| |
| |||||||
Log-Analyse und Auswertung: ATRAPS.GenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
06.07.2012, 22:48
| #1 |
| |  ATRAPS.Gen Hallo gestern bekam ich einen Avira Virenbefund. ATRAPS.Gen OTL logfile created on: 06.07.2012 23:27:28 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\xx\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,90 Gb Total Physical Memory | 4,44 Gb Available Physical Memory | 56,18% Memory free 15,79 Gb Paging File | 11,39 Gb Available in Paging File | 72,09% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,14 Gb Total Space | 50,46 Gb Free Space | 42,35% Space Free | Partition Type: NTFS Drive E: | 156,25 Gb Total Space | 156,14 Gb Free Space | 99,93% Space Free | Partition Type: NTFS Drive F: | 63,23 Gb Total Space | 9,78 Gb Free Space | 15,46% Space Free | Partition Type: NTFS Drive G: | 24,41 Gb Total Space | 0,86 Gb Free Space | 3,52% Space Free | Partition Type: NTFS Drive H: | 203,40 Gb Total Space | 4,95 Gb Free Space | 2,43% Space Free | Partition Type: NTFS Computer Name: xx-PC | User Name: xx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\xx\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\xx\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd) PRC - C:\Users\xx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () PRC - C:\Program Files (x86)\Diablo III\Diablo III.exe (Blizzard Entertainment) PRC - C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe (Blizzard Entertainment) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\xx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - G:\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.71\deploy\LoLLauncher.exe () PRC - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\URE\bin\uno.exe () PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe () PRC - C:\Programme\Lucidlogix Technologies\VIRTU MVP\Ekag20nt.exe (Software Security System) PRC - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - G:\League of Legends\RADS\system\rads_user_kernel.exe () PRC - C:\Program Files (x86)\ASRock Utility\InstantBoot\InstantBoot.exe (ASRock) PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) PRC - G:\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.158\deploy\LolClient.exe (Adobe Systems Inc.) PRC - C:\Windows\SysWOW64\WerFault.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) ========== Modules (No Company Name) ========== MOD - C:\Users\xx\AppData\Roaming\Spotify\Data\libcef.dll () MOD - C:\Users\xx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () MOD - C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\axvlc.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\33e53ffe7ba7362a2d483ef4ea79bfe3\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - G:\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.71\deploy\LoLLauncher.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\acc563eb665e430df4375afb9697a5d9\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () MOD - G:\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.158\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\URE\bin\uno.exe () MOD - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe () MOD - C:\Windows\SysWOW64\kdbsdk32.dll () MOD - G:\League of Legends\RADS\system\rads_user_kernel.exe () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\zlib1.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (pcapsvc) -- C:\Programme\Proxy Labs\ProxyCap\pcapsvc.exe (Proxy Labs) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (Intel(R) ME Service) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe () SRV - (Intel(R) Capability Licensing Service Interface) Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (cphs) Intel(R) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (CGVPNCliSrvc) -- C:\Programme\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH) SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (ISCT) Intel(R) -- C:\Windows\SysNative\drivers\ISCTD64.sys () DRV:64bit: - (imsevent) -- C:\Windows\SysNative\drivers\imsevent.sys () DRV:64bit: - (ikbevent) -- C:\Windows\SysNative\drivers\ikbevent.sys () DRV:64bit: - (VirtuWDDM) -- C:\Windows\SysNative\drivers\VirtuWDDM.sys (Lucidlogix Inc.) DRV:64bit: - (iusb3xhc) Intel(R) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) Intel(R) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) Intel(R) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (AsrAppCharger) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH) DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin) DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (cmuda3) -- C:\Windows\SysNative\drivers\cmudax3.sys (C-Media Inc) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2270337284-1638154354-2979852828-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2270337284-1638154354-2979852828-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-2270337284-1638154354-2979852828-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 61 E7 54 FD AB 54 CD 01 [binary data] IE - HKU\S-1-5-21-2270337284-1638154354-2979852828-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2270337284-1638154354-2979852828-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2270337284-1638154354-2979852828-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..network.proxy.autoconfig_url: "hxxp://cruzzzer.pochta.ru/proxy.pac" FF - prefs.js..network.proxy.http: "hxxp://cruzzzer.pochta.ru/proxy.pac" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.type: 2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 01:14:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 01:14:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.11 00:01:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xx\AppData\Roaming\mozilla\Extensions [2012.07.04 16:49:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xx\AppData\Roaming\mozilla\Firefox\Profiles\rg29tsml.default\extensions [2012.05.28 18:56:46 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\xx\AppData\Roaming\mozilla\Firefox\Profiles\rg29tsml.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2012.05.11 04:32:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.30 20:25:07 | 000,150,579 | ---- | M] () (No name found) -- C:\USERS\xx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RG29TSML.DEFAULT\EXTENSIONS\{1F91CDE0-C040-11DA-A94D-0800200C9A66}.XPI [2012.05.05 15:17:26 | 000,363,041 | ---- | M] () (No name found) -- C:\USERS\xx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RG29TSML.DEFAULT\EXTENSIONS\CLIENT@ANONYMOX.NET.XPI [2012.05.17 16:49:21 | 001,335,949 | ---- | M] () (No name found) -- C:\USERS\xx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RG29TSML.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI [2012.06.17 01:14:55 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.06.14 14:24:17 | 000,001,328 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 192.150.18.108 O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [CmPCIaudio] C:\Windows\Syswow64\cmicnfg3.cpl (C-Media Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [ProxyCap] C:\Programme\Proxy Labs\ProxyCap\pcapui.exe (Proxy Labs) O4:64bit: - HKLM..\Run: [VIRTU_MVP_AUTORUN] C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe () O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2270337284-1638154354-2979852828-1000..\Run: [ASRockXTU] File not found O4 - HKU\S-1-5-21-2270337284-1638154354-2979852828-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-2270337284-1638154354-2979852828-1000..\Run: [Spotify Web Helper] C:\Users\xx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKU\S-1-5-21-2270337284-1638154354-2979852828-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKU\S-1-5-21-2270337284-1638154354-2979852828-1000..\Run: [zASRockInstantBoot] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\xx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\xx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\pcapwsp.dll (Proxy Labs) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - ppcapwsp.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - ppcapwsp.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - ppcapwsp.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - ppcapwsp.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - ppcapwsp.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWow64\pcapwsp.dll (Proxy Labs) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - pcapwsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - pcapwsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - pcapwsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - pcapwsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - pcapwsp.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7669F586-0319-4FE8-81B7-432B00587FE4}: NameServer = 213.191.92.84 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0F24C94-B622-4D4E-95AF-77D392F0EDDD}: DhcpNameServer = 10.129.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1D332AC-6488-4CB3-A5F9-337D0A5C384B}: DhcpNameServer = 192.168.2.1 O20:64bit: - AppInit_DLLs: (C:\Windows\system32\appinit_dll.dll) - C:\Windows\SysNative\appinit_dll.dll (Lucidlogix Inc.) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\appinit_dll.dll) - C:\Windows\SysWOW64\appinit_dll.dll (Lucidlogix Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{6455f20f-9b07-11e1-a53f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6455f20f-9b07-11e1-a53f-806e6f6e6963}\Shell\AutoRun\command - "" = D:\ASRSetup.exe O33 - MountPoints2\{7344fa70-9dd6-11e1-8dcc-a9870066f845}\Shell - "" = AutoRun O33 - MountPoints2\{7344fa70-9dd6-11e1-8dcc-a9870066f845}\Shell\AutoRun\command - "" = J:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.07.06 16:04:24 | 000,000,000 | ---D | C] -- C:\Users\xx\AppData\Roaming\OpenOffice.org [2012.07.06 16:04:17 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4 [2012.07.06 16:04:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3 [2012.07.06 16:03:48 | 000,000,000 | ---D | C] -- C:\Users\xx\Desktop\OpenOffice.org 3.4 (de) Installation Files [2012.07.06 03:00:24 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe [2012.07.06 01:29:53 | 000,000,000 | ---D | C] -- C:\Users\xx\AppData\Roaming\vlc [2012.07.06 01:29:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.07.06 01:29:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2012.06.29 20:31:05 | 000,000,000 | ---D | C] -- C:\Users\xx\Documents\Digibib4 [2012.06.29 20:31:03 | 000,000,000 | ---D | C] -- C:\Users\xx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digitale Bibliothek 5 [2012.06.29 20:31:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digitale Bibliothek 5 [2012.06.29 20:31:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Digitale Bibliothek 5 [2012.06.29 20:15:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader [2012.06.25 20:32:34 | 006,103,040 | ---- | C] (C-Media Corporation) -- C:\Windows\SysWow64\cmicnfg3.cpl [2012.06.25 20:32:34 | 006,098,944 | ---- | C] (C-Media Corporation) -- C:\Windows\System\cmicnfg3.cpl [2012.06.25 20:32:34 | 000,917,504 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\SysWow64\cmids3d3.dll [2012.06.25 20:32:34 | 000,917,504 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\System\cmids3d3.dll [2012.06.25 20:32:34 | 000,828,416 | ---- | C] (C-Media Inc) -- C:\Windows\SysNative\drivers\cmudax3.sys [2012.06.25 20:32:34 | 000,712,704 | ---- | C] (Sensaura Ltd) -- C:\Windows\SysNative\Audio3D3.dll [2012.06.25 20:32:34 | 000,712,704 | ---- | C] (Sensaura Ltd) -- C:\Windows\SysNative\a3d.dll [2012.06.25 20:32:34 | 000,032,768 | ---- | C] (C-Media Corporation) -- C:\Windows\SysNative\udaProp3.dll [2012.06.25 20:32:27 | 000,036,864 | ---- | C] (C-Media Electronics Ins.) -- C:\Windows\SysNative\cmudax3.dll [2012.06.22 01:53:28 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.22 01:53:28 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.22 01:53:28 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.22 01:53:27 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.22 01:53:27 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.22 01:53:27 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.22 01:53:26 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.22 01:53:26 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012.06.17 15:43:07 | 000,000,000 | ---D | C] -- C:\Users\xx\AppData\Local\Spotify [2012.06.17 15:43:06 | 000,000,000 | ---D | C] -- C:\Users\xx\AppData\Roaming\Spotify [2012.06.14 20:42:36 | 000,029,696 | ---- | C] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys [2012.06.14 20:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost VPN [2012.06.14 20:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\CyberGhost VPN [2012.06.14 20:20:59 | 000,000,000 | ---D | C] -- C:\Users\xx\AppData\Local\Your Freedom [2012.06.14 20:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\Proxy Labs [2012.06.14 20:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Freedom [2012.06.14 20:13:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Your Freedom [2012.06.14 03:00:28 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.06.14 03:00:28 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.06.14 03:00:27 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.06.14 03:00:27 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.06.14 03:00:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.06.14 03:00:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.06.14 03:00:27 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.06.14 03:00:27 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.06.14 03:00:26 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.06.14 03:00:26 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.06.14 03:00:26 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.06.14 03:00:26 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.06.14 03:00:26 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.06.13 19:33:36 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.06.13 19:33:36 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.06.13 19:33:36 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.06.13 19:33:34 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.06.13 19:33:34 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.06.13 19:33:34 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.06.13 19:33:33 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012.06.13 19:33:32 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.06.13 19:33:32 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.06 16:20:19 | 000,151,679 | ---- | M] () -- C:\Users\xx\Desktop\yc.png [2012.07.06 16:04:17 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk [2012.07.06 14:36:57 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.06 14:36:57 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.06 14:35:42 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.06 14:35:42 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.06 14:35:42 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.06 14:35:42 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.06 14:35:42 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.06 14:29:49 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2012.07.06 14:29:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.06 14:29:41 | 2065,215,487 | -HS- | M] () -- C:\hiberfil.sys [2012.07.06 01:29:48 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.07.05 14:14:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2012.07.02 00:16:48 | 000,247,984 | ---- | M] () -- C:\Users\xx\Desktop\voodoo.png [2012.06.29 20:16:02 | 000,002,041 | ---- | M] () -- C:\Users\xx\Desktop\JDownloader.lnk [2012.06.25 20:32:49 | 000,000,138 | ---- | M] () -- C:\Windows\System\Dlap.pfx [2012.06.25 20:32:26 | 000,000,501 | ---- | M] () -- C:\Windows\Cmicnfg3.ini.imi [2012.06.25 20:32:26 | 000,000,501 | ---- | M] () -- C:\Windows\System\Cmicnfg3.ini [2012.06.24 14:10:40 | 000,001,777 | ---- | M] () -- C:\Users\xx\Desktop\Spotify.lnk [2012.06.20 13:35:32 | 000,224,665 | ---- | M] () -- C:\Users\xx\Desktop\nähähähähähähähä.png [2012.06.14 20:46:11 | 000,000,629 | ---- | M] () -- C:\Users\xx\Desktop\lol.launcher.admin.exe - Verknüpfung.lnk [2012.06.14 20:42:36 | 000,000,864 | ---- | M] () -- C:\Users\Public\Desktop\CyberGhost VPN.lnk [2012.06.14 20:13:25 | 000,001,032 | ---- | M] () -- C:\Users\Public\Desktop\Your Freedom.lnk [2012.06.14 15:55:24 | 004,950,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.14 14:24:17 | 000,001,328 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.06.13 21:41:14 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.06.07 20:02:25 | 000,000,132 | ---- | M] () -- C:\Users\xx\AppData\Roaming\Adobe PNG Format CS5 Prefs [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.06 16:20:19 | 000,151,679 | ---- | C] () -- C:\Users\xx\Desktop\yc.png [2012.07.06 16:04:17 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk [2012.07.06 01:29:48 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.07.02 00:16:48 | 000,247,984 | ---- | C] () -- C:\Users\xx\Desktop\voodoo.png [2012.07.01 01:26:37 | 000,022,016 | ---- | C] () -- C:\Users\xx\AppData\Local\{2b651a26-9a5f-e49b-37c4-a432a1d21a19}\U\800000cb.@ [2012.07.01 01:26:36 | 000,016,896 | ---- | C] () -- C:\Users\xx\AppData\Local\{2b651a26-9a5f-e49b-37c4-a432a1d21a19}\U\80000000.@ [2012.06.30 19:11:34 | 000,001,696 | ---- | C] () -- C:\Users\xx\AppData\Local\{2b651a26-9a5f-e49b-37c4-a432a1d21a19}\U\00000001.@ [2012.06.29 20:16:02 | 000,002,041 | ---- | C] () -- C:\Users\xx\Desktop\JDownloader.lnk [2012.06.29 20:16:01 | 000,002,005 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2012.06.29 20:16:01 | 000,001,949 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2012.06.29 20:16:01 | 000,001,928 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2012.06.25 20:32:49 | 000,659,456 | R--- | C] () -- C:\Windows\SysNative\Cmeaupci.exe [2012.06.25 20:32:49 | 000,000,138 | ---- | C] () -- C:\Windows\System\Dlap.pfx [2012.06.25 20:32:34 | 000,488,448 | ---- | C] () -- C:\Windows\SysNative\cmrmdrv3.exe [2012.06.25 20:32:34 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\VMix.dll [2012.06.25 20:32:34 | 000,065,536 | ---- | C] () -- C:\Windows\System\VMix.dll [2012.06.25 20:32:34 | 000,049,152 | ---- | C] () -- C:\Windows\SysNative\cmrmdrv3.dll [2012.06.24 14:10:40 | 000,001,777 | ---- | C] () -- C:\Users\xx\Desktop\Spotify.lnk [2012.06.24 14:10:40 | 000,001,763 | ---- | C] () -- C:\Users\xx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk [2012.06.20 13:35:32 | 000,224,665 | ---- | C] () -- C:\Users\xx\Desktop\nähähähähähähähä.png [2012.06.17 15:26:31 | 000,065,536 | R--- | C] () -- C:\Windows\SysNative\CmiInstallResAll.dll [2012.06.17 15:26:31 | 000,000,501 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi [2012.06.14 20:46:13 | 000,000,629 | ---- | C] () -- C:\Users\xx\Desktop\lol.launcher.admin.exe - Verknüpfung.lnk [2012.06.14 20:42:36 | 000,000,864 | ---- | C] () -- C:\Users\Public\Desktop\CyberGhost VPN.lnk [2012.06.14 20:14:18 | 000,002,601 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProxyCap.lnk [2012.06.14 20:13:25 | 000,001,032 | ---- | C] () -- C:\Users\Public\Desktop\Your Freedom.lnk [2012.06.13 21:41:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.05.18 23:24:03 | 000,014,051 | R--- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2012.05.12 02:11:27 | 000,001,044 | ---- | C] () -- C:\Users\xx\Videos - Verknüpfung.lnk [2012.05.12 01:24:51 | 000,002,048 | -HS- | C] () -- C:\Users\xx\AppData\Local\{2b651a26-9a5f-e49b-37c4-a432a1d21a19}\@ [2012.05.11 04:24:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.05.11 04:23:06 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.05.11 04:23:06 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.05.11 04:23:06 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.05.11 04:03:07 | 000,000,003 | ---- | C] () -- C:\Users\xx\AppData\Local\user_data.ini [2012.05.11 03:57:32 | 012,978,688 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll [2012.05.11 03:57:32 | 000,734,772 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.05.11 03:57:32 | 000,557,476 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.05.11 03:57:32 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.05.11 01:44:12 | 000,000,132 | ---- | C] () -- C:\Users\xx\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012.05.11 00:26:00 | 000,000,727 | R--- | C] () -- C:\Windows\cmudax3.ini [2012.04.08 01:26:42 | 000,315,392 | ---- | C] ( ) -- C:\Windows\SysWow64\sbcrreag.dll [2012.02.14 22:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2012.01.31 06:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll ========== Custom Scans ========== < MD5 for: EXPLORER.EXE > [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: LSASS.EXE > [2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe [2011.11.17 08:20:34 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0A10B74FBB437FF9A23F1D5DE4446A83 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe [2011.11.17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\SysNative\lsass.exe [2011.11.17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe < MD5 for: SVCHOST.EXE > [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe [2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe < MD5 for: USERINIT.EXE > [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*.exe /s > [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\xx\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012.05.04 20:41:38 | 000,872,104 | ---- | M] (Dropbox, Inc.) -- C:\Users\xx\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe [2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\xx\AppData\Roaming\Dropbox\bin\Uninstall.exe [2012.05.11 00:11:21 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\xx\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2012.05.22 16:28:45 | 000,119,808 | R--- | M] () -- C:\Users\xx\AppData\Roaming\Microsoft\Installer\{7D6DDE45-FE2F-4D11-A7E7-BC2C2910536C}\icons.exe [2011.10.28 16:34:06 | 000,018,488 | ---- | M] (Hewlett-Packard Company) -- C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\rg29tsml.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\Setup.exe [2012.06.28 23:46:05 | 007,609,560 | ---- | M] (Spotify Ltd) -- C:\Users\xx\AppData\Roaming\Spotify\spotify.exe [2012.06.28 23:46:05 | 000,114,392 | ---- | M] () -- C:\Users\xx\AppData\Roaming\Spotify\SpotifyLauncher.exe [2012.06.28 23:46:05 | 001,192,664 | ---- | M] () -- C:\Users\xx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe < %APPDATA%\Adobe\Update\*.* > < %APPDATA%\Update\*.* > < %APPDATA%\Microsoft\*.* > [2012.05.18 23:24:24 | 000,001,686 | -HS- | M] () -- C:\Users\xx\AppData\Roaming\Microsoft\LastFlashConfig.wfc < %ALLUSERSPROFILE%\Favorites\*.* > < %ALLUSERSPROFILE%\*.* > [2012.05.11 04:19:10 | 000,262,144 | ---- | M] () -- C:\ProgramData\NTUser.dat [2012.05.11 04:19:10 | 000,005,120 | -HS- | M] () -- C:\ProgramData\NTUser.dat.LOG1 [2012.05.11 04:19:10 | 000,000,000 | -HS- | M] () -- C:\ProgramData\NTUser.dat.LOG2 [2012.05.11 04:19:10 | 000,065,536 | -HS- | M] () -- C:\ProgramData\NTUser.dat{6d1912e2-9b0f-11e1-8240-d31ccc465b33}.TM.blf [2012.05.11 04:19:10 | 000,524,288 | -HS- | M] () -- C:\ProgramData\NTUser.dat{6d1912e2-9b0f-11e1-8240-d31ccc465b33}.TMContainer00000000000000000001.regtrans-ms [2012.05.11 04:19:10 | 000,524,288 | -HS- | M] () -- C:\ProgramData\NTUser.dat{6d1912e2-9b0f-11e1-8240-d31ccc465b33}.TMContainer00000000000000000002.regtrans-ms [2012.05.11 04:19:10 | 000,065,536 | -HS- | M] () -- C:\ProgramData\NTUser.dat{6d1912ed-9b0f-11e1-8240-d31ccc465b33}.TM.blf [2012.05.11 04:19:10 | 000,524,288 | -HS- | M] () -- C:\ProgramData\NTUser.dat{6d1912ed-9b0f-11e1-8240-d31ccc465b33}.TMContainer00000000000000000001.regtrans-ms [2012.05.11 04:19:10 | 000,524,288 | -HS- | M] () -- C:\ProgramData\NTUser.dat{6d1912ed-9b0f-11e1-8240-d31ccc465b33}.TMContainer00000000000000000002.regtrans-ms < %SYSTEMDRIVE%\*.* > [2012.07.06 14:29:41 | 2065,215,487 | -HS- | M] () -- C:\hiberfil.sys [2012.05.11 04:02:25 | 000,000,836 | ---- | M] () -- C:\lucid.log [2012.07.06 14:29:41 | 4185,280,511 | -HS- | M] () -- C:\pagefile.sys < %PROGRAMFILES%\*.* > [2009.07.14 06:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini < %PROGRAMFILES%\Internet Explorer\*.* > [2012.05.17 17:24:41 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ExtExport.exe [2012.05.17 17:24:41 | 000,002,535 | ---- | M] () -- C:\Program Files (x86)\Internet Explorer\ie9props.propdesc [2012.05.17 17:24:41 | 000,107,008 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iecleanup.exe [2012.05.17 17:24:41 | 000,307,200 | ---- | M] () -- C:\Program Files (x86)\Internet Explorer\iediagcmd.exe [2012.05.18 00:38:09 | 000,678,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iedvtool.dll [2012.05.17 17:24:41 | 000,466,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieinstal.exe [2012.05.17 17:24:41 | 000,222,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ielowutil.exe [2012.05.18 00:31:56 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll [2012.05.18 00:31:17 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\IEShims.dll [2012.05.18 01:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012.05.18 00:37:25 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll [2012.05.17 17:24:41 | 000,104,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll [2012.05.17 17:24:41 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\JSProfilerCore.dll [2012.05.17 17:24:41 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsprofilerui.dll [2009.06.10 23:14:14 | 000,265,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\msdbg2.dll [2012.05.17 17:24:41 | 000,301,056 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\networkinspection.dll [2009.06.10 23:14:15 | 000,355,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\pdm.dll [2012.05.18 01:21:54 | 000,140,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\sqmapi.dll < %USERPROFILE%\*.* > [2012.05.11 04:01:37 | 000,000,000 | ---- | M] () -- C:\Users\xx\agent.log [2012.07.06 23:30:40 | 001,572,864 | -HS- | M] () -- C:\Users\xx\ntuser.dat [2012.07.06 23:30:40 | 000,262,144 | -HS- | M] () -- C:\Users\xx\ntuser.dat.LOG1 [2012.05.11 03:48:46 | 000,000,000 | -HS- | M] () -- C:\Users\xx\ntuser.dat.LOG2 [2012.05.11 03:53:47 | 000,065,536 | -HS- | M] () -- C:\Users\xx\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.05.11 03:53:47 | 000,524,288 | -HS- | M] () -- C:\Users\xx\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.05.11 03:53:47 | 000,524,288 | -HS- | M] () -- C:\Users\xx\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.05.29 17:12:45 | 000,065,536 | -HS- | M] () -- C:\Users\xx\ntuser.dat{51d3eae8-a986-11e1-9314-bcdddb654546}.TM.blf [2012.05.29 17:12:45 | 000,524,288 | -HS- | M] () -- C:\Users\xx\ntuser.dat{51d3eae8-a986-11e1-9314-bcdddb654546}.TMContainer00000000000000000001.regtrans-ms [2012.05.29 17:12:45 | 000,524,288 | -HS- | M] () -- C:\Users\xx\ntuser.dat{51d3eae8-a986-11e1-9314-bcdddb654546}.TMContainer00000000000000000002.regtrans-ms [2012.05.13 13:35:26 | 000,065,536 | -HS- | M] () -- C:\Users\xx\ntuser.dat{948ad226-9cef-11e1-aced-ca4c975c9445}.TM.blf [2012.05.13 13:35:26 | 000,524,288 | -HS- | M] () -- C:\Users\xx\ntuser.dat{948ad226-9cef-11e1-aced-ca4c975c9445}.TMContainer00000000000000000001.regtrans-ms [2012.05.13 13:35:26 | 000,524,288 | -HS- | M] () -- C:\Users\xx\ntuser.dat{948ad226-9cef-11e1-aced-ca4c975c9445}.TMContainer00000000000000000002.regtrans-ms [2012.06.03 16:38:07 | 000,065,536 | -HS- | M] () -- C:\Users\xx\ntuser.dat{bfb47b8a-ad76-11e1-8c17-b3ce04d37446}.TM.blf [2012.06.03 16:38:07 | 000,524,288 | -HS- | M] () -- C:\Users\xx\ntuser.dat{bfb47b8a-ad76-11e1-8c17-b3ce04d37446}.TMContainer00000000000000000001.regtrans-ms [2012.06.03 16:38:07 | 000,524,288 | -HS- | M] () -- C:\Users\xx\ntuser.dat{bfb47b8a-ad76-11e1-8c17-b3ce04d37446}.TMContainer00000000000000000002.regtrans-ms [2012.07.05 03:04:41 | 000,065,536 | -HS- | M] () -- C:\Users\xx\ntuser.dat{d1e72f87-bbfb-11e1-9856-000fc9221310}.TM.blf [2012.07.05 03:04:41 | 000,524,288 | -HS- | M] () -- C:\Users\xx\ntuser.dat{d1e72f87-bbfb-11e1-9856-000fc9221310}.TMContainer00000000000000000001.regtrans-ms [2012.06.22 04:25:42 | 000,524,288 | -HS- | M] () -- C:\Users\xx\ntuser.dat{d1e72f87-bbfb-11e1-9856-000fc9221310}.TMContainer00000000000000000002.regtrans-ms [2012.05.11 03:48:46 | 000,000,020 | -HS- | M] () -- C:\Users\xx\ntuser.ini [2012.05.12 02:11:27 | 000,001,044 | ---- | M] () -- C:\Users\xx\Videos - Verknüpfung.lnk < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\*.exe /90 > [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll [2012.05.18 00:48:40 | 009,737,728 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll [2012.05.17 17:24:41 | 000,420,864 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\vbscript.dll [2010.11.21 05:25:10 | 011,410,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\wmp.dll < %systemroot%\system32\*.dll /90 > [2012.05.17 17:24:41 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\admparse.dll [2012.04.24 06:36:42 | 001,158,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\crypt32.dll [2012.04.24 06:36:42 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptnet.dll [2012.04.24 06:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptsvc.dll [2012.05.17 17:24:41 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtmsft.dll [2012.05.17 17:24:41 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtrans.dll [2012.05.17 17:24:41 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\icardie.dll [2012.05.17 17:24:41 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\IEAdvpack.dll [2012.05.17 17:24:41 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieakeng.dll [2012.05.17 17:24:41 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieaksie.dll [2012.05.17 17:24:41 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieakui.dll [2012.05.17 17:24:41 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieapfltr.dll [2012.05.17 17:24:41 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iedkcs32.dll [2012.05.18 00:48:40 | 009,737,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieframe.dll [2012.05.17 17:24:41 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iepeers.dll [2012.05.17 17:24:41 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iernonce.dll [2012.05.18 00:27:18 | 001,793,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iertutil.dll [2012.05.17 17:24:41 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesetup.dll [2012.05.17 17:24:41 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesysprep.dll [2012.05.18 00:20:42 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieui.dll [2012.05.17 17:24:41 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imgutil.dll [2012.05.17 17:24:41 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\inseng.dll [2012.05.18 00:29:30 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript.dll [2012.05.18 00:45:37 | 001,800,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript9.dll [2012.05.18 00:31:16 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jsproxy.dll [2012.05.17 17:24:41 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\licmgr10.dll [2012.05.17 17:24:41 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeeds.dll [2012.05.17 17:24:41 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeedsbs.dll [2012.05.18 01:11:00 | 012,314,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll [2012.05.18 00:25:17 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmled.dll [2012.05.17 17:24:41 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmler.dll [2012.05.17 17:24:41 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msls31.dll [2012.05.17 17:24:41 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msrating.dll [2012.05.17 17:24:41 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\occache.dll [2012.04.08 01:28:40 | 000,536,576 | ---- | M] (Proxy Labs) -- C:\Windows\system32\pcapwsp.dll [2012.05.17 17:24:41 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\pngfilt.dll [2012.04.08 01:26:42 | 000,315,392 | ---- | M] ( ) -- C:\Windows\system32\sbcrreag.dll [2012.05.18 00:33:08 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\url.dll [2012.05.18 00:36:06 | 001,103,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\urlmon.dll [2012.05.17 17:24:41 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vbscript.dll [2012.05.17 17:24:41 | 000,203,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\webcheck.dll [2012.05.18 00:35:47 | 001,129,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wininet.dll < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\drivers\*.sys /90 > < %systemroot%\system32\*.exe /90 > [2012.05.12 10:25:57 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerApp.exe [2012.05.17 17:24:41 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ie4uinit.exe [2012.05.18 00:29:45 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieUnatt.exe [2012.05.17 17:24:41 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iexpress.exe [2012.05.11 00:02:36 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\java.exe [2012.05.11 00:02:36 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\javaw.exe [2012.05.17 17:24:41 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeedssync.exe [2012.05.17 17:24:41 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshta.exe [2012.05.04 12:03:53 | 003,968,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntkrnlpa.exe [2012.05.04 12:03:50 | 003,913,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntoskrnl.exe [2012.05.17 17:24:41 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\RegisterIEPKEYs.exe [2012.05.17 17:24:41 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\SetIEInstalledDate.exe [2012.05.17 17:24:41 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wextract.exe < %systemroot%\system32\config\*.sav > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\assembly\tmp\*.* /S /MD5 > < %systemroot%\assembly\GAC_32\*.* /S /MD5 > [2009.07.14 03:19:59 | 000,004,608 | ---- | M] () MD5=2CBEAFED3233C20DF11B88DF909CD74F -- C:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop\6.1.0.0__31bf3856ad364e35\AuditPolicyGPManagedStubs.Interop.dll [2010.11.21 05:25:07 | 000,238,080 | ---- | M] () MD5=D6D26A698BCCD17AB0761E6221C5F3C4 -- C:\Windows\assembly\GAC_32\BDATunePIA\6.1.0.0__31bf3856ad364e35\BDATunePIA.dll [2012.07.06 16:04:14 | 000,063,488 | ---- | M] () MD5=FE26A387EEC50587C64148F7BED6CA08 -- C:\Windows\assembly\GAC_32\cli_cppuhelper\1.0.22.0__ce2cb7e279207b9e\cli_cppuhelper.dll [2010.11.21 05:24:01 | 000,069,120 | ---- | M] () MD5=C80DA476BFBAD97D874A0EFE037D7113 -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll [2009.07.14 03:22:13 | 000,139,264 | ---- | M] () MD5=3723B29BBFE648380ED9B70B164E33A2 -- C:\Windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35\ehexthost32.exe [2009.07.13 23:04:37 | 000,002,274 | ---- | M] () MD5=C343B566A3B8DA7743C30796BE0A54D7 -- C:\Windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35\ehexthost32.exe.config [2010.11.21 05:24:26 | 000,072,192 | ---- | M] () MD5=D58D4E4AA8D6146D838BE02500F50B27 -- C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll [2010.11.21 05:25:07 | 000,134,656 | ---- | M] () MD5=7D8676EC6A6ABCF57E1F6CA5372E56EE -- C:\Windows\assembly\GAC_32\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll [2011.04.12 09:43:22 | 000,090,112 | ---- | M] () MD5=3994CBC9EC487E167992FC1D169A32AC -- C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_de_31bf3856ad364e35\Microsoft.GroupPolicy.AdmTmplEditor.Resources.dll [2010.11.21 05:25:06 | 000,189,952 | ---- | M] () MD5=38D88B9F15909C5EB12543B9ADD60665 -- C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\6.1.0.0__31bf3856ad364e35\Microsoft.GroupPolicy.AdmTmplEditor.dll [2010.11.21 05:25:06 | 000,145,920 | ---- | M] () MD5=7473DCFFD01F73BA2B2621555B02E09A -- C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.Interop\2.0.0.0__31bf3856ad364e35\Microsoft.GroupPolicy.Interop.dll [2009.07.14 03:24:14 | 000,507,904 | ---- | M] () MD5=269691AFEE6C44C52CDCA23C24BDBB0C -- C:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Microsoft.Ink.dll [2009.07.14 03:24:28 | 000,077,824 | ---- | M] () MD5=BB2BB7BFE455562249E922A7AA4493A5 -- C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.dll [2009.07.14 03:23:55 | 000,008,192 | ---- | M] () MD5=79D7E7A3CB56C91FE9030C5EFE2DC13C -- C:\Windows\assembly\GAC_32\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.Security.Appl icationId.PolicyManagement.PolicyEngineApi.Interop.dll [2010.11.21 05:25:11 | 000,163,840 | ---- | M] () MD5=059B857CCA35C20F06B5DEBD51C4FB38 -- C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll [2009.07.14 03:26:31 | 000,008,192 | ---- | M] () MD5=FA44A672F1C12791984D9ECAB7DC3177 -- C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll [2009.06.10 23:14:52 | 000,087,888 | ---- | M] () MD5=2E5F1CF69F92392F8829FC9C9263AE9B -- C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe [2009.06.10 23:14:53 | 000,001,581 | ---- | M] () MD5=1EA3E30080C0E256C2EF0C621E91C345 -- C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\msbuild.exe.config [2009.06.10 23:22:47 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp [2009.06.10 23:22:47 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp [2009.06.10 23:22:58 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp [2012.01.04 04:50:59 | 004,550,656 | ---- | M] () MD5=C850A6041F5AEDE21C53514BBE9AB09D -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll [2009.06.10 23:23:13 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp [2009.06.10 23:23:13 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp [2009.06.10 23:23:13 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp [2009.06.10 23:23:13 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp [2009.06.10 23:23:13 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp [2009.06.10 23:23:14 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp [2009.06.10 23:23:14 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp [2009.06.10 23:23:17 | 000,262,148 | ---- | M] () Unable to obtain MD5 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp [2009.06.10 23:23:17 | 000,020,320 | ---- | M] () Unable to obtain MD5 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp [2009.06.10 23:23:23 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp [2010.11.21 05:24:32 | 000,046,080 | ---- | M] () MD5=93C4029DABC19166076BE347283AB969 -- C:\Windows\assembly\GAC_32\napcrypt\6.1.0.0__31bf3856ad364e35\NAPCRYPT.DLL [2010.11.21 05:23:48 | 000,107,008 | ---- | M] () MD5=E9CFC1884D1E579E82073103827FA62B -- C:\Windows\assembly\GAC_32\naphlpr\6.1.0.0__31bf3856ad364e35\NAPHLPR.DLL [2012.07.06 16:04:15 | 000,000,382 | ---- | M] () MD5=5B5249684E45C53333ACB2703BC03AB3 -- C:\Windows\assembly\GAC_32\policy.1.0.cli_cppuhelper\22.0.0.0__ce2cb7e279207b9e\cli_cppuhelper.config [2012.07.06 16:04:15 | 000,003,072 | ---- | M] () MD5=85BA2360F678A7FFAABC1ED8C195E451 -- C:\Windows\assembly\GAC_32\policy.1.0.cli_cppuhelper\22.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_cppuhelper.dll [2009.07.14 00:04:07 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Ink.config [2009.07.14 03:25:25 | 000,005,632 | ---- | M] () MD5=608232474C33C71F863B0866E5165C1C -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Ink.dll [2009.06.10 23:32:22 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config [2009.07.14 03:26:15 | 000,005,632 | ---- | M] () MD5=2641880E8C12BEE37DDC2813908A2A0F -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.0.Microsoft.Interop.Security.AzRole s.dll [2009.06.10 23:32:22 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRole s.config [2009.07.14 03:23:30 | 000,005,632 | ---- | M] () MD5=D6C077082EAA747911C212A9EB64A813 -- C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRole s.dll [2009.07.14 00:04:07 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.7.Microsoft.Ink.config [2009.07.14 03:22:54 | 000,005,632 | ---- | M] () MD5=331021DA8B00A9ADCDD54B5782943204 -- C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.7.Microsoft.Ink.dll [2009.07.14 00:04:08 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_32\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.config [2009.07.14 03:23:04 | 000,005,632 | ---- | M] () MD5=B3DB67C90DBBB75BFE110A86E951C2EC -- C:\Windows\assembly\GAC_32\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.dll [2012.02.11 01:31:40 | 004,218,880 | ---- | M] () MD5=AEDDFD540E3E6BECDB14C30D1F12B78A -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll [2009.06.10 23:14:51 | 000,000,161 | ---- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe.config [2012.02.11 01:31:42 | 001,737,496 | ---- | M] () MD5=DDFBFD8959F32AC0CF3947F36BAC3081 -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll [2010.11.21 05:24:15 | 000,486,400 | ---- | M] () MD5=ED40D020A6A82748394F1653CE324CE4 -- C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll [2010.11.21 05:24:08 | 002,927,616 | ---- | M] () MD5=35CAB7CF3754C41AEB69DCE1D5ACA5A4 -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll [2010.11.21 05:24:07 | 000,258,048 | ---- | M] () MD5=6DB969DF540BC71722848940D180AC08 -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll [2010.11.21 05:24:07 | 000,113,664 | ---- | M] () MD5=C865DC05ADE0B41A9E14DD585E0CDF94 -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll [2012.02.11 01:31:41 | 000,372,736 | ---- | M] () MD5=A151947AD131A883870A6174CACF423B -- C:\Windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () MD5=5F3F1BF5F5B43293953FC915845910C4 -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll [2011.12.25 22:42:15 | 005,255,168 | ---- | M] () MD5=7D2B8E2CE3EF2DC633689F1E1F4A7504 -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll < %systemroot%\assembly\GAC_64\*.* /S /MD5 > [2009.07.14 03:46:07 | 000,004,608 | ---- | M] () MD5=72A9C3F3B78CA92C93E78A46B3D73A7B -- C:\Windows\assembly\GAC_64\AuditPolicyGPManagedStubs.Interop\6.1.0.0__31bf3856ad364e35\AuditPolicyGPManagedStubs.Interop.dll [2010.11.21 05:24:42 | 000,249,344 | ---- | M] () MD5=0EB9F2F8649FC0DE0DB55AFF18093E1C -- C:\Windows\assembly\GAC_64\BDATunePIA\6.1.0.0__31bf3856ad364e35\BDATunePIA.dll [2010.11.21 05:23:56 | 000,080,896 | ---- | M] () MD5=28D0AAEB2F5D05629B287E3534FCAFB3 -- C:\Windows\assembly\GAC_64\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll [2010.11.21 05:24:22 | 000,089,600 | ---- | M] () MD5=8658D501224F8EAA18BCF8104F07AA29 -- C:\Windows\assembly\GAC_64\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll [2010.11.21 05:24:42 | 000,139,264 | ---- | M] () MD5=D32088C67317F5B64C13352E6EB5FFB1 -- C:\Windows\assembly\GAC_64\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll [2010.11.21 05:24:42 | 000,198,656 | ---- | M] () MD5=073C37CEFEB4D5CD86646171C5D999F2 -- C:\Windows\assembly\GAC_64\mcupdate\6.1.0.0__31bf3856ad364e35\mcupdate.exe [2010.11.21 05:24:42 | 000,133,120 | ---- | M] () MD5=948ECE6043513473FF26B6A43DCD67C8 -- C:\Windows\assembly\GAC_64\Mcx2Dvcs\6.1.0.0__31bf3856ad364e35\Mcx2Dvcs.dll [2011.04.12 09:43:22 | 000,090,112 | ---- | M] () MD5=4BB5C3949D6BFBD257B78AD5F35AB91A -- C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_de_31bf3856ad364e35\Microsoft.GroupPolicy.AdmTmplEditor.Resources.dll [2010.11.21 05:24:41 | 000,196,096 | ---- | M] () MD5=6E1F814CEEFC54E14DDBA66415823CFE -- C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\6.1.0.0__31bf3856ad364e35\Microsoft.GroupPolicy.AdmTmplEditor.dll [2010.11.21 05:24:41 | 000,151,040 | ---- | M] () MD5=63A87E4AEF8F906BABEF2612C2A00586 -- C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.Interop\2.0.0.0__31bf3856ad364e35\Microsoft.GroupPolicy.Interop.dll [2009.07.14 03:51:37 | 000,507,904 | ---- | M] () MD5=80BC35C4CA953CCACFECEE0EDBA14F5A -- C:\Windows\assembly\GAC_64\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Microsoft.Ink.dll [2009.07.14 03:51:13 | 000,077,824 | ---- | M] () MD5=ADE7BDD9DFFFB5A965DF204114F36951 -- C:\Windows\assembly\GAC_64\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.dll [2011.08.17 07:28:23 | 000,315,392 | ---- | M] () MD5=063FDD306A93B988CBEC9C6987EB2960 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Interop.dll [2010.11.21 05:24:42 | 000,147,968 | ---- | M] () MD5=9453A71711D51C31DD607EC19CA604B0 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.iTV.Media\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.iTV.Media.dll [2010.11.21 05:24:42 | 000,056,320 | ---- | M] () MD5=6B365422C9E1417C9C99FD1234C42F48 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.Mheg\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Mheg.dll [2010.11.21 05:24:42 | 000,114,688 | ---- | M] () MD5=2920CBCE0700F34AC9E27423CBD87798 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.Playback\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Playback.dll [2010.11.21 05:24:42 | 000,327,168 | ---- | M] () MD5=2288CBDEBF5D78E0CB9158D251DE4016 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.TV.Tuners.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.TV.Tuners.Interop.dll [2009.07.14 03:48:19 | 000,008,192 | ---- | M] () MD5=0B61293239545BDB5CF2EF7208F225DA -- C:\Windows\assembly\GAC_64\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.Security.Appl icationId.PolicyManagement.PolicyEngineApi.Interop.dll [2010.11.21 05:24:53 | 000,163,840 | ---- | M] () MD5=DAC8353CA6D1919C7FF87C00672FBF2E -- C:\Windows\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll [2009.07.14 03:49:27 | 000,008,192 | ---- | M] () MD5=6790FBD2C832CBB26A694E1046F7F2BA -- C:\Windows\assembly\GAC_64\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll [2010.11.21 05:24:49 | 000,019,968 | ---- | M] () MD5=DBE659C5CE6689D009D9414CB27FD110 -- C:\Windows\assembly\GAC_64\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop\6.1.0.0__31bf3856ad364e35\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.dll [2010.11.21 05:24:59 | 000,083,792 | ---- | M] () MD5=15885A86E87CC4291EF628E4F8A9BD6D -- C:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe [2009.06.10 22:31:02 | 000,001,581 | ---- | M] () MD5=1EA3E30080C0E256C2EF0C621E91C345 -- C:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\msbuild.exe.config [2009.06.10 22:39:44 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp [2009.06.10 22:39:44 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp [2009.06.10 22:39:54 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp [2012.01.04 05:34:35 | 004,567,040 | ---- | M] () MD5=12E5EDB59F4FE680B7AD9ADC8E2C17D3 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll [2009.06.10 22:40:01 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp [2009.06.10 22:40:01 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp [2009.06.10 22:40:01 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp [2009.06.10 22:40:01 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp [2009.06.10 22:40:01 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp [2009.06.10 22:40:01 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp [2009.06.10 22:40:01 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp [2009.06.10 22:40:02 | 000,262,148 | ---- | M] () Unable to obtain MD5 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp [2009.06.10 22:40:02 | 000,020,320 | ---- | M] () Unable to obtain MD5 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp [2009.06.10 22:40:10 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp [2010.11.21 05:24:16 | 000,050,176 | ---- | M] () MD5=E0773633E4193B183FB396192581BD86 -- C:\Windows\assembly\GAC_64\napcrypt\6.1.0.0__31bf3856ad364e35\NAPCRYPT.DLL [2010.11.21 05:24:24 | 000,133,632 | ---- | M] () MD5=A302DA1404664CEF1D416ED4DE49EA2B -- C:\Windows\assembly\GAC_64\naphlpr\6.1.0.0__31bf3856ad364e35\NAPHLPR.DLL [2009.06.10 22:51:13 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_64\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config [2009.07.14 03:52:10 | 000,005,120 | ---- | M] () MD5=C3554C9F9650380CD6A292CD5E7F02C6 -- C:\Windows\assembly\GAC_64\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.0.Microsoft.Interop.Security.AzRole s.dll [2009.06.10 22:51:13 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_64\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRole s.config [2009.07.14 03:50:32 | 000,005,120 | ---- | M] () MD5=265830B968EC5512E923C5482A5F5EEB -- C:\Windows\assembly\GAC_64\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRole s.dll [2009.07.13 23:54:48 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_64\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.config [2009.07.14 03:50:49 | 000,005,120 | ---- | M] () MD5=6162FCE93CE4C29318C179E457CFE656 -- C:\Windows\assembly\GAC_64\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.dll [2012.02.11 01:29:43 | 003,998,208 | ---- | M] () MD5=C264145F107437CBD3B30303733AEE4F -- C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll [2009.06.10 22:30:59 | 000,000,161 | ---- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 -- C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe.config [2012.02.11 01:29:45 | 002,256,152 | ---- | M] () MD5=C8541AECCCA9260DE93C85F214110FA8 -- C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll [2010.11.21 05:24:09 | 000,502,272 | ---- | M] () MD5=2D8090F04B14059E23FE68F9FF3E318C -- C:\Windows\assembly\GAC_64\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll [2010.11.21 05:24:02 | 003,095,552 | ---- | M] () MD5=98D53BB2DB8E11762D30C3CF41FA140B -- C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll [2010.11.21 05:24:01 | 000,245,760 | ---- | M] () MD5=B395F8BE6E578FAB80A1D568911857D7 -- C:\Windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll [2010.11.21 05:24:01 | 000,133,120 | ---- | M] () MD5=D9C192B9CD25DC5C9C05DF98C945E3F1 -- C:\Windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll [2012.02.11 01:29:44 | 000,358,912 | ---- | M] () MD5=02DD476B37E663BBBB81C47F4AF45C78 -- C:\Windows\assembly\GAC_64\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll [2009.06.10 22:40:06 | 000,283,136 | ---- | M] () MD5=E4806AC8BE2D890193252D4BEE7EA95C -- C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll [2011.12.25 22:40:47 | 005,263,360 | ---- | M] () MD5=5566D4BABE2900CDB906F470F098188B -- C:\Windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll < HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections > "DefaultConnectionSettings" = [Binary data over 100 bytes] "SavedLegacySettings" = [Binary data over 100 bytes] < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > |
|
09.07.2012, 09:09
| #2 | |||
| /// Helfer-Team    | ATRAPS.Gen Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malware → von hier herunter
2. Hast Du OTL falsch installiert: OTL muss auf dem Desktop gespechert werden! Stell deine Browser so ein, dass er OTL auf dem Desktop speichern soll! also entfernen und erneut herunterladen: -> Lade OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Nach installation in der Log-Datei soll etwa so aussehen: Zitat:
Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
4. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
|
| Themen zu ATRAPS.Gen |
| 4d36e972-e325-11ce-bfc1-08002be10318, adobe, antivir, autorun, avira, battle.net, bho, cyberghost, desktop, firefox, flash player, format, installation, langs, league of legends, logfile, mozilla, object, plug-in, port, proxy, realtek, registry, rundll, safer networking, scan, searchscopes, security, software, spotify web helper, stick, svchost.exe, usb, usb 3.0, windows, wrapper |
Linear-Darstellung
