Users\Spliff Richard\AppData\Roaming\Windows Live Writer
2012-03-11 15:15:59	--------	d-----w-	C:\Users\Spliff Richard\AppData\Local\Windows Live Writer
2012-03-11 15:00:34	--------	d-----w-	C:\ProgramData\StarMoney 8.0
2012-03-11 14:55:37	--------	d-----w-	C:\Program Files (x86)\Business Objects
2012-03-11 14:54:39	--------	d-----w-	C:\Program Files (x86)\Common Files\StarFinanz
2012-03-11 14:54:37	--------	d-----w-	C:\Program Files (x86)\StarMoney 8.0
2012-03-10 15:58:30	--------	d-----w-	C:\Users\Spliff Richard\AppData\Roaming\foobar2000
2012-03-10 15:58:15	--------	d-----w-	C:\Program Files (x86)\foobar2000
2012-03-10 15:54:38	--------	d-----w-	C:\Program Files (x86)\VideoLAN
2012-03-10 15:29:26	--------	d-----w-	C:\Program Files (x86)\JDownloader
2012-03-10 15:29:03	--------	d-----w-	C:\Program Files (x86)\BabylonToolbar
2012-03-10 15:28:48	--------	d-----w-	C:\Users\Spliff Richard\AppData\Local\Babylon
2012-03-10 15:28:41	--------	d-----w-	C:\ProgramData\Babylon
2012-03-10 15:28:39	--------	d-----w-	C:\Users\Spliff Richard\AppData\Roaming\Babylon
.
==================== Find3M  ====================
.
2012-03-21 13:54:30	1199175	----a-w-	C:\Windows\unins001.exe
2012-03-21 13:54:28	1179595	----a-w-	C:\Windows\unins002.exe
2012-03-21 13:54:27	709719	----a-w-	C:\Windows\unins000.exe
2012-02-23 08:18:36	279656	------w-	C:\Windows\System32\MpSigStub.exe
2012-01-12 21:07:47	472808	----a-w-	C:\Windows\SysWow64\deployJava1.dll
2012-01-08 12:48:24	750488	----a-w-	C:\Windows\System32\npdeployJava1.dll
2012-01-08 12:48:24	660368	----a-w-	C:\Windows\System32\deployJava1.dll
2012-01-07 16:27:24	131072	----a-w-	C:\Windows\SysWow64\AiORuntimes.dll
2012-01-04 10:44:20	509952	----a-w-	C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41	442880	----a-w-	C:\Windows\SysWow64\ntshrui.dll
.
============= FINISH: 21:47:54,50 ===============
otl part1:
Code:
ATTFilter
OTL logfile created on: 31.03.2012 22:18:20 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = F:\scanner
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,73 Gb Total Physical Memory | 1,39 Gb Available Physical Memory | 80,14% Memory free
3,46 Gb Paging File | 3,12 Gb Available in Paging File | 90,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282,99 Gb Total Space | 193,00 Gb Free Space | 68,20% Space Free | Partition Type: NTFS
Drive D: | 6,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 298,09 Gb Total Space | 32,30 Gb Free Space | 10,84% Space Free | Partition Type: NTFS
 
Computer Name: SPLIFFRICHARD | User Name: Spliff Richard | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.31 21:54:11 | 000,593,920 | ---- | M] (OldTimer Tools) -- F:\scanner\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.01.11 07:49:46 | 000,203,776 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.02.23 13:45:31 | 000,690,352 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Stopped] -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate)
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.12.15 15:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.12.15 15:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.12 13:33:51 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.03.31 14:38:36 | 000,352,848 | ---- | M] (Dritek System Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011.03.01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011.02.22 21:00:46 | 000,873,064 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2011.02.15 20:36:10 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011.01.31 22:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV - [2010.09.28 03:09:54 | 000,172,912 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 23:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.06.02 00:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.21 13:15:40 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.02.15 23:27:50 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.12.15 15:59:59 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.03.25 08:02:01 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011.03.25 08:02:01 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011.03.25 08:02:01 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 06:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2011.03.10 06:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2011.02.14 06:43:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011.01.25 05:48:04 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011.01.11 08:23:38 | 008,122,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.01.11 07:13:52 | 000,290,816 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.11.28 21:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.08 12:32:28 | 001,395,248 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.06.17 11:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.05.11 12:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2001.04.09 15:03:56 | 000,017,784 | ---- | M] (Syncrosoft Hard- und Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\NSynas32.sys -- (Nsynas32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=109989&babsrc=HP_ss&mntrId=9e21111e00000000000068a3c48f68fa
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109989&babsrc=SP_ss&mntrId=9e21111e00000000000068a3c48f68fa
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.21 13:11:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.07.01 20:25:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Spliff Richard\AppData\Roaming\mozilla\Extensions
[2012.03.10 17:30:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Spliff Richard\AppData\Roaming\mozilla\Firefox\Profiles\x9jfrg00.default\extensions
[2012.02.22 22:45:03 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Spliff Richard\AppData\Roaming\mozilla\Firefox\Profiles\x9jfrg00.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.10 17:30:16 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Spliff Richard\AppData\Roaming\mozilla\Firefox\Profiles\x9jfrg00.default\extensions\ffxtlbr@babylon.com
[2012.01.17 19:34:11 | 000,000,933 | ---- | M] () -- C:\Users\Spliff Richard\AppData\Roaming\Mozilla\Firefox\Profiles\x9jfrg00.default\searchplugins\11-suche.xml
[2012.01.17 19:34:11 | 000,002,419 | ---- | M] () -- C:\Users\Spliff Richard\AppData\Roaming\Mozilla\Firefox\Profiles\x9jfrg00.default\searchplugins\englische-ergebnisse.xml
[2012.01.17 19:34:11 | 000,010,525 | ---- | M] () -- C:\Users\Spliff Richard\AppData\Roaming\Mozilla\Firefox\Profiles\x9jfrg00.default\searchplugins\gmx-suche.xml
[2012.01.17 19:34:11 | 000,002,457 | ---- | M] () -- C:\Users\Spliff Richard\AppData\Roaming\Mozilla\Firefox\Profiles\x9jfrg00.default\searchplugins\lastminute.xml
[2012.01.17 19:34:10 | 000,005,508 | ---- | M] () -- C:\Users\Spliff Richard\AppData\Roaming\Mozilla\Firefox\Profiles\x9jfrg00.default\searchplugins\webde-suche.xml
[2012.01.15 05:42:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\SPLIFF RICHARD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X9JFRG00.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
() (No name found) -- C:\USERS\SPLIFF RICHARD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X9JFRG00.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012.03.21 13:11:01 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.21 13:10:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.10 17:28:53 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.03.21 13:10:54 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.21 13:10:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.21 13:10:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.21 13:10:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.21 13:10:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [H2O] C:\Program Files (x86)\SyncroSoft\Pos\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [] C:\Users\SPLIFF~1\AppData\Local\Temp\ch8l0.exe ()
O4 - HKCU..\Run: [{E8F33710-936B-1B3C-2AFA-655FAC1E489C}] C:\Users\Spliff Richard\AppData\Roaming\Yvap\zuitdib.exe ()
O4 - HKCU..\Run: [5GVA2ZXEZF9G7Y3IVNDDZRT] C:\x64drvsys\56B02FD4CE0.exe File not found
O4 - Startup: C:\Users\Spliff Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Spliff Richard\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Spliff Richard\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25173FD8-9C2B-4466-96E9-ADF5C6EC6A21}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CAB38119-811F-459D-A6FF-4BBD3C1ACB96}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5549f8e1-7276-11e1-af7b-b870f4836d28}\Shell - "" = AutoRun
O33 - MountPoints2\{5549f8e1-7276-11e1-af7b-b870f4836d28}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{652814b0-709c-11e1-9b5e-b870f4836d28}\Shell - "" = AutoRun
O33 - MountPoints2\{652814b0-709c-11e1-9b5e-b870f4836d28}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.31 22:02:32 | 000,000,000 | ---D | C] -- C:\Users\Spliff Richard\AppData\Roaming\Malwarebytes
[2012.03.31 22:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.31 22:02:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.31 22:02:22 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.31 22:02:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.31 15:19:43 | 000,000,000 | ---D | C] -- C:\Users\Spliff Richard\AppData\Local\{1CD312BA-C7BC-4034-A124-E4837BAACE14}
[2012.03.31 15:17:09 | 000,000,000 | ---D | C] -- C:\Users\Spliff Richard\Desktop\kims handy pics
[2012.03.29 22:04:34 | 000,000,000 | ---D | C] -- C:\Users\Spliff Richard\Desktop\Band 03
[2012.03.26 23:33:22 | 000,000,000 | ---D | C] -- C:\Users\Spliff Richard\Desktop\Band 02
[2012.03.24 02:16:44 | 000,000,000 | ---D | C] -- C:\Users\Spliff Richard\Desktop\Band 01
[2012.03.23 00:00:05 | 000,000,000 | ---D | C] -- C:\Users\Spliff Richard\AppData\Local\{CA493D59-500D-4BDB-A223-CFC6DA5B87C1}
[2012.03.22 23:26:45 | 000,000,000 | ---D | C] -- C:\Users\Spliff Richard\AppData\Local\{7E76AD93-C438-40C1-B7B1-592C2847290A}
[2012.03.21 16:10:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012.03.21 16:07:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012.03.21 15:57:43 | 000,000,000 | ---D | C] -- C:\Users\Spliff Richard\AppData\Local\2K Games
[2012.03.21 15:55:48 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2012.03.21 15:55:48 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2012.03.21 15:55:48 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2012.03.21 15:55:47 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2012.03.21 15:55:46 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2012.03.21 15:55:46 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2012.03.21 15:55:46 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2012.03.21 15:55:45 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2012.03.21 15:55:45 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2012.03.21 15:55:45 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2012.03.21 15:55:44 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2012.03.21 15:55:44 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2012.03.21 15:55:44 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2012.03.21 15:55:44 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2012.03.21 15:55:44 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2012.03.21 15:55:43 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2012.03.21 15:55:43 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2012.03.21 15:55:43 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2012.03.21 15:55:43 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2012.03.21 15:55:43 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2012.03.21 15:55:43 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2012.03.21 15:55:43 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2012.03.21 15:55:42 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2012.03.21 15:55:42 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2012.03.21 15:55:42 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2012.03.21 15:55:42 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2012.03.21 15:55:42 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2012.03.21 15:55:41 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2012.03.21 15:55:41 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2012.03.21 15:55:40 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2012.03.21 15:55:40 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2012.03.21 15:55:40 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2012.03.21 15:55:39 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2012.03.21 15:55:39 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2012.03.21 15:55:39 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2012.03.21 15:55:39 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2012.03.21 15:55:39 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2012.03.21 15:55:39 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2012.03.21 15:55:39 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2012.03.21 15:55:38 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_43.dll
[2012.03.21 15:55:38 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_2.dll
[2012.03.21 15:55:38 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2012.03.21 15:55:38 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2012.03.21 15:55:37 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_42.dll
[2012.03.21 15:55:36 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_41.dll
[2012.03.21 15:55:35 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_40.dll
[2012.03.21 15:55:35 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_39.dll
[2012.03.21 15:55:34 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_38.dll
[2012.03.21 15:55:33 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_37.dll
[2012.03.21 15:55:32 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2012.03.21 15:55:31 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2012.03.21 15:55:30 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2012.03.21 15:55:29 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2012.03.21 15:55:27 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2012.03.21 15:55:27 | 000,722,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vb40032.dll
[2012.03.21 15:55:27 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012.03.21 15:55:27 | 000,237,568 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Windows\SysWow64\ssleay32.dll
[2012.03.21 15:55:26 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2012.03.21 15:55:26 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2012.03.21 15:55:26 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\openal32.dll
[2012.03.21 15:55:25 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2012.03.21 15:55:25 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvci70.dll
[2012.03.21 15:55:23 | 000,799,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdia100.dll
[2012.03.21 15:55:23 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71ITA.dll
[2012.03.21 15:55:23 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71KOR.dll
[2012.03.21 15:55:23 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71JPN.dll
[2012.03.21 15:55:21 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71DEU.dll
[2012.03.21 15:55:21 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71FRA.dll
[2012.03.21 15:55:21 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71ESP.dll
[2012.03.21 15:55:21 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71ENU.dll
[2012.03.21 15:55:21 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71CHT.dll
[2012.03.21 15:55:21 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71CHS.dll
[2012.03.21 15:55:18 | 001,017,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70u.dll
[2012.03.21 15:55:18 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70ITA.dll
[2012.03.21 15:55:18 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70KOR.dll
[2012.03.21 15:55:18 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70JPN.dll
[2012.03.21 15:55:17 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70FRA.dll
[2012.03.21 15:55:17 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70ESP.dll
[2012.03.21 15:55:17 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70DEU.dll
[2012.03.21 15:55:17 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70ENU.dll
[2012.03.21 15:55:17 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70CHT.dll
[2012.03.21 15:55:16 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2012.03.21 15:55:16 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70CHS.dll
[2012.03.21 15:55:15 | 001,024,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70.dll
[2012.03.21 15:55:14 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2012.03.21 15:55:13 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2012.03.21 15:55:13 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2012.03.21 15:55:12 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2012.03.21 15:55:12 | 000,237,568 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Windows\SysWow64\libssl32.dll
[2012.03.21 15:55:12 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2012.03.21 15:55:10 | 002,887,680 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\libmmd.dll
[2012.03.21 15:55:10 | 000,101,888 | ---- | C] (GNU <www.gnu.org>) -- C:\Windows\SysWow64\libintl3.dll
[2012.03.21 15:55:09 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2012.03.21 15:55:08 | 000,898,048 | ---- | C] (GNU <www.gnu.org>) -- C:\Windows\SysWow64\libiconv2.dll
[2012.03.21 15:55:07 | 001,100,288 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll
[2012.03.21 15:55:07 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2012.03.21 15:55:04 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2012.03.21 15:55:00 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2012.03.21 15:55:00 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2012.03.21 15:54:59 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2012.03.21 15:54:58 | 002,666,500 | ---- | C] (Red Hat) -- C:\Windows\SysWow64\cygwin1.dll
[2012.03.21 15:54:57 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2012.03.21 15:54:56 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2012.03.21 15:54:56 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2012.03.21 15:54:56 | 000,398,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\vbrun300.dll
[2012.03.21 15:54:56 | 000,356,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\vbrun200.dll
[2012.03.21 15:54:56 | 000,131,072 | ---- | C] (Sereby Corporation) -- C:\Windows\SysWow64\AiORuntimes.dll
[2012.03.21 15:54:56 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\atl70.dll
[2012.03.21 15:54:55 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2012.03.21 15:54:54 | 000,935,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\vb40016.dll
[2012.03.21 15:54:53 | 000,032,768 | ---- | C] (Adobe Systems, Inc.) -- C:\Windows\System\plugin.dll
[2012.03.21 15:54:51 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2012.03.21 15:54:51 | 000,221,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tabctl32.ocx
[2012.03.21 15:54:51 | 000,218,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\richtx32.ocx
[2012.03.21 15:54:51 | 000,080,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sysinfo.ocx
[2012.03.21 15:54:50 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2012.03.21 15:54:50 | 000,178,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmask32.ocx
[2012.03.21 15:54:50 | 000,129,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msstdfmt.dll
[2012.03.21 15:54:50 | 000,126,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mswinsck.ocx
[2012.03.21 15:54:50 | 000,107,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msstkprp.dll
[2012.03.21 15:54:50 | 000,100,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\picclp32.ocx
[2012.03.21 15:54:49 | 000,443,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MShflxgd.ocx
[2012.03.21 15:54:49 | 000,136,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msinet.ocx
[2012.03.21 15:54:48 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2012.03.21 15:54:48 | 000,258,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msflxgrd.ocx
[2012.03.21 15:54:48 | 000,252,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdatlst.ocx
[2012.03.21 15:54:46 | 000,278,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdatgrd.ocx
[2012.03.21 15:54:44 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2012.03.21 15:54:44 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2012.03.21 15:54:44 | 001,069,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscomctl.ocx
[2012.03.21 15:54:44 | 001,066,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscomctl32.ocx
[2012.03.21 15:54:44 | 000,119,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscomm32.ocx
[2012.03.21 15:54:43 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2012.03.21 15:54:43 | 000,659,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscomct2.ocx
[2012.03.21 15:54:43 | 000,215,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mci32.ocx
[2012.03.21 15:54:42 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2012.03.21 15:54:42 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcompiler_36.dll
[2012.03.21 15:54:42 | 000,614,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comctl32.ocx
[2012.03.21 15:54:42 | 000,222,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dblist32.ocx
[2012.03.21 15:54:42 | 000,155,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comdlg32.ocx
[2012.03.21 15:54:41 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcompiler_35.dll
[2012.03.21 15:54:41 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcompiler_34.dll
[2012.03.21 15:54:41 | 000,415,552 | ---- | C] (Microsoft Corporation ) -- C:\Windows\SysWow64\comct332.ocx
[2012.03.21 15:54:41 | 000,170,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comct232.ocx
[2012.03.21 15:54:39 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcompiler_33.dll
[2012.03.21 15:54:39 | 000,317,320 | ---- | C] (AutoIt Team) -- C:\Windows\SysWow64\AutoItX3.dll
[2012.03.21 15:48:42 | 000,000,000 | ---D | C] -- C:\AiO-Files
[2012.03.21 15:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
[2012.03.21 15:05:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2K Games
[2012.03.21 14:52:51 | 000,000,000 | ---D | C] -- C:\Users\Spliff Richard\Desktop\Mafia.II.Ultimate.Edition.GERMAN-ZKY
[2012.03.21 13:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012.03.21 13:15:40 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.03.21 13:15:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012.03.21 13:14:03 | 000,000,000 | ---D | C] -- C:\Users\Spliff Richard\AppData\Roaming\DAEMON Tools Lite
[2012.03.21 13:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012.03.18 21:56:23 | 000,000,000 | ---D | C] -- C:\Users\Spliff Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uncompressor
[2012.03.18 21:56:22 | 000,000,000 | ---D | C] -- C:\Users\Spliff Richard\Uncompressor
[2012.03.17 17:17:04 | 000,000,000 | ---D | C] -- C:\Users\Spliff Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SyncroSoft Emu
[2012.03.17 17:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SyncroSoft Emu
[2012.03.17 17:14:44 | 000,021,888 | ---- | C] (Syncrosoft GmbH) -- C:\Windows\SysWow64\drivers\synUSB64.sys
[2012.03.17 17:14:40 | 000,045,056 | ---- | C] (Syncrosoft Hard- und Software GmbH) -- C:\Windows\SysWow64\Synsopos.exe
[2012.03.17 17:14:38 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.000
[2012.03.17 17:14:32 | 000,147,456 | ---- | C] (Syncrosoft Hard- und Software GmbH) -- C:\Windows\SysWow64\SynsoLChk.dll
[2012.03.17 17:14:30 | 000,700,416 | ---- | C] (Syncrosoft Hard- und Software GmbH) -- C:\Windows\SysWow64\SYNSOACC.dll
[2012.03.17 17:14:30 | 000,017,784 | ---- | C] (Syncrosoft Hard- und Software GmbH) -- C:\Windows\SysWow64\drivers\NSynas32.sys
[2012.03.17 17:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Syncrosoft
[2012.03.17 17:14:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Syncrosoft
[2012.03.15 23:55:33 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.03.15 23:55:31 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.03.15 23:55:29 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.03.14 17:04:26 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.03.14 17:03:59 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.03.14 17:03:58 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.03.14 17:03:58 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.03.14 17:03:42 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.03.14 17:03:42 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012.03.12 17:53:36 | 000,000,000 | ---D | C] -- C:\Users\Spliff Richard\AppData\Roaming\Vugyyxe
[2012.03.12 17:53:36 | 000,000,000 | ---D | C] -- C:\Users\Spliff Richard\AppData\Roaming\Vanu
[2012.03.11 17:48:24 | 000,000,000 | ---D | C] -- C:\Users\Spliff Richard\AppData\Local\{05C6AA34-C316-431E-84DF-2DDEA963E6B1}
[2012.03.11 17:42:06 | 000,000,000 | ---D | C] -- C:\Users\Spliff Richard\AppData\Local\{3747E101-C032-4860-B195-F819F21FE717}
[2012.03.11 17:16:11 | 000,000,000 | ---D | C] -- C:\Users\Spliff Richard\AppData\Local\{A63C3F59-F27C-4E22-BC78-81C4E8F0E25C}
[2012.03.11 17:16:10 | 000,000,000 | ---D | C] -- C:\Users\Spliff Richard\AppData\Local\{F5CA6D1D-057F-4789-8CEF-C1E8FF6A31E9}
[2012.03.11 17:15:59 | 000,000,000 | ---D | C] -- C:\Users\Spliff Richard\AppData\Roaming\Windows Live Writer
[2012.03.11 17:15:59 | 000,000,000 | ---D | C] -- C:\Users\Spliff Richard\AppData\Local\Windows Live Writer
[2012.03.11 17:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\StarMoney 8.0
[2012.03.11 17:00:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 8.0
[2012.03.11 16:55:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Business Objects
[2012.03.11 16:54:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\StarFinanz
[2012.03.11 16:54:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarMoney 8.0
[2012.03.11 02:37:45 | 000,000,000 | ---D | C] -- C:\Users\Spliff Richard\Desktop\Wolf Serno - Die Liebe des Wanderchirurgen
[2012.03.11 01:15:12 | 000,000,000 | ---D | C] -- C:\Users\Spliff Richard\AppData\Roaming\vlc
[2012.03.10 18:21:57 | 000,000,000 | ---D | C] -- C:\Users\Spliff Richard\Desktop\theme
[2012.03.10 18:10:24 | 000,000,000 | ---D | C] -- C:\Users\Spliff Richard\Desktop\JustMusic
[2012.03.10 18:06:34 | 000,000,000 | ---D | C] -- C:\Users\Spliff Richard\AppData\Roaming\WinRAR
[2012.03.10 18:06:33 | 000,000,000 | ---D | C] -- C:\Users\Spliff Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.03.10 18:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.03.10 18:06:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2012.03.10 17:58:30 | 000,000,000 | ---D | C] -- C:\Users\Spliff Richard\AppData\Roaming\foobar2000
[2012.03.10 17:58:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\foobar2000
[2012.03.10 17:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.03.10 17:54:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012.03.10 17:32:51 | 000,000,000 | ---D | C] -- C:\Users\Spliff Richard\Desktop\download
[2012.03.10 17:29:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2012.03.10 17:29:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
[2012.03.10 17:28:48 | 000,000,000 | ---D | C] -- C:\Users\Spliff Richard\AppData\Local\Babylon
[2012.03.10 17:28:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.03.10 17:28:39 | 000,000,000 | ---D | C] -- C:\Users\Spliff Richard\AppData\Roaming\Babylon
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.31 22:16:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.31 22:16:28 | 1392,693,248 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.31 22:02:25 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.31 21:46:20 | 000,000,168 | ---- | M] () -- C:\Users\Spliff Richard\defogger_reenable
[2012.03.31 21:45:23 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.31 21:45:23 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.31 21:45:23 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.31 21:45:23 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.31 21:45:23 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.31 15:48:24 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.31 15:48:24 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.31 15:40:15 | 224,105,309 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.03.23 00:01:57 | 001,484,591 | ---- | M] () -- C:\Users\Spliff Richard\Desktop\neu.jpg
[2012.03.21 15:57:31 | 000,011,445 | ---- | M] () -- C:\Windows\unins001.dat
[2012.03.21 15:56:48 | 000,010,752 | ---- | M] () -- C:\Windows\unins002.dat
[2012.03.21 15:55:02 | 000,007,767 | ---- | M] () -- C:\Windows\unins000.dat
[2012.03.21 15:54:30 | 001,199,175 | ---- | M] () -- C:\Windows\unins001.exe
[2012.03.21 15:54:28 | 001,179,595 | ---- | M] () -- C:\Windows\unins002.exe
[2012.03.21 15:54:27 | 000,709,719 | ---- | M] () -- C:\Windows\unins000.exe
[2012.03.21 15:40:28 | 000,001,217 | ---- | M] () -- C:\Users\Public\Desktop\Mafia II.lnk
[2012.03.21 13:18:15 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.03.21 13:15:40 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.03.19 19:50:44 | 000,047,172 | ---- | M] () -- C:\Users\Spliff Richard\Desktop\Magen-Darm-Trakt.jpg
[2012.03.18 21:56:23 | 000,000,914 | ---- | M] () -- C:\Users\Spliff Richard\Desktop\Uncompressor.lnk
[2012.03.18 03:48:42 | 000,309,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.11 17:00:31 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\StarMoney 8.0.lnk
[2012.03.10 18:06:33 | 000,001,017 | ---- | M] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2012.03.10 17:58:21 | 000,001,039 | ---- | M] () -- C:\Users\Public\Desktop\foobar2000.lnk
[2012.03.10 17:55:24 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.03.10 17:31:15 | 000,002,045 | ---- | M] () -- C:\Users\Spliff Richard\Desktop\JDownloader.lnk
[2012.03.10 17:29:10 | 000,000,237 | ---- | M] () -- C:\user.js
[2012.03.09 12:34:55 | 000,025,854 | ---- | M] () -- C:\Users\Spliff Richard\Desktop\teilnehmende Beobachhtung Hausarbeit.odt
 
========== Files Created - No Company Name ==========
 
[2012.03.31 22:02:25 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.31 21:46:19 | 000,000,168 | ---- | C] () -- C:\Users\Spliff Richard\defogger_reenable
[2012.03.23 00:01:46 | 001,484,591 | ---- | C] () -- C:\Users\Spliff Richard\Desktop\neu.jpg
[2012.03.21 15:55:28 | 000,100,352 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2012.03.21 15:55:12 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\libpng13.dll
[2012.03.21 15:54:55 | 000,271,264 | ---- | C] () -- C:\Windows\System\vbrun100.dll
[2012.03.21 15:54:53 | 000,210,944 | ---- | C] () -- C:\Windows\System\msvcrt10.dll
[2012.03.21 15:54:38 | 001,179,595 | ---- | C] () -- C:\Windows\unins002.exe
[2012.03.21 15:54:38 | 000,010,752 | ---- | C] () -- C:\Windows\unins002.dat
[2012.03.21 15:54:37 | 001,199,175 | ---- | C] () -- C:\Windows\unins001.exe
[2012.03.21 15:54:37 | 000,011,445 | ---- | C] () -- C:\Windows\unins001.dat
[2012.03.21 15:54:35 | 000,709,719 | ---- | C] () -- C:\Windows\unins000.exe
[2012.03.21 15:54:35 | 000,007,767 | ---- | C] () -- C:\Windows\unins000.dat
[2012.03.21 15:40:28 | 000,001,217 | ---- | C] () -- C:\Users\Public\Desktop\Mafia II.lnk
[2012.03.21 13:18:15 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.03.19 19:50:30 | 000,047,172 | ---- | C] () -- C:\Users\Spliff Richard\Desktop\Magen-Darm-Trakt.jpg
[2012.03.18 21:56:23 | 000,000,914 | ---- | C] () -- C:\Users\Spliff Richard\Desktop\Uncompressor.lnk
[2012.03.17 17:14:46 | 000,147,425 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC-Aide.chm
[2012.03.17 17:14:45 | 000,120,468 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC-Hilfe.chm
[2012.03.17 17:14:45 | 000,114,279 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC-Help.chm
[2012.03.11 17:00:30 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\StarMoney 8.0.lnk
[2012.03.10 18:06:33 | 000,001,017 | ---- | C] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2012.03.10 17:58:21 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
[2012.03.10 17:58:21 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\foobar2000.lnk
[2012.03.10 17:55:24 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.03.10 17:31:15 | 000,002,045 | ---- | C] () -- C:\Users\Spliff Richard\Desktop\JDownloader.lnk
[2012.03.10 17:31:08 | 000,002,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012.03.10 17:31:08 | 000,001,953 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2012.03.10 17:31:08 | 000,001,932 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.03.10 17:29:04 | 000,000,237 | ---- | C] () -- C:\user.js
[2012.03.09 12:34:52 | 000,025,854 | ---- | C] () -- C:\Users\Spliff Richard\Desktop\teilnehmende Beobachhtung Hausarbeit.odt
[2011.07.01 20:25:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.05.12 13:29:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.03.25 07:39:29 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.03.25 07:07:56 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:4D066AD2

< End of report >

ich habe auch Malwarebytes durchgeführt, allerdings war die datenbank 98 tage alt, weil ich keine netzwerkverbindung im abgesicherten modus habe. habe eine datei entfernen lassen. logs sind im anhang.
vielen dank für eure hilfe
knizzle

Alt 31.03.2012, 22:36   #2
knizzle707
 
bka trojaner 100euro forderung - Standard

bka trojaner 100euro forderung


Aktualisierung:
Habe einige Dateien mit unbekannt als ursprung im autostart deaktiviert. windows lässt sich starten.
bitte gebt mir anweisungen, wie ich weiter vorgehen soll.
habe bisher (dumm, ich weiß!) keine recovery cd gebrannt, kann ich das jetz noch machen?
formatieren wär zwar nicht toll, aber zumindest wäre es dann wieder eine option, oder?
Danke für die Hilfe.
knizzle
__________________
Alt 01.04.2012, 17:21   #3
markusg
/// Malware-holic
 
bka trojaner 100euro forderung - Standard

bka trojaner 100euro forderung


hi
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
__________________
Alt 02.04.2012, 22:45   #4
knizzle707
 
bka trojaner 100euro forderung - Standard

bka trojaner 100euro forderung


Hallo,
vielen Dank für die Antwort,
habe combofix ohne Probleme durchführen können.
Neuestes Malwarebytes log und combofixlog sind im Anhang.
gruß
knizzle

Alt 03.04.2012, 08:27   #5
markusg
/// Malware-holic
 
bka trojaner 100euro forderung - Standard

bka trojaner 100euro forderung


hatte ich irgendwas von Malwarebytes geschrieben, kann davon hier nichts lesen.
nutzt du den pc für onlinebanking einkäufe, sonstige zahlungsabwicklungen, oder ähnlich wichtiges, wie berufliches?

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.04.2012, 08:39   #6
knizzle707
 
bka trojaner 100euro forderung - Standard

bka trojaner 100euro forderung


malwarebytes hab ich standardmäßig laufen lassen. bevor du mir geantwortet hast.
nutze den pc für onlinebanking und ab und zu auch für interneteinkäufe. z.zt. natürlich nicht, also seit ich den virus bemerkt habe.

Alt 03.04.2012, 10:19   #7
markusg
/// Malware-holic
 
bka trojaner 100euro forderung - Standard

bka trojaner 100euro forderung


bitte die bank anrufen, onlinebanking wegen spyeye sperren lassen.
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:2. Formatieren, Windows neuinstallieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu bka trojaner 100euro forderung
adobe, alternate, antivir, avg, avgnt, avira, babylon toolbar, babylontoolbar, bingbar, converter, dateien gelöscht, defender, desktop, entfernen, euro, firefox, format, helper, home, installation, logfile, mozilla, mp3, msvcrt, plug-in, pmmupdate.exe, realtek, registry, searchscopes, software, starmoney, svchost.exe, symantec, system, trojaner, version., version=1.0, windows, windows 7 home, windows 7 home premium


« 50 Euro-Trojaner hat zugeschlagen, Windows XP | TR/Crypt.ZPACK.Gen8/Nichts geht mehr!!! Bitte helfen, DANKE!! »


Ähnliche Themen: bka trojaner 100euro forderung


  1. "BKA"-Trojaner sperrt PC und fordert auf, 100Euro zu überweisen
    Plagegeister aller Art und deren Bekämpfung - 21.03.2013 (7)
  2. (2x) Hijacking Problem-GVU Trojaner fordert 100 €-Ukash Forderung-Rechner blockiert
    Mülltonne - 23.09.2012 (1)
  3. Windows blockiert / Ukash-Forderung
    Plagegeister aller Art und deren Bekämpfung - 21.09.2012 (15)
  4. Polizei Trojaner 100euro Ukash
    Log-Analyse und Auswertung - 19.09.2012 (3)
  5. Windows Sicherheitsupdate Trojaner, 100Euro
    Plagegeister aller Art und deren Bekämpfung - 24.07.2012 (14)
  6. Neuer GVU Trojaner ähnlich wie der v2.04 nur mit 100euro und Video
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (3)
  7. ebenfalls Verschlüsselungstrojaner (200 € Ukash Forderung)
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (3)
  8. BKA-Trojaner (100Euro Virus)
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (1)
  9. Windows Security Center,Trojaner, 100Euro Strafe zum Entsperren
    Log-Analyse und Auswertung - 16.04.2012 (6)
  10. Windows Security Center,Trojaner, 100Euro Strafe zum Entsperren
    Plagegeister aller Art und deren Bekämpfung - 11.04.2012 (9)
  11. Polizei Trojaner 100Euro Paysafe
    Log-Analyse und Auswertung - 22.03.2012 (1)
  12. BKA-Trojaner eingefangen mit Geld Forderung auf WindowsXP
    Plagegeister aller Art und deren Bekämpfung - 29.02.2012 (35)
  13. 100Euro Trojaner - Windows Security Center
    Plagegeister aller Art und deren Bekämpfung - 16.02.2012 (20)
  14. Windows aus Sicherheitsgründen gesperrt / 50€ Forderung
    Log-Analyse und Auswertung - 13.02.2012 (11)
  15. Trojaner: 100Euro Windows Fake Security Drohung
    Log-Analyse und Auswertung - 05.02.2012 (15)
  16. Staatspolizei Trojaner 100euro Strafe Nichts Funktioniert mehr ....
    Log-Analyse und Auswertung - 27.01.2012 (13)
  17. 50€ Forderung bei Windows-Start
    Log-Analyse und Auswertung - 29.12.2011 (24)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema bka trojaner 100euro forderung - hallo, habe seit ein paar stunden den bka trojaner. windows wird beim anmelden gesperrt. habe gestern einige verdächtige dateien gelöscht (z.b. mehrfach agodsi.exe), die von antivir identifiziert wurden. daher vermute - bka trojaner 100euro forderung...
Archiv
Du betrachtest: bka trojaner 100euro forderung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54