| |
| |||||||
Log-Analyse und Auswertung: GVU Trojaner mit 100€ Zahlungsaufforderung "Ihr computer ist aus einem oder mehreren der unten aufgeführten Gründe gesperrt."Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
30.08.2012, 20:10
| #1 |
| |  GVU Trojaner mit 100€ Zahlungsaufforderung "Ihr computer ist aus einem oder mehreren der unten aufgeführten Gründe gesperrt." habe ebenfalls das problem .. :-/ OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.08.2012 21:03:29 - Run 3 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Gast\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,58% Memory free 5,98 Gb Paging File | 4,77 Gb Available in Paging File | 79,73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 900,41 Gb Total Space | 706,04 Gb Free Space | 78,41% Space Free | Partition Type: NTFS Drive D: | 30,00 Gb Total Space | 22,02 Gb Free Space | 73,41% Space Free | Partition Type: NTFS Drive E: | 6,33 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive F: | 232,88 Gb Total Space | 198,50 Gb Free Space | 85,23% Space Free | Partition Type: NTFS Computer Name: SATURN-PC | User Name: saturn | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Users\Gast\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Programme\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\635b3aec298ad5e8c903b2323d79cc5a\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3748.36963__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3748.36959__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3748.36878__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3748.36942__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3748.36851__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3748.36900__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3748.36826__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3748.36892__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3748.36850__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3748.36850__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Dashboard\2.0.3748.36965__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3748.36877__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3748.36892__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3748.36883__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3748.36941__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3748.36907__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3748.36836__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3748.36886__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3748.36931__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3748.36891__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3748.36875__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3748.36843__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3748.36883__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3748.36855__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Runtime\2.0.3748.36965__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3748.36963__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3748.36957__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3748.36876__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3748.36871__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3748.36819__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3748.36816__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3748.36867__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3748.36907__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3748.36876__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3748.36941__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3748.36891__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3748.36847__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3748.36876__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3748.36929__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3748.36877__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3748.36936__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3748.36886__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3748.36884__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3748.36815__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3748.36923__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3748.36847__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3748.36818__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3748.36882__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3748.36818__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3748.36825__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3748.36817__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3748.36843__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3748.36836__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3748.36816__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3748.36929__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3748.36820__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3748.36817__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3748.36824__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3748.36822__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3748.36817__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3748.36825__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3748.36928__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3748.36822__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3748.36821__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3748.36819__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3748.36820__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3748.36936__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3748.36826__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3748.36821__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3748.36832__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3748.36917__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3748.36843__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3748.36923__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3748.36921__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3748.36824__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3748.36823__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3748.36825__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3748.36821__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3748.36822__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3748.36820__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3748.36830__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3748.36818__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3748.36819__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3748.36923__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3748.36842__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3748.36831__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3748.36849__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll () ========== Win32 Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Sony PC Companion) -- C:\Programme\Sony\Sony PC Companion\PCCService.exe (Avanquest Software) SRV - (cvhsvc) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) SRV - (sftvsa) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (cpuz132) -- C:\Users\saturn\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (s1018mdm) -- C:\Windows\System32\drivers\s1018mdm.sys (MCCI Corporation) DRV - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1018unic.sys (MCCI Corporation) DRV - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1018mgmt.sys (MCCI Corporation) DRV - (s1018obex) -- C:\Windows\System32\drivers\s1018obex.sys (MCCI Corporation) DRV - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\Windows\System32\drivers\s1018bus.sys (MCCI Corporation) DRV - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1018nd5.sys (MCCI Corporation) DRV - (s1018mdfl) -- C:\Windows\System32\drivers\s1018mdfl.sys (MCCI Corporation) DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation) DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation) DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation) DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation) DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation) DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation) DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation) DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation) DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation) DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation) DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation) DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation) DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation) DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation) DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.) DRV - (pepifilter) -- C:\Windows\System32\drivers\lv302af.sys (Logitech Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = StartPins IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=b21b691e0000000000006c626d568a37&tlver=1.4.19.19&ss=1&affID=17395 IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1465593394-840541334-2811811331-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKU\S-1-5-21-1465593394-840541334-2811811331-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.medion.com [binary data] IE - HKU\S-1-5-21-1465593394-840541334-2811811331-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-1465593394-840541334-2811811331-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-1465593394-840541334-2811811331-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.medion.com [binary data] IE - HKU\S-1-5-21-1465593394-840541334-2811811331-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://vshare.toolbarhome.com/?hp=df IE - HKU\S-1-5-21-1465593394-840541334-2811811331-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1465593394-840541334-2811811331-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1465593394-840541334-2811811331-501\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKU\S-1-5-21-1465593394-840541334-2811811331-501\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.medion.com [binary data] IE - HKU\S-1-5-21-1465593394-840541334-2811811331-501\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-1465593394-840541334-2811811331-501\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.medion.com [binary data] IE - HKU\S-1-5-21-1465593394-840541334-2811811331-501\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Suche IE - HKU\S-1-5-21-1465593394-840541334-2811811331-501\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1465593394-840541334-2811811331-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://startsear.ch/?hp=df" FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "chrome://browser-region/locale/region.properties" FF - prefs.js..browser.startup.homepage: "resource:/browserconfig.properties" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files\Sony\Media Go\npmediago.dll (Sony Creative Software Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\saturn\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\saturn\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\saturn\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\saturn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\PROGRA~1\MOZILL~1\plugins\NpFv522.dll (1 mal 1 Software GmbH) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.13 17:24:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.11 17:51:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.30 00:41:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.14 21:35:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.13 17:24:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\saturn\AppData\Roaming\15001.001 [2012.08.30 17:31:02 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.30 00:41:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.14 21:35:19 | 000,000,000 | ---D | M] [2011.10.21 20:13:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\saturn\AppData\Roaming\mozilla\Extensions [2012.08.21 23:35:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\saturn\AppData\Roaming\mozilla\Firefox\Profiles\o99hlbyo.default\extensions [2012.07.29 23:38:09 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\saturn\AppData\Roaming\mozilla\Firefox\Profiles\o99hlbyo.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.08.21 23:35:26 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\saturn\AppData\Roaming\mozilla\Firefox\Profiles\o99hlbyo.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.11.26 14:42:54 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\saturn\AppData\Roaming\mozilla\Firefox\Profiles\o99hlbyo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.04.12 19:40:17 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\saturn\AppData\Roaming\mozilla\Firefox\Profiles\o99hlbyo.default\extensions\bbrs_002@blabbers.com [2011.08.18 11:08:05 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\saturn\AppData\Roaming\mozilla\Firefox\Profiles\o99hlbyo.default\extensions\ffxtlbr@babylon.com [2012.03.27 20:26:54 | 000,000,000 | ---D | M] (vShare) -- C:\Users\saturn\AppData\Roaming\mozilla\Firefox\Profiles\o99hlbyo.default\extensions\vshare@toolbar [2012.03.28 17:36:16 | 000,002,404 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\askcom.xml [2011.07.23 23:14:05 | 000,002,023 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\badoo.xml [2010.11.29 23:06:08 | 000,001,832 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\bing.xml [2010.11.26 21:34:12 | 000,000,873 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\conduit.xml [2012.08.28 23:02:19 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-1.xml [2011.09.06 20:19:34 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-10.xml [2011.09.07 20:47:16 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-11.xml [2011.09.27 21:47:46 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-12.xml [2011.10.03 12:46:41 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-13.xml [2011.11.08 18:55:12 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-14.xml [2011.11.10 23:59:21 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-15.xml [2011.11.30 22:10:47 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-16.xml [2012.01.04 17:20:09 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-17.xml [2012.01.04 21:52:23 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-18.xml [2012.02.01 20:25:27 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-19.xml [2011.03.24 17:00:29 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-2.xml [2012.02.13 19:21:45 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-20.xml [2012.02.19 16:23:43 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-21.xml [2011.04.21 18:40:32 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-3.xml [2011.05.14 09:17:55 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-4.xml [2011.06.28 19:45:36 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-5.xml [2011.07.03 14:31:14 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-6.xml [2011.08.16 20:02:32 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-7.xml [2011.08.17 13:05:22 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-8.xml [2011.08.19 17:26:23 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-9.xml [2011.03.05 18:47:43 | 000,001,056 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin.xml [2011.10.21 20:11:20 | 000,002,516 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\SearchResults.xml [2012.01.07 18:51:20 | 000,000,792 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\startsear.xml [2010.11.13 20:18:18 | 000,003,915 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\sweetim.xml [2012.03.27 20:27:00 | 000,001,565 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\web-search.xml [2012.08.08 20:58:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.08.30 00:41:35 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2009.09.21 11:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv522.dll [2011.10.27 15:45:50 | 000,083,456 | ---- | M] (LiveVDO ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll [2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.03 15:28:38 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.08.30 00:41:35 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.21 20:11:20 | 000,002,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml [2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Search the web (Babylon) (Enabled) CHR - default_search_provider: search_url = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=b21b691e0000000000006c626d568a37&tlver=1.4.19.19&ss=1&affID=17395 CHR - default_search_provider: suggest_url = CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\saturn\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\saturn\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\saturn\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: LiveVDO plug-in (Enabled) = C:\Users\saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp\1.3_0\chvsharetvplg.dll CHR - plugin: LiveVDO plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Unity Player (Enabled) = C:\Users\saturn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Google Update (Enabled) = C:\Users\saturn\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Media Go Detector (Enabled) = c:\Program Files\Sony\Media Go\npmediago.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Browser Companion Helper = C:\Users\saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: General Crawler = C:\Users\saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpihmmhdcobmllpcnpfbhnipmhamldje\2.0_0\ CHR - Extension: LiveVDO plugin = C:\Users\saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp\1.3_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Programme\BrowserCompanion\jsloader.dll ( ) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Programme\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.) O2 - BHO: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found. O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Programme\BrowserCompanion\updatebhoWin32.dll ( ) O2 - BHO: (Help the General-Search Project) - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\Users\saturn\AppData\Roaming\MEDIAF~1\EXTENS~1\GENCRA~1.DLL () O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (StartSearchToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.) O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found O3 - HKU\S-1-5-21-1465593394-840541334-2811811331-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-1465593394-840541334-2811811331-1000\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found. O3 - HKU\S-1-5-21-1465593394-840541334-2811811331-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found O3 - HKU\S-1-5-21-1465593394-840541334-2811811331-501\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found. O3 - HKU\S-1-5-21-1465593394-840541334-2811811331-501\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-21-1465593394-840541334-2811811331-1000..\Run: [Badoo Desktop] C:\ProgramData\Badoo\Badoo Desktop\1.6.55.1183\Badoo.Desktop.exe (Badoo) O4 - HKU\S-1-5-21-1465593394-840541334-2811811331-1000..\Run: [Facebook Update] C:\Users\saturn\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-1465593394-840541334-2811811331-1000..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-1465593394-840541334-2811811331-1000..\Run: [Userinit] C:\Users\saturn\AppData\Roaming\appConf32.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\saturn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk = C:\Users\saturn\AppData\Roaming\BrowserCompanion\tcbhn.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-1465593394-840541334-2811811331-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: Free YouTube Download - C:\Users\saturn\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\saturn\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA324995-E6B1-43EE-83D6-9FB83E2B28FF}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.08.11 04:04:53 | 000,247,696 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - E:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2011.08.11 04:04:53 | 000,000,047 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{7dcb8fca-b755-11df-8a77-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{7dcb8fca-b755-11df-8a77-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2011.08.11 04:04:53 | 000,247,696 | R--- | M] (Konami Digital Entertainment Co., Ltd.) O33 - MountPoints2\{8764202b-f88c-11df-9981-6c626d568a37}\Shell - "" = AutoRun O33 - MountPoints2\{8764202b-f88c-11df-9981-6c626d568a37}\Shell\AutoRun\command - "" = H:\Startme.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe -- [2011.08.11 04:04:53 | 000,247,696 | R--- | M] (Konami Digital Entertainment Co., Ltd.) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.30 17:31:02 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Roaming\15001.001 [2012.08.30 17:30:57 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{0E613BF5-99C9-4D6E-A5C7-3C8A8B726A3D} [2012.08.30 01:00:16 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Roaming\UAs [2012.08.29 23:48:31 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Roaming\14001.018 [2012.08.29 23:48:10 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Roaming\xmldm [2012.08.29 23:48:10 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Roaming\kock [2012.08.29 17:46:10 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{45BB5B7B-E517-4DE1-B97C-2113FF6565FD} [2012.08.28 17:00:19 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{492AFC1D-F7EA-4C50-AD17-96FF644062A4} [2012.08.27 18:36:05 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{CA3BA918-9967-4BEB-AC71-4E551A916D6E} [2012.08.26 13:14:17 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{595F87C4-CE04-495F-A742-933539E126DD} [2012.08.25 12:54:04 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{10B71342-4939-43A0-B43A-A5DE9F83CB6A} [2012.08.24 16:24:36 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{CE456119-6ED6-40A8-B873-129C003FEC3D} [2012.08.23 17:58:18 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{47A621AC-9D43-4815-B1EA-AA7EAAE4F1D4} [2012.08.22 19:32:30 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{7B3EC23A-8DFC-4A4A-91E4-C50C08F4B53E} [2012.08.21 19:29:58 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{A6A5751B-EDD0-4473-99CA-0BCA1E49CC6F} [2012.08.20 19:12:22 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{FB55A9D2-4535-455C-8D6A-81BCE37E845A} [2012.08.19 23:12:06 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{772247CC-347D-4A4B-8C3D-F2F57351FC10} [2012.08.19 11:11:41 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{765B961C-8A74-46D1-AF32-49E2138CF330} [2012.08.18 15:01:16 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{8EB45775-62D9-4E3D-8536-B530E9D271A3} [2012.08.18 15:01:05 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{4E250644-FF84-4FC0-B140-6072D21D4EA8} [2012.08.17 19:16:56 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{6B20B3AD-F018-4910-84CA-2CE8308FF140} [2012.08.17 19:16:45 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{A50BC3C0-D090-4CA1-AE30-38897D6EB7D2} [2012.08.16 21:07:38 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{29C8D437-6D6C-41DB-A834-039FDD854B24} [2012.08.16 21:07:27 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{0EC0876F-DF9A-4FF0-951B-B9C18B42F89C} [2012.08.16 00:58:17 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.08.16 00:58:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.08.16 00:58:16 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.08.16 00:58:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.08.16 00:58:16 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.08.16 00:58:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.08.16 00:58:15 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.08.15 19:35:13 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll [2012.08.15 19:35:11 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.08.15 19:35:11 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll [2012.08.15 19:31:03 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{038C2AF4-8050-4912-9929-C48518C61082} [2012.08.15 19:30:52 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{27DDCD14-C4B8-4F94-B5EE-7F77778594C6} [2012.08.14 21:33:45 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{16A5F277-9259-4574-A3BD-2A10BA621E82} [2012.08.14 21:33:34 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{B142047A-458F-4F25-ADEA-0594D24DA7BC} [2012.08.13 19:50:15 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{F7B3D38D-B975-4419-87EE-91E7C04E08A8} [2012.08.13 19:50:04 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{CCE40081-5E7B-4CA2-9E82-E6C2B9F313C5} [2012.08.12 14:12:53 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{772246A7-022E-4A9F-9165-0AAE985FE8FF} [2012.08.12 14:12:42 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{9B454AB5-56E1-48C9-8949-197DA9A6B532} [2012.08.12 01:44:22 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{42997C90-7669-4C55-B7C4-B3710B595E6E} [2012.08.12 01:44:01 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{CE4C7301-81FF-45BD-BE9D-8C5D0085B081} [2012.08.11 13:43:44 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{0CEAC16A-9DA8-4AC6-8DE9-404C9DDEBED0} [2012.08.11 13:43:33 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{1C5B8746-3B61-4407-9249-E17F3B07DC64} [2012.08.10 18:50:36 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{5F40EABF-E76B-4C1A-8BF6-1CED8AA475C7} [2012.08.10 18:50:25 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{BAD4AA54-CBFB-418C-8957-258233097489} [2012.08.09 19:31:54 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{5B81B170-3930-4301-85F9-DE68E90CAAFD} [2012.08.09 19:31:43 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{E86DF26B-BADC-4DA2-8F76-1CC244D7D34C} [2012.08.08 18:15:54 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{2B7B849D-F92E-4ED8-B8B9-E5E56DCFEA4F} [2012.08.08 18:15:41 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{B3BEC570-DC82-442C-B5E1-145C20447BFE} [2012.08.07 21:04:33 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{79DC4DC9-E89C-4F3E-B583-ED99F440D1A7} [2012.08.07 21:04:22 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{97CA0DE8-91E7-48A0-89D3-D16D5642760B} [2012.08.06 12:48:31 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{A300A314-AD98-43CB-92AF-E1A4638D960A} [2012.08.06 12:48:20 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{BC4460E8-010B-4B14-9A90-DBC782BF4D40} [2012.08.06 12:05:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2012.08.05 13:54:40 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{9B45BE82-0D7C-4F4C-9499-8436EDD29066} [2012.08.05 13:54:29 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{B615AE2A-E68C-4624-9473-4F450A987889} [2012.08.05 02:25:51 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2012.08.05 02:25:51 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2012.08.04 22:44:24 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{2190359B-7AE7-4ABA-9201-0D55FEEEFAF7} [2012.08.04 22:44:13 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{4985FE69-424C-4812-916F-991004FBB926} [2012.08.03 12:09:23 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{EB127C51-FB0D-49B2-B712-F8A9615553B9} [2012.08.03 12:09:12 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{46E7C127-ECF3-4776-9992-2B2031CA3C4D} [2012.08.02 12:33:07 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{E6382E74-5F61-4DA7-A12C-8B74402B3755} [2012.08.02 12:32:45 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{E8646B3D-125D-49B3-946E-BF82FE39E07D} [2012.08.02 00:32:19 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{79FF3F25-F8F2-4439-BFF2-F92523D36FA6} [2012.08.02 00:14:06 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Roaming\Flatcast [2012.08.01 12:31:43 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{78312348-3EB3-4617-8988-0C3799B6F53C} [2012.08.01 12:31:21 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{6CAFECB4-7237-495D-8FD7-95E01998995B} [2012.08.01 00:30:56 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{28077E05-C484-47EE-902B-36FCE1222BD8} [2 C:\Users\saturn\AppData\Roaming\*.tmp files -> C:\Users\saturn\AppData\Roaming\*.tmp -> ] [2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.30 21:03:40 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1465593394-840541334-2811811331-1000UA.job [2012.08.30 20:57:47 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad [2012.08.30 20:57:42 | 000,000,016 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\blckdom.res [2012.08.30 20:46:30 | 000,001,889 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.08.30 20:35:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.30 20:28:00 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1465593394-840541334-2811811331-1000UA.job [2012.08.30 18:42:20 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.30 18:42:20 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.30 17:31:12 | 000,198,288 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\AcroIEHelpe204.dll [2012.08.30 17:31:12 | 000,007,424 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\BAcroIEHelpe204.dll [2012.08.30 17:24:10 | 006,746,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.30 17:24:10 | 002,105,144 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.30 17:24:10 | 002,027,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.30 17:24:10 | 001,741,430 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.30 17:19:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.30 17:19:50 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys [2012.08.29 23:48:42 | 000,006,400 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\BAcroIEHelpe.dll [2012.08.29 23:28:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1465593394-840541334-2811811331-1000Core.job [2012.08.28 17:00:56 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.08.28 17:00:56 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.08.26 18:19:42 | 000,001,070 | ---- | M] () -- C:\Users\saturn\Desktop\Proje Öneri.rtf [2012.08.26 15:03:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1465593394-840541334-2811811331-1000Core.job [2012.08.24 19:57:15 | 000,051,500 | ---- | M] () -- C:\Users\saturn\Desktop\402917_356228744458343_1596952542_n.jpg [2012.08.22 19:33:22 | 000,002,420 | ---- | M] () -- C:\Users\saturn\Desktop\Google Chrome.lnk [2012.08.16 21:06:24 | 000,294,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.08.10 23:49:09 | 000,031,530 | ---- | M] () -- C:\Users\saturn\Desktop\427221_430599956982139_1143617147_n.jpg [2012.08.10 19:18:16 | 000,000,199 | ---- | M] () -- C:\Users\saturn\Desktop\guteschheeinneee.rtf [2012.08.08 21:08:50 | 000,039,179 | ---- | M] () -- C:\Users\saturn\Desktop\376234_414643878585881_1521063534_n.jpg [2012.08.08 20:58:54 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.08.06 12:05:50 | 000,002,044 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2012.08.06 12:05:50 | 000,002,044 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012.08.03 14:49:21 | 000,028,740 | ---- | M] () -- C:\Users\saturn\Desktop\418572_305202276243594_321663588_n.jpg [2012.08.02 16:43:36 | 000,036,432 | ---- | M] () -- C:\Users\saturn\Desktop\403851_10150981963967509_502008573_n.jpg [2012.08.02 02:18:47 | 000,033,961 | ---- | M] () -- C:\Users\saturn\Desktop\391238_10152027841325190_1023298352_n.jpg [2012.08.02 00:14:07 | 000,000,857 | ---- | M] () -- C:\Windows\unins000.dat [2012.08.02 00:14:04 | 000,695,578 | ---- | M] () -- C:\Windows\unins000.exe [2012.08.01 20:46:51 | 000,000,202 | ---- | M] () -- C:\Users\saturn\Desktop\roland...rtf [2012.08.01 11:44:38 | 000,023,709 | ---- | M] () -- C:\Users\saturn\Desktop\539014_333697686712084_271076204_n.jpg [2012.08.01 11:18:19 | 000,053,201 | ---- | M] () -- C:\Users\saturn\Desktop\483330_10151055869764870_854887321_n.jpg [2012.08.01 01:01:58 | 000,087,761 | ---- | M] () -- C:\Users\saturn\Desktop\480380_472900902721283_1402432126_n.jpg [2 C:\Users\saturn\AppData\Roaming\*.tmp files -> C:\Users\saturn\AppData\Roaming\*.tmp -> ] [2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.30 20:46:30 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad [2012.08.30 20:46:30 | 000,001,889 | ---- | C] () -- C:\Users\saturn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.08.30 17:31:12 | 000,198,288 | ---- | C] () -- C:\Users\saturn\AppData\Roaming\AcroIEHelpe204.dll [2012.08.30 17:31:12 | 000,007,424 | ---- | C] () -- C:\Users\saturn\AppData\Roaming\BAcroIEHelpe204.dll [2012.08.29 23:48:42 | 000,006,400 | ---- | C] () -- C:\Users\saturn\AppData\Roaming\BAcroIEHelpe.dll [2012.08.29 23:48:22 | 000,000,016 | ---- | C] () -- C:\Users\saturn\AppData\Roaming\blckdom.res [2012.08.26 17:47:10 | 000,001,070 | ---- | C] () -- C:\Users\saturn\Desktop\Proje Öneri.rtf [2012.08.24 19:57:14 | 000,051,500 | ---- | C] () -- C:\Users\saturn\Desktop\402917_356228744458343_1596952542_n.jpg [2012.08.10 23:49:08 | 000,031,530 | ---- | C] () -- C:\Users\saturn\Desktop\427221_430599956982139_1143617147_n.jpg [2012.08.10 19:18:16 | 000,000,199 | ---- | C] () -- C:\Users\saturn\Desktop\guteschheeinneee.rtf [2012.08.08 21:08:47 | 000,039,179 | ---- | C] () -- C:\Users\saturn\Desktop\376234_414643878585881_1521063534_n.jpg [2012.08.05 02:25:51 | 000,002,044 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2012.08.05 02:25:51 | 000,002,044 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012.08.03 14:49:20 | 000,028,740 | ---- | C] () -- C:\Users\saturn\Desktop\418572_305202276243594_321663588_n.jpg [2012.08.02 16:43:35 | 000,036,432 | ---- | C] () -- C:\Users\saturn\Desktop\403851_10150981963967509_502008573_n.jpg [2012.08.02 02:18:47 | 000,033,961 | ---- | C] () -- C:\Users\saturn\Desktop\391238_10152027841325190_1023298352_n.jpg [2012.08.02 00:14:06 | 000,695,578 | ---- | C] () -- C:\Windows\unins000.exe [2012.08.02 00:14:06 | 000,000,857 | ---- | C] () -- C:\Windows\unins000.dat [2012.08.01 20:46:50 | 000,000,202 | ---- | C] () -- C:\Users\saturn\Desktop\roland...rtf [2012.08.01 11:44:37 | 000,023,709 | ---- | C] () -- C:\Users\saturn\Desktop\539014_333697686712084_271076204_n.jpg [2012.08.01 11:18:14 | 000,053,201 | ---- | C] () -- C:\Users\saturn\Desktop\483330_10151055869764870_854887321_n.jpg [2012.08.01 01:01:56 | 000,087,761 | ---- | C] () -- C:\Users\saturn\Desktop\480380_472900902721283_1402432126_n.jpg [2011.10.13 17:18:45 | 000,197,043 | ---- | C] () -- C:\Windows\hpwins27.dat [2011.10.13 16:55:29 | 000,000,385 | ---- | C] () -- C:\Windows\hpwmdl27.dat.temp [2011.06.02 21:53:21 | 000,000,068 | ---- | C] () -- C:\Windows\System32\enbseries.ini [2011.02.19 21:29:11 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2011.01.07 22:02:33 | 000,000,482 | ---- | C] () -- C:\Windows\eReg.dat [2010.12.23 22:06:10 | 000,002,856 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.12.09 17:23:13 | 000,050,640 | RHS- | C] () -- C:\Users\saturn\AppData\Roaming\appConf32.exe ========== LOP Check ========== [2012.07.04 15:37:04 | 000,000,000 | ---D | M] -- C:\Users\ersatz\AppData\Roaming\SoftGrid Client [2011.05.17 10:52:32 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Babylon [2012.07.28 15:26:37 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\MAGIX [2011.10.23 19:07:39 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\SoftGrid Client [2012.08.29 23:48:31 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\14001.018 [2012.08.30 17:31:02 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\15001.001 [2012.01.06 15:05:47 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\2K Sports [2012.03.03 15:28:37 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\Babylon [2011.04.24 00:12:27 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\Blender Foundation [2012.08.30 20:56:40 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\BrowserCompanion [2011.07.28 19:09:44 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\DVDVideoSoft [2011.07.28 19:05:00 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\DVDVideoSoftIEHelpers [2012.08.02 00:14:06 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\Flatcast [2011.01.03 01:02:30 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\ICQ [2010.11.13 20:20:29 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\IrfanView [2012.08.29 23:48:10 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\kock [2011.01.28 18:59:58 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\Leadertech [2011.02.19 21:45:00 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\MAGIX [2012.03.03 15:30:59 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\Media Finder [2011.10.21 20:11:18 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\MusicNet [2012.08.19 02:45:26 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\SoftGrid Client [2011.03.20 15:08:29 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\Sony [2011.03.20 15:03:05 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\Sony Setup [2010.11.12 19:25:23 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\TP [2012.08.30 01:00:16 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\UAs [2010.11.03 22:16:45 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\Uniblue [2011.03.11 00:59:31 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\Windows Live Writer [2012.08.30 01:01:08 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\xmldm [2012.08.29 23:28:00 | 000,001,120 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1465593394-840541334-2811811331-1000Core.job [2012.08.30 20:28:00 | 000,001,142 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1465593394-840541334-2811811331-1000UA.job [2012.07.11 17:42:32 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
|
30.08.2012, 20:12
| #2 |
| | GVU Trojaner mit 100€ Zahlungsaufforderung "Ihr computer ist aus einem oder mehreren der unten aufgeführten Gründe gesperrt." OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 30.08.2012 21:03:29 - Run 3 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Gast\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,58% Memory free 5,98 Gb Paging File | 4,77 Gb Available in Paging File | 79,73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 900,41 Gb Total Space | 706,04 Gb Free Space | 78,41% Space Free | Partition Type: NTFS Drive D: | 30,00 Gb Total Space | 22,02 Gb Free Space | 73,41% Space Free | Partition Type: NTFS Drive E: | 6,33 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive F: | 232,88 Gb Total Space | 198,50 Gb Free Space | 85,23% Space Free | Partition Type: NTFS Computer Name: SATURN-PC | User Name: saturn | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Users\Gast\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Programme\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\635b3aec298ad5e8c903b2323d79cc5a\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3748.36963__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3748.36959__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3748.36878__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3748.36942__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3748.36851__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3748.36900__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3748.36826__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3748.36892__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3748.36850__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3748.36850__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Dashboard\2.0.3748.36965__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3748.36877__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3748.36892__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3748.36883__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3748.36941__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3748.36907__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3748.36836__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3748.36886__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3748.36931__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3748.36891__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3748.36875__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3748.36843__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3748.36883__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3748.36855__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Runtime\2.0.3748.36965__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3748.36963__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3748.36957__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3748.36876__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3748.36871__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3748.36819__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3748.36816__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3748.36867__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3748.36907__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3748.36876__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3748.36941__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3748.36891__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3748.36847__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3748.36876__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3748.36929__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3748.36877__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3748.36936__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3748.36886__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3748.36884__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3748.36815__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3748.36923__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3748.36847__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3748.36818__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3748.36882__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3748.36818__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3748.36825__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3748.36817__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3748.36843__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3748.36836__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3748.36816__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3748.36929__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3748.36820__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3748.36817__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3748.36824__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3748.36822__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3748.36817__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3748.36825__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3748.36928__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3748.36822__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3748.36821__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3748.36819__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3748.36820__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3748.36936__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3748.36826__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3748.36821__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3748.36832__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3748.36917__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3748.36843__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3748.36923__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3748.36921__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3748.36824__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3748.36823__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3748.36825__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3748.36821__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3748.36822__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3748.36820__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3748.36830__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3748.36818__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3748.36819__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3748.36923__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3748.36842__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3748.36831__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3748.36849__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll () ========== Win32 Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Sony PC Companion) -- C:\Programme\Sony\Sony PC Companion\PCCService.exe (Avanquest Software) SRV - (cvhsvc) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) SRV - (sftvsa) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (cpuz132) -- C:\Users\saturn\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (s1018mdm) -- C:\Windows\System32\drivers\s1018mdm.sys (MCCI Corporation) DRV - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1018unic.sys (MCCI Corporation) DRV - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1018mgmt.sys (MCCI Corporation) DRV - (s1018obex) -- C:\Windows\System32\drivers\s1018obex.sys (MCCI Corporation) DRV - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\Windows\System32\drivers\s1018bus.sys (MCCI Corporation) DRV - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1018nd5.sys (MCCI Corporation) DRV - (s1018mdfl) -- C:\Windows\System32\drivers\s1018mdfl.sys (MCCI Corporation) DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation) DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation) DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation) DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation) DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation) DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation) DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation) DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation) DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation) DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation) DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation) DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation) DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation) DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation) DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.) DRV - (pepifilter) -- C:\Windows\System32\drivers\lv302af.sys (Logitech Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = StartPins IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=b21b691e0000000000006c626d568a37&tlver=1.4.19.19&ss=1&affID=17395 IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1465593394-840541334-2811811331-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKU\S-1-5-21-1465593394-840541334-2811811331-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.medion.com [binary data] IE - HKU\S-1-5-21-1465593394-840541334-2811811331-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-1465593394-840541334-2811811331-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-1465593394-840541334-2811811331-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.medion.com [binary data] IE - HKU\S-1-5-21-1465593394-840541334-2811811331-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://vshare.toolbarhome.com/?hp=df IE - HKU\S-1-5-21-1465593394-840541334-2811811331-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1465593394-840541334-2811811331-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1465593394-840541334-2811811331-501\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKU\S-1-5-21-1465593394-840541334-2811811331-501\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.medion.com [binary data] IE - HKU\S-1-5-21-1465593394-840541334-2811811331-501\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-1465593394-840541334-2811811331-501\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.medion.com [binary data] IE - HKU\S-1-5-21-1465593394-840541334-2811811331-501\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Suche IE - HKU\S-1-5-21-1465593394-840541334-2811811331-501\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1465593394-840541334-2811811331-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://startsear.ch/?hp=df" FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "chrome://browser-region/locale/region.properties" FF - prefs.js..browser.startup.homepage: "resource:/browserconfig.properties" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files\Sony\Media Go\npmediago.dll (Sony Creative Software Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\saturn\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\saturn\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\saturn\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\saturn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\PROGRA~1\MOZILL~1\plugins\NpFv522.dll (1 mal 1 Software GmbH) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.13 17:24:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.11 17:51:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.30 00:41:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.14 21:35:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.13 17:24:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\saturn\AppData\Roaming\15001.001 [2012.08.30 17:31:02 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.30 00:41:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.14 21:35:19 | 000,000,000 | ---D | M] [2011.10.21 20:13:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\saturn\AppData\Roaming\mozilla\Extensions [2012.08.21 23:35:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\saturn\AppData\Roaming\mozilla\Firefox\Profiles\o99hlbyo.default\extensions [2012.07.29 23:38:09 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\saturn\AppData\Roaming\mozilla\Firefox\Profiles\o99hlbyo.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.08.21 23:35:26 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\saturn\AppData\Roaming\mozilla\Firefox\Profiles\o99hlbyo.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.11.26 14:42:54 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\saturn\AppData\Roaming\mozilla\Firefox\Profiles\o99hlbyo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.04.12 19:40:17 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\saturn\AppData\Roaming\mozilla\Firefox\Profiles\o99hlbyo.default\extensions\bbrs_002@blabbers.com [2011.08.18 11:08:05 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\saturn\AppData\Roaming\mozilla\Firefox\Profiles\o99hlbyo.default\extensions\ffxtlbr@babylon.com [2012.03.27 20:26:54 | 000,000,000 | ---D | M] (vShare) -- C:\Users\saturn\AppData\Roaming\mozilla\Firefox\Profiles\o99hlbyo.default\extensions\vshare@toolbar [2012.03.28 17:36:16 | 000,002,404 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\askcom.xml [2011.07.23 23:14:05 | 000,002,023 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\badoo.xml [2010.11.29 23:06:08 | 000,001,832 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\bing.xml [2010.11.26 21:34:12 | 000,000,873 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\conduit.xml [2012.08.28 23:02:19 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-1.xml [2011.09.06 20:19:34 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-10.xml [2011.09.07 20:47:16 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-11.xml [2011.09.27 21:47:46 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-12.xml [2011.10.03 12:46:41 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-13.xml [2011.11.08 18:55:12 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-14.xml [2011.11.10 23:59:21 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-15.xml [2011.11.30 22:10:47 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-16.xml [2012.01.04 17:20:09 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-17.xml [2012.01.04 21:52:23 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-18.xml [2012.02.01 20:25:27 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-19.xml [2011.03.24 17:00:29 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-2.xml [2012.02.13 19:21:45 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-20.xml [2012.02.19 16:23:43 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-21.xml [2011.04.21 18:40:32 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-3.xml [2011.05.14 09:17:55 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-4.xml [2011.06.28 19:45:36 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-5.xml [2011.07.03 14:31:14 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-6.xml [2011.08.16 20:02:32 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-7.xml [2011.08.17 13:05:22 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-8.xml [2011.08.19 17:26:23 | 000,000,950 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin-9.xml [2011.03.05 18:47:43 | 000,001,056 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\icqplugin.xml [2011.10.21 20:11:20 | 000,002,516 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\SearchResults.xml [2012.01.07 18:51:20 | 000,000,792 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\startsear.xml [2010.11.13 20:18:18 | 000,003,915 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\sweetim.xml [2012.03.27 20:27:00 | 000,001,565 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\o99hlbyo.default\searchplugins\web-search.xml [2012.08.08 20:58:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.08.30 00:41:35 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2009.09.21 11:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv522.dll [2011.10.27 15:45:50 | 000,083,456 | ---- | M] (LiveVDO ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll [2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.03 15:28:38 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.08.30 00:41:35 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.21 20:11:20 | 000,002,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml [2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Search the web (Babylon) (Enabled) CHR - default_search_provider: search_url = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=b21b691e0000000000006c626d568a37&tlver=1.4.19.19&ss=1&affID=17395 CHR - default_search_provider: suggest_url = CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\saturn\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\saturn\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\saturn\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: LiveVDO plug-in (Enabled) = C:\Users\saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp\1.3_0\chvsharetvplg.dll CHR - plugin: LiveVDO plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Unity Player (Enabled) = C:\Users\saturn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Google Update (Enabled) = C:\Users\saturn\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Media Go Detector (Enabled) = c:\Program Files\Sony\Media Go\npmediago.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Browser Companion Helper = C:\Users\saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: General Crawler = C:\Users\saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpihmmhdcobmllpcnpfbhnipmhamldje\2.0_0\ CHR - Extension: LiveVDO plugin = C:\Users\saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp\1.3_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Programme\BrowserCompanion\jsloader.dll ( ) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Programme\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.) O2 - BHO: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found. O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Programme\BrowserCompanion\updatebhoWin32.dll ( ) O2 - BHO: (Help the General-Search Project) - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\Users\saturn\AppData\Roaming\MEDIAF~1\EXTENS~1\GENCRA~1.DLL () O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (StartSearchToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.) O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found O3 - HKU\S-1-5-21-1465593394-840541334-2811811331-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-1465593394-840541334-2811811331-1000\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found. O3 - HKU\S-1-5-21-1465593394-840541334-2811811331-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found O3 - HKU\S-1-5-21-1465593394-840541334-2811811331-501\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found. O3 - HKU\S-1-5-21-1465593394-840541334-2811811331-501\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-21-1465593394-840541334-2811811331-1000..\Run: [Badoo Desktop] C:\ProgramData\Badoo\Badoo Desktop\1.6.55.1183\Badoo.Desktop.exe (Badoo) O4 - HKU\S-1-5-21-1465593394-840541334-2811811331-1000..\Run: [Facebook Update] C:\Users\saturn\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-1465593394-840541334-2811811331-1000..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-1465593394-840541334-2811811331-1000..\Run: [Userinit] C:\Users\saturn\AppData\Roaming\appConf32.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\saturn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk = C:\Users\saturn\AppData\Roaming\BrowserCompanion\tcbhn.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-1465593394-840541334-2811811331-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: Free YouTube Download - C:\Users\saturn\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\saturn\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA324995-E6B1-43EE-83D6-9FB83E2B28FF}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.08.11 04:04:53 | 000,247,696 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - E:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2011.08.11 04:04:53 | 000,000,047 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{7dcb8fca-b755-11df-8a77-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{7dcb8fca-b755-11df-8a77-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2011.08.11 04:04:53 | 000,247,696 | R--- | M] (Konami Digital Entertainment Co., Ltd.) O33 - MountPoints2\{8764202b-f88c-11df-9981-6c626d568a37}\Shell - "" = AutoRun O33 - MountPoints2\{8764202b-f88c-11df-9981-6c626d568a37}\Shell\AutoRun\command - "" = H:\Startme.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe -- [2011.08.11 04:04:53 | 000,247,696 | R--- | M] (Konami Digital Entertainment Co., Ltd.) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.30 17:31:02 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Roaming\15001.001 [2012.08.30 17:30:57 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{0E613BF5-99C9-4D6E-A5C7-3C8A8B726A3D} [2012.08.30 01:00:16 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Roaming\UAs [2012.08.29 23:48:31 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Roaming\14001.018 [2012.08.29 23:48:10 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Roaming\xmldm [2012.08.29 23:48:10 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Roaming\kock [2012.08.29 17:46:10 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{45BB5B7B-E517-4DE1-B97C-2113FF6565FD} [2012.08.28 17:00:19 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{492AFC1D-F7EA-4C50-AD17-96FF644062A4} [2012.08.27 18:36:05 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{CA3BA918-9967-4BEB-AC71-4E551A916D6E} [2012.08.26 13:14:17 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{595F87C4-CE04-495F-A742-933539E126DD} [2012.08.25 12:54:04 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{10B71342-4939-43A0-B43A-A5DE9F83CB6A} [2012.08.24 16:24:36 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{CE456119-6ED6-40A8-B873-129C003FEC3D} [2012.08.23 17:58:18 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{47A621AC-9D43-4815-B1EA-AA7EAAE4F1D4} [2012.08.22 19:32:30 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{7B3EC23A-8DFC-4A4A-91E4-C50C08F4B53E} [2012.08.21 19:29:58 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{A6A5751B-EDD0-4473-99CA-0BCA1E49CC6F} [2012.08.20 19:12:22 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{FB55A9D2-4535-455C-8D6A-81BCE37E845A} [2012.08.19 23:12:06 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{772247CC-347D-4A4B-8C3D-F2F57351FC10} [2012.08.19 11:11:41 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{765B961C-8A74-46D1-AF32-49E2138CF330} [2012.08.18 15:01:16 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{8EB45775-62D9-4E3D-8536-B530E9D271A3} [2012.08.18 15:01:05 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{4E250644-FF84-4FC0-B140-6072D21D4EA8} [2012.08.17 19:16:56 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{6B20B3AD-F018-4910-84CA-2CE8308FF140} [2012.08.17 19:16:45 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{A50BC3C0-D090-4CA1-AE30-38897D6EB7D2} [2012.08.16 21:07:38 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{29C8D437-6D6C-41DB-A834-039FDD854B24} [2012.08.16 21:07:27 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{0EC0876F-DF9A-4FF0-951B-B9C18B42F89C} [2012.08.16 00:58:17 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.08.16 00:58:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.08.16 00:58:16 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.08.16 00:58:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.08.16 00:58:16 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.08.16 00:58:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.08.16 00:58:15 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.08.15 19:35:13 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll [2012.08.15 19:35:11 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.08.15 19:35:11 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll [2012.08.15 19:31:03 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{038C2AF4-8050-4912-9929-C48518C61082} [2012.08.15 19:30:52 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{27DDCD14-C4B8-4F94-B5EE-7F77778594C6} [2012.08.14 21:33:45 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{16A5F277-9259-4574-A3BD-2A10BA621E82} [2012.08.14 21:33:34 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{B142047A-458F-4F25-ADEA-0594D24DA7BC} [2012.08.13 19:50:15 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{F7B3D38D-B975-4419-87EE-91E7C04E08A8} [2012.08.13 19:50:04 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{CCE40081-5E7B-4CA2-9E82-E6C2B9F313C5} [2012.08.12 14:12:53 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{772246A7-022E-4A9F-9165-0AAE985FE8FF} [2012.08.12 14:12:42 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{9B454AB5-56E1-48C9-8949-197DA9A6B532} [2012.08.12 01:44:22 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{42997C90-7669-4C55-B7C4-B3710B595E6E} [2012.08.12 01:44:01 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{CE4C7301-81FF-45BD-BE9D-8C5D0085B081} [2012.08.11 13:43:44 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{0CEAC16A-9DA8-4AC6-8DE9-404C9DDEBED0} [2012.08.11 13:43:33 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{1C5B8746-3B61-4407-9249-E17F3B07DC64} [2012.08.10 18:50:36 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{5F40EABF-E76B-4C1A-8BF6-1CED8AA475C7} [2012.08.10 18:50:25 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{BAD4AA54-CBFB-418C-8957-258233097489} [2012.08.09 19:31:54 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{5B81B170-3930-4301-85F9-DE68E90CAAFD} [2012.08.09 19:31:43 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{E86DF26B-BADC-4DA2-8F76-1CC244D7D34C} [2012.08.08 18:15:54 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{2B7B849D-F92E-4ED8-B8B9-E5E56DCFEA4F} [2012.08.08 18:15:41 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{B3BEC570-DC82-442C-B5E1-145C20447BFE} [2012.08.07 21:04:33 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{79DC4DC9-E89C-4F3E-B583-ED99F440D1A7} [2012.08.07 21:04:22 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{97CA0DE8-91E7-48A0-89D3-D16D5642760B} [2012.08.06 12:48:31 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{A300A314-AD98-43CB-92AF-E1A4638D960A} [2012.08.06 12:48:20 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{BC4460E8-010B-4B14-9A90-DBC782BF4D40} [2012.08.06 12:05:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2012.08.05 13:54:40 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{9B45BE82-0D7C-4F4C-9499-8436EDD29066} [2012.08.05 13:54:29 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{B615AE2A-E68C-4624-9473-4F450A987889} [2012.08.05 02:25:51 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2012.08.05 02:25:51 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2012.08.04 22:44:24 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{2190359B-7AE7-4ABA-9201-0D55FEEEFAF7} [2012.08.04 22:44:13 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{4985FE69-424C-4812-916F-991004FBB926} [2012.08.03 12:09:23 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{EB127C51-FB0D-49B2-B712-F8A9615553B9} [2012.08.03 12:09:12 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{46E7C127-ECF3-4776-9992-2B2031CA3C4D} [2012.08.02 12:33:07 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{E6382E74-5F61-4DA7-A12C-8B74402B3755} [2012.08.02 12:32:45 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{E8646B3D-125D-49B3-946E-BF82FE39E07D} [2012.08.02 00:32:19 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{79FF3F25-F8F2-4439-BFF2-F92523D36FA6} [2012.08.02 00:14:06 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Roaming\Flatcast [2012.08.01 12:31:43 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{78312348-3EB3-4617-8988-0C3799B6F53C} [2012.08.01 12:31:21 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{6CAFECB4-7237-495D-8FD7-95E01998995B} [2012.08.01 00:30:56 | 000,000,000 | ---D | C] -- C:\Users\saturn\AppData\Local\{28077E05-C484-47EE-902B-36FCE1222BD8} [2 C:\Users\saturn\AppData\Roaming\*.tmp files -> C:\Users\saturn\AppData\Roaming\*.tmp -> ] [2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.30 21:03:40 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1465593394-840541334-2811811331-1000UA.job [2012.08.30 20:57:47 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad [2012.08.30 20:57:42 | 000,000,016 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\blckdom.res [2012.08.30 20:46:30 | 000,001,889 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.08.30 20:35:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.30 20:28:00 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1465593394-840541334-2811811331-1000UA.job [2012.08.30 18:42:20 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.30 18:42:20 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.30 17:31:12 | 000,198,288 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\AcroIEHelpe204.dll [2012.08.30 17:31:12 | 000,007,424 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\BAcroIEHelpe204.dll [2012.08.30 17:24:10 | 006,746,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.30 17:24:10 | 002,105,144 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.30 17:24:10 | 002,027,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.30 17:24:10 | 001,741,430 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.30 17:19:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.30 17:19:50 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys [2012.08.29 23:48:42 | 000,006,400 | ---- | M] () -- C:\Users\saturn\AppData\Roaming\BAcroIEHelpe.dll [2012.08.29 23:28:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1465593394-840541334-2811811331-1000Core.job [2012.08.28 17:00:56 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.08.28 17:00:56 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.08.26 18:19:42 | 000,001,070 | ---- | M] () -- C:\Users\saturn\Desktop\Proje Öneri.rtf [2012.08.26 15:03:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1465593394-840541334-2811811331-1000Core.job [2012.08.24 19:57:15 | 000,051,500 | ---- | M] () -- C:\Users\saturn\Desktop\402917_356228744458343_1596952542_n.jpg [2012.08.22 19:33:22 | 000,002,420 | ---- | M] () -- C:\Users\saturn\Desktop\Google Chrome.lnk [2012.08.16 21:06:24 | 000,294,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.08.10 23:49:09 | 000,031,530 | ---- | M] () -- C:\Users\saturn\Desktop\427221_430599956982139_1143617147_n.jpg [2012.08.10 19:18:16 | 000,000,199 | ---- | M] () -- C:\Users\saturn\Desktop\guteschheeinneee.rtf [2012.08.08 21:08:50 | 000,039,179 | ---- | M] () -- C:\Users\saturn\Desktop\376234_414643878585881_1521063534_n.jpg [2012.08.08 20:58:54 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.08.06 12:05:50 | 000,002,044 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2012.08.06 12:05:50 | 000,002,044 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012.08.03 14:49:21 | 000,028,740 | ---- | M] () -- C:\Users\saturn\Desktop\418572_305202276243594_321663588_n.jpg [2012.08.02 16:43:36 | 000,036,432 | ---- | M] () -- C:\Users\saturn\Desktop\403851_10150981963967509_502008573_n.jpg [2012.08.02 02:18:47 | 000,033,961 | ---- | M] () -- C:\Users\saturn\Desktop\391238_10152027841325190_1023298352_n.jpg [2012.08.02 00:14:07 | 000,000,857 | ---- | M] () -- C:\Windows\unins000.dat [2012.08.02 00:14:04 | 000,695,578 | ---- | M] () -- C:\Windows\unins000.exe [2012.08.01 20:46:51 | 000,000,202 | ---- | M] () -- C:\Users\saturn\Desktop\roland...rtf [2012.08.01 11:44:38 | 000,023,709 | ---- | M] () -- C:\Users\saturn\Desktop\539014_333697686712084_271076204_n.jpg [2012.08.01 11:18:19 | 000,053,201 | ---- | M] () -- C:\Users\saturn\Desktop\483330_10151055869764870_854887321_n.jpg [2012.08.01 01:01:58 | 000,087,761 | ---- | M] () -- C:\Users\saturn\Desktop\480380_472900902721283_1402432126_n.jpg [2 C:\Users\saturn\AppData\Roaming\*.tmp files -> C:\Users\saturn\AppData\Roaming\*.tmp -> ] [2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.30 20:46:30 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad [2012.08.30 20:46:30 | 000,001,889 | ---- | C] () -- C:\Users\saturn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.08.30 17:31:12 | 000,198,288 | ---- | C] () -- C:\Users\saturn\AppData\Roaming\AcroIEHelpe204.dll [2012.08.30 17:31:12 | 000,007,424 | ---- | C] () -- C:\Users\saturn\AppData\Roaming\BAcroIEHelpe204.dll [2012.08.29 23:48:42 | 000,006,400 | ---- | C] () -- C:\Users\saturn\AppData\Roaming\BAcroIEHelpe.dll [2012.08.29 23:48:22 | 000,000,016 | ---- | C] () -- C:\Users\saturn\AppData\Roaming\blckdom.res [2012.08.26 17:47:10 | 000,001,070 | ---- | C] () -- C:\Users\saturn\Desktop\Proje Öneri.rtf [2012.08.24 19:57:14 | 000,051,500 | ---- | C] () -- C:\Users\saturn\Desktop\402917_356228744458343_1596952542_n.jpg [2012.08.10 23:49:08 | 000,031,530 | ---- | C] () -- C:\Users\saturn\Desktop\427221_430599956982139_1143617147_n.jpg [2012.08.10 19:18:16 | 000,000,199 | ---- | C] () -- C:\Users\saturn\Desktop\guteschheeinneee.rtf [2012.08.08 21:08:47 | 000,039,179 | ---- | C] () -- C:\Users\saturn\Desktop\376234_414643878585881_1521063534_n.jpg [2012.08.05 02:25:51 | 000,002,044 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2012.08.05 02:25:51 | 000,002,044 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012.08.03 14:49:20 | 000,028,740 | ---- | C] () -- C:\Users\saturn\Desktop\418572_305202276243594_321663588_n.jpg [2012.08.02 16:43:35 | 000,036,432 | ---- | C] () -- C:\Users\saturn\Desktop\403851_10150981963967509_502008573_n.jpg [2012.08.02 02:18:47 | 000,033,961 | ---- | C] () -- C:\Users\saturn\Desktop\391238_10152027841325190_1023298352_n.jpg [2012.08.02 00:14:06 | 000,695,578 | ---- | C] () -- C:\Windows\unins000.exe [2012.08.02 00:14:06 | 000,000,857 | ---- | C] () -- C:\Windows\unins000.dat [2012.08.01 20:46:50 | 000,000,202 | ---- | C] () -- C:\Users\saturn\Desktop\roland...rtf [2012.08.01 11:44:37 | 000,023,709 | ---- | C] () -- C:\Users\saturn\Desktop\539014_333697686712084_271076204_n.jpg [2012.08.01 11:18:14 | 000,053,201 | ---- | C] () -- C:\Users\saturn\Desktop\483330_10151055869764870_854887321_n.jpg [2012.08.01 01:01:56 | 000,087,761 | ---- | C] () -- C:\Users\saturn\Desktop\480380_472900902721283_1402432126_n.jpg [2011.10.13 17:18:45 | 000,197,043 | ---- | C] () -- C:\Windows\hpwins27.dat [2011.10.13 16:55:29 | 000,000,385 | ---- | C] () -- C:\Windows\hpwmdl27.dat.temp [2011.06.02 21:53:21 | 000,000,068 | ---- | C] () -- C:\Windows\System32\enbseries.ini [2011.02.19 21:29:11 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2011.01.07 22:02:33 | 000,000,482 | ---- | C] () -- C:\Windows\eReg.dat [2010.12.23 22:06:10 | 000,002,856 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.12.09 17:23:13 | 000,050,640 | RHS- | C] () -- C:\Users\saturn\AppData\Roaming\appConf32.exe ========== LOP Check ========== [2012.07.04 15:37:04 | 000,000,000 | ---D | M] -- C:\Users\ersatz\AppData\Roaming\SoftGrid Client [2011.05.17 10:52:32 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Babylon [2012.07.28 15:26:37 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\MAGIX [2011.10.23 19:07:39 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\SoftGrid Client [2012.08.29 23:48:31 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\14001.018 [2012.08.30 17:31:02 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\15001.001 [2012.01.06 15:05:47 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\2K Sports [2012.03.03 15:28:37 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\Babylon [2011.04.24 00:12:27 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\Blender Foundation [2012.08.30 20:56:40 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\BrowserCompanion [2011.07.28 19:09:44 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\DVDVideoSoft [2011.07.28 19:05:00 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\DVDVideoSoftIEHelpers [2012.08.02 00:14:06 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\Flatcast [2011.01.03 01:02:30 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\ICQ [2010.11.13 20:20:29 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\IrfanView [2012.08.29 23:48:10 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\kock [2011.01.28 18:59:58 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\Leadertech [2011.02.19 21:45:00 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\MAGIX [2012.03.03 15:30:59 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\Media Finder [2011.10.21 20:11:18 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\MusicNet [2012.08.19 02:45:26 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\SoftGrid Client [2011.03.20 15:08:29 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\Sony [2011.03.20 15:03:05 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\Sony Setup [2010.11.12 19:25:23 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\TP [2012.08.30 01:00:16 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\UAs [2010.11.03 22:16:45 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\Uniblue [2011.03.11 00:59:31 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\Windows Live Writer [2012.08.30 01:01:08 | 000,000,000 | ---D | M] -- C:\Users\saturn\AppData\Roaming\xmldm [2012.08.29 23:28:00 | 000,001,120 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1465593394-840541334-2811811331-1000Core.job [2012.08.30 20:28:00 | 000,001,142 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1465593394-840541334-2811811331-1000UA.job [2012.07.11 17:42:32 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > wo finde ich die "extra" datei ? oder können sie mir einfach schreiben welche schritte zutun ist..? |
|
01.09.2012, 14:12
| #3 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | GVU Trojaner mit 100€ Zahlungsaufforderung "Ihr computer ist aus einem oder mehreren der unten aufgeführten Gründe gesperrt." Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
Linear-Darstellung
