Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 02.02.2013, 12:52   #1
oguzhan002
 
Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden - Unglücklich

Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden



Hallo Community

Ich habe vor 3-4 Wochen problemlos gesurft und hatte keine Probleme.
Aber diese Woche habe ich gemerkt das mit mein Internet irgendwas nicht stimmt.

Mein Internet wird immer wieder gebremst für 2-4 Sekunden.
Und dann geht es wieder dann wirds wieder gebremst.
Ich weiß nicht woran das liegt ?
Habs im FritzBox nachgeschaut ob es von dort ist aber nichts gefunden.

Mein Laptop ist sehr schnell (vor 4 Tagen noch Festplatte formatiert) und Internetgeschwindigkeit ist auch sehr schnell (16.000 DSL) aber wird halt nur gebremst.
Gestern habe ich mit Malwarebytes Vollständigen Scan gemacht und habe da was gefunden.

Undzwar Backdoor.Agent.DCGen, RegistryValue;
(HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|rundll32)

Habe mit OTL , Malwarebytes und mit HijackThis Scanns gemacht.

Java 7 Update 11 habe ich auch deinstalliert. Und alle Plugins von Java deaktiviert.
Habe nurnoch Java 7 Update 10 (64-bit) Version.

Hijackthis , Malwarebyts und OTL LOGS angehängt.
(OTL Text hatte über 188 Kb konnte als LOG Datei nicht hochladen. Deswegen als Rar eingepackt.

Das war auch Minimum - Ausgabe; Deswegen als Rar eingepackt )

Was soll ich tuun ? :/
Angehängte Dateien
Dateityp: txt mbam-log-2013-02-02 (11-48-27).txt (2,1 KB, 141x aufgerufen)
Dateityp: log hijackthis.log (14,5 KB, 133x aufgerufen)
Dateityp: txt Extras.Txt (66,6 KB, 168x aufgerufen)

Geändert von oguzhan002 (02.02.2013 um 13:20 Uhr)

Alt 02.02.2013, 16:43   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden - Standard

Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden





Zitat:
Gestern habe ich mit Malwarebytes Vollständigen Scan gemacht und habe da was gefunden.
Schön und wo sind die Logs dazu?
Du hast nur ein Log von MBAM ohne Funde gepostet, wie soll das bitte relevante Infos haben?

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 02.02.2013, 17:28   #3
oguzhan002
 
Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden - Standard

Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden



Ja weil dieser Backdoor Troj. in Quarantäne ist deswegen ist in LOGS nichts zu finden

OTL
Code:
ATTFilter
OTL logfile created on: 02.02.2013 13:40:33 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 43,93% Memory free
7,99 Gb Paging File | 5,33 Gb Available in Paging File | 66,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 378,04 Gb Free Space | 81,18% Space Free | Partition Type: NTFS
Drive F: | 7,55 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ***** | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Users\*****\AppData\Local\Apps\2.0\QE3JXTYP.KJ7\9QHDYYQR.MOK\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe (AVM Berlin)
PRC - C:\Windows\SysWOW64\bmon.exe ()
PRC - C:\Windows\SysWOW64\sasvc.exe ()
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\LogMeIn Hamachi2\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\*****\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\2fde951bac2fe8259fd13df4f05e4023\System.Deployment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\581e9ba9c81e2840a917fbd3d9661f85\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\82f376255a9523982c52cf58b13268d3\PresentationFramework.Classic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e43f80b6a3a40323520dd89cb77500a8\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\DetMethod.dll ()
MOD - C:\Program Files (x86)\Launch Manager\PowerUtl.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (GFilterSvc) -- C:\Windows\SysNative\GFilterSvc.exe ()
SRV:64bit: - (prevhpst) -- C:\Windows\SysNative\L2SecHCd.exe ()
SRV - (MCMUv2) -- C:\Windows\SysWOW64\bmon.exe ()
SRV - (SABBv1b) -- C:\Windows\SysWOW64\sasvc.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MsgPlusService) -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi2\hamachi-2.exe (LogMeIn Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (avmaura) -- C:\Windows\SysNative\drivers\avmaura.sys (AVM Berlin)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (MsgPlusDriver) -- C:\Windows\SysNative\drivers\MsgPlusDriver.sys (Yune Software)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (AR5416) -- C:\Windows\SysNative\drivers\athwx.sys (Atheros Communications, Inc.)
DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys (Screaming Bee LLC)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (SLEE_18_DRIVER) -- C:\Windows\SleeN1864.sys (Softwareentwicklung Remus - ArchiCrypt - )
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (DritekPortIO) -- C:\PROGRA~2\LAUNCH~1\DPortIO.sys (Dritek System Inc.)
DRV - (Winsock) -- C:\Windows\SysWow64\WINSOCK.SRG ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutDtDtByCtB0Dzy0C0FtAtAtAyB0AtA0CtN0D0Tzu0CtBzyyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=866207549
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={3BC7965D-419A-11E2-89A5-0017C4CA868C}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=4f12f484-899c-41d0-9804-253b25f2e3e4&searchtype=ds&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={3BC7965D-419A-11E2-89A5-0017C4CA868C}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3461211073-1526684044-2221221769-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=4f12f484-899c-41d0-9804-253b25f2e3e4&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-3461211073-1526684044-2221221769-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=4f12f484-899c-41d0-9804-253b25f2e3e4&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-3461211073-1526684044-2221221769-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKU\S-1-5-21-3461211073-1526684044-2221221769-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3461211073-1526684044-2221221769-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3461211073-1526684044-2221221769-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 BB 6D 72 FB AD CD 01  [binary data]
IE - HKU\S-1-5-21-3461211073-1526684044-2221221769-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=4f12f484-899c-41d0-9804-253b25f2e3e4&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-3461211073-1526684044-2221221769-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=4f12f484-899c-41d0-9804-253b25f2e3e4&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-3461211073-1526684044-2221221769-1004\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKU\S-1-5-21-3461211073-1526684044-2221221769-1004\..\SearchScopes,DefaultScope = {8EEAC88A-079B-4b2c-80C1-7836F79EB40A}
IE - HKU\S-1-5-21-3461211073-1526684044-2221221769-1004\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=4f12f484-899c-41d0-9804-253b25f2e3e4&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-3461211073-1526684044-2221221769-1004\..\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
IE - HKU\S-1-5-21-3461211073-1526684044-2221221769-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-comodo"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-comodo"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ncr"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13
FF - prefs.js..extensions.enabledAddons: %7B9c51bd27-6ed8-4000-a2bf-36cb95c0c947%7D:11.0.1
FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.2
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: content_blocker%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ncr"
 
FF - user.js..browser.search.defaultenginename: "Google"
FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.startup.homepage: "hxxp://www.google.de/ncr"
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\*****\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files (x86)\Iminent\webbooster@iminent.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.02.01 17:42:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.02.01 17:42:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.02.01 17:42:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.02.01 17:42:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.02.01 17:42:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.20 01:36:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.17 19:00:08 | 000,000,000 | ---D | M]
 
[2012.10.18 21:34:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2013.02.01 11:58:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\gpvu8bv2.default-1352417479729\extensions
[2013.01.13 02:41:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\gpvu8bv2.default-1352417479729\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.01.17 17:25:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\txn8x6g4.default\extensions
[2012.11.05 21:54:55 | 000,000,000 | ---D | M] (COMPUTERBILD-Abzockschutz) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\txn8x6g4.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}
[2013.01.17 17:25:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\txn8x6g4.default\extensions\plugin@yontoo.com
[2012.12.13 16:09:22 | 002,151,598 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\gpvu8bv2.default-1352417479729\extensions\firebug@software.joehewitt.com.xpi
[2013.01.18 20:25:45 | 000,615,655 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\gpvu8bv2.default-1352417479729\extensions\testpilot@labs.mozilla.com.xpi
[2013.02.01 11:58:19 | 000,533,536 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\gpvu8bv2.default-1352417479729\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.01.13 02:43:46 | 000,080,872 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\gpvu8bv2.default-1352417479729\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi
[2013.01.15 14:39:32 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\gpvu8bv2.default-1352417479729\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2013.02.01 11:58:21 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\gpvu8bv2.default-1352417479729\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.16 23:05:18 | 000,002,413 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\gpvu8bv2.default-1352417479729\searchplugins\askcom.xml
[2012.12.11 13:18:58 | 000,003,576 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\gpvu8bv2.default-1352417479729\searchplugins\Google.xml
[2012.12.09 02:19:40 | 000,003,983 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\gpvu8bv2.default-1352417479729\searchplugins\sweetim.xml
[2012.12.19 17:21:51 | 000,001,044 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\gpvu8bv2.default-1352417479729\searchplugins\winload-customized-web-search.xml
[2013.01.20 01:36:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.05 04:44:54 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.20 06:26:19 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Disabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Disabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Photo Gallery (Disabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Stylish = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\1.1_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Stylish = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\1.1_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2012.11.14 17:27:02 | 000,444,833 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	www.123fporn.info
O1 - Hosts: 15276 more lines...
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ProxTube) - {0AA2810A-F009-4BD7-A10A-32F140A1B9F3} - C:\Users\User\AppData\LocalLow\ProxTube\IE\ProxTube.dll (Malte Goetz)
O2 - BHO: (OneTab Add-on) - {16ADEA98-D215-4F51-80AF-5E5ED660B9C0} - C:\Users\*****\AppData\Roaming\OneTab\OneTab.dll (OnPageAds)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - No CLSID value found.
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKU\S-1-5-21-3461211073-1526684044-2221221769-1004\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [PLFSetL] C:\Windows\\PLFSetL.exe File not found
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [LManager] C:\PROGRA~2\LAUNCH~1\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi2\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe (Ulead Systems, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3461211073-1526684044-2221221769-1004..\Run: [AVMUSBFernanschluss] C:\Users\*****\AppData\Local\Apps\2.0\QE3JXTYP.KJ7\9QHDYYQR.MOK\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe (AVM Berlin)
O4 - HKU\S-1-5-21-3461211073-1526684044-2221221769-1004..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3461211073-1526684044-2221221769-1004..\Run: [Facebook Update] "C:\Users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
O4 - HKU\S-1-5-21-3461211073-1526684044-2221221769-1007..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3461211073-1526684044-2221221769-1004..\RunOnce: [Uninstall C:\Users\*****\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\*****\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" File not found
O4 - HKU\S-1-5-21-3461211073-1526684044-2221221769-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk =  File not found
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk =  File not found
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3461211073-1526684044-2221221769-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BC0B89A-3EEF-4403-A4EA-677FF0919390}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79177F28-CEC0-4E58-9BB4-BB8F83901D36}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79177F28-CEC0-4E58-9BB4-BB8F83901D36}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.03.09 20:28:18 | 000,231,518 | R--- | M] () - F:\autorun.ico -- [ UDF ]
O32 - AutoRun File - [2010.02.11 04:05:02 | 000,000,047 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.02 12:07:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.02.01 23:21:02 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Fable3+13Tr-LinGon
[2013.02.01 16:49:08 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Fable 3
[2013.02.01 16:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
[2013.02.01 16:14:30 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2013.02.01 16:00:07 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2013.02.01 15:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.02.01 15:59:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2013.02.01 15:57:00 | 000,613,720 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2013.02.01 15:57:00 | 000,089,432 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys
[2013.02.01 12:00:28 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.01.31 20:36:20 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.01.31 20:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.01.31 20:36:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.01.31 19:02:59 | 006,382,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2013.01.31 19:02:59 | 003,455,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2013.01.31 19:02:59 | 002,558,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2013.01.31 19:02:59 | 000,118,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2013.01.31 19:02:59 | 000,063,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2013.01.31 18:59:58 | 001,472,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2013.01.31 18:59:58 | 000,189,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2013.01.31 18:59:58 | 000,031,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2013.01.31 18:59:56 | 026,931,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.01.31 18:59:56 | 025,256,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.01.31 18:59:56 | 020,450,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.01.31 18:59:56 | 018,054,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013.01.31 18:59:56 | 017,560,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.01.31 18:59:56 | 015,129,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013.01.31 18:59:56 | 015,052,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013.01.31 18:59:56 | 012,641,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.01.31 18:59:56 | 009,389,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.01.31 18:59:56 | 007,931,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.01.31 18:59:56 | 007,565,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.01.31 18:59:56 | 006,263,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.01.31 18:59:56 | 002,904,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.01.31 18:59:56 | 002,824,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2013.01.31 18:59:56 | 002,720,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.01.31 18:59:56 | 002,504,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013.01.31 18:59:56 | 002,344,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.01.31 18:59:56 | 001,985,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.01.31 18:59:56 | 001,813,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2013.01.31 18:59:56 | 001,504,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll
[2013.01.20 06:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.01.20 03:30:11 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRITZ!Box
[2013.01.20 03:00:13 | 000,116,480 | ---- | C] (AVM Berlin) -- C:\Windows\SysNative\drivers\avmaura.sys
[2013.01.20 02:59:38 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Apps
[2013.01.20 02:59:37 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Deployment
[2013.01.20 02:04:41 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2013.01.20 01:57:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2013.01.19 23:02:13 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Tor
[2013.01.19 23:02:12 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Vidalia
[2013.01.19 23:02:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vidalia Bridge Bundle
[2013.01.17 22:26:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA 3D Vision driver
[2013.01.17 22:26:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.01.17 22:25:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013.01.17 22:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013.01.17 21:47:45 | 000,000,000 | ---D | C] -- C:\Windows\snApp
[2013.01.17 21:47:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\obstore
[2013.01.17 21:47:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\ext
[2013.01.17 21:40:28 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\FRITZ!
[2013.01.17 21:40:28 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\FRITZ!
[2013.01.17 21:35:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FRITZ!DSL
[2013.01.17 21:32:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.01.17 19:29:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.01.15 13:51:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2013.01.15 13:47:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2013.01.15 13:40:53 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2013.01.15 13:40:51 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\TestApp
[2013.01.13 22:52:02 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\TagsRevisited
[2013.01.13 22:24:07 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cheatbook Database2013
[2013.01.13 22:23:09 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Cheatbook
[2013.01.13 21:09:59 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\MigWiz
[2013.01.11 18:15:26 | 000,308,200 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.01.11 18:15:09 | 000,188,392 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.01.11 18:15:09 | 000,188,392 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.01.11 18:15:09 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.01.10 00:41:59 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.01.10 00:41:58 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.01.10 00:41:58 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.01.10 00:41:58 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.01.10 00:41:58 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.01.10 00:41:58 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.01.10 00:41:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.01.10 00:41:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.01.10 00:41:58 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.01.10 00:41:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.01.10 00:41:58 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.01.10 00:41:58 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.01.10 00:41:58 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.01.10 00:41:58 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.01.10 00:41:58 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.01.10 00:41:58 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.01.10 00:41:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.10 00:41:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.10 00:41:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.10 00:41:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.10 00:41:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.10 00:41:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.10 00:41:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.01.10 00:41:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.01.10 00:41:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.01.10 00:41:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.10 00:41:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.10 00:41:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.01.10 00:41:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.01.10 00:41:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.10 00:41:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.10 00:41:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.10 00:41:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.10 00:41:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.10 00:41:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.10 00:41:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.01.10 00:41:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.01.10 00:41:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.01.10 00:41:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.10 00:41:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.10 00:41:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.10 00:41:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.01.10 00:41:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.01.10 00:41:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.01.10 00:41:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.01.10 00:41:23 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013.01.10 00:41:23 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013.01.10 00:41:23 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013.01.10 00:41:23 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013.01.10 00:41:23 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013.01.10 00:41:23 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013.01.10 00:41:23 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013.01.10 00:41:22 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013.01.10 00:41:22 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013.01.10 00:41:22 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013.01.10 00:41:22 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013.01.10 00:41:22 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013.01.10 00:41:22 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013.01.10 00:41:22 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013.01.10 00:41:22 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013.01.10 00:41:22 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013.01.10 00:41:22 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013.01.10 00:41:22 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013.01.10 00:41:22 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013.01.10 00:41:22 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013.01.10 00:41:22 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013.01.10 00:41:22 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013.01.10 00:41:22 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013.01.10 00:41:22 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013.01.10 00:41:22 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013.01.10 00:41:22 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013.01.10 00:41:22 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013.01.10 00:41:22 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013.01.10 00:41:22 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013.01.10 00:41:22 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013.01.10 00:41:22 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013.01.10 00:41:21 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013.01.10 00:41:03 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.01.10 00:41:03 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.01.10 00:41:00 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013.01.10 00:40:57 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013.01.10 00:40:56 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013.01.09 13:24:08 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\7road
[2013.01.09 11:39:33 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\FileZilla
[2013.01.09 11:39:09 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2013.01.09 11:39:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2013.01.07 00:05:55 | 000,000,000 | ---D | C] -- C:\Temp
[2013.01.06 20:25:13 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Iminent
[2013.01.06 20:20:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2013.01.06 20:19:34 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PutLockerDownloader.com
[2013.01.04 22:32:02 | 000,000,000 | ---D | C] -- C:\Users\*****\Neuer Ordner
[2013.01.04 22:03:16 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\PlatinumHideIP
[2013.01.04 22:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\PlatinumHideIP
[2013.01.04 20:32:56 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\eType
[2013.01.04 18:25:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013.01.04 18:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013.01.04 18:24:29 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2013.01.04 18:24:29 | 001,361,336 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tosade.dll
[2013.01.04 18:24:29 | 000,836,544 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll
[2013.01.04 18:24:29 | 000,148,416 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo.dll
[2013.01.04 18:24:29 | 000,065,944 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\SysNative\tepeqapo64.dll
[2013.01.04 18:24:28 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013.01.04 18:24:28 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013.01.04 18:24:28 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013.01.04 18:24:28 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013.01.04 18:24:21 | 000,220,776 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2013.01.04 18:24:20 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2013.01.04 18:24:20 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2013.01.04 18:24:20 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2013.01.04 18:24:20 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2013.01.04 18:24:19 | 002,674,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2013.01.04 18:24:19 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2013.01.04 18:24:19 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2013.01.04 18:24:18 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2013.01.04 18:24:18 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll
[2013.01.04 18:24:17 | 003,615,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2013.01.04 18:24:16 | 000,869,520 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2013.01.04 18:24:16 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013.01.04 18:24:16 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013.01.04 18:24:16 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013.01.04 18:24:16 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013.01.04 18:24:13 | 005,096,448 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2013.01.04 18:24:13 | 001,262,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2013.01.04 18:24:13 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013.01.04 18:24:13 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013.01.04 18:24:12 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2013.01.04 18:24:12 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2013.01.04 18:24:12 | 000,105,616 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll
[2013.01.04 18:24:11 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2013.01.04 18:24:11 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2013.01.04 18:24:11 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2013.01.04 18:24:08 | 001,345,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
[2013.01.04 18:24:08 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2013.01.04 18:24:07 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2013.01.04 18:24:07 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2013.01.04 18:24:07 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2013.01.04 18:24:06 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2013.01.04 18:24:06 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2013.01.04 18:24:06 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013.01.04 18:24:02 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013.01.04 18:24:02 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2013.01.04 18:24:02 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2013.01.04 18:24:02 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2013.01.04 18:24:02 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2013.01.04 18:24:02 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2013.01.04 18:24:02 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2013.01.04 18:24:02 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2013.01.04 18:24:01 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2013.01.04 18:24:01 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2013.01.04 18:24:01 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2013.01.04 18:24:01 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2013.01.04 18:24:01 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2013.01.04 18:24:01 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2013.01.04 18:24:01 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2013.01.04 18:24:01 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2013.01.04 18:24:00 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2013.01.04 18:23:59 | 000,202,336 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2013.01.04 18:23:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013.01.04 01:48:24 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Screaming Bee
[2013.01.04 01:48:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Screaming Bee
[2013.01.04 01:48:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Screaming Bee
[2013.01.03 18:48:28 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\COMPUTERBILD-Abzockschutz
[2012.11.21 17:40:03 | 001,230,848 | ---- | C] (Alexander Roshal) -- C:\Users\*****\WinRAR.exe
[2012.11.21 17:40:03 | 000,287,744 | ---- | C] (Alexander Roshal) -- C:\Users\*****\UnRAR.exe
[2012.11.21 17:40:03 | 000,196,096 | ---- | C] (Alexander Roshal) -- C:\Users\*****\RarExt.dll
[2012.11.21 17:40:03 | 000,167,936 | ---- | C] (Alexander Roshal) -- C:\Users\*****\RarExt32.dll
[2012.11.21 17:40:02 | 000,426,496 | ---- | C] (Alexander Roshal) -- C:\Users\*****\Rar.exe
[2012.11.21 17:40:02 | 000,135,168 | ---- | C] (Alexander Roshal) -- C:\Users\*****\Uninstall.exe
[7 C:\Windows\SysWow64\drivers\ext\*.tmp files -> C:\Windows\SysWow64\drivers\ext\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.02 13:38:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.02 13:35:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3461211073-1526684044-2221221769-1000UA.job
[2013.02.02 12:53:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3461211073-1526684044-2221221769-1004UA.job
[2013.02.02 12:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.02 11:51:21 | 000,000,770 | ---- | M] () -- C:\Users\*****\Desktop\Demon Slayer - Anmeldeclient.lnk
[2013.02.02 11:38:45 | 000,022,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.02 11:38:45 | 000,022,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.02 11:32:44 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.02 11:32:37 | 000,004,872 | ---- | M] () -- C:\Windows\SysWow64\drivers\ext\tmp5622617008.cfg
[2013.02.02 11:31:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.02 11:31:10 | 3217,231,872 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.02 06:00:48 | 000,004,872 | ---- | M] () -- C:\Windows\SysWow64\drivers\ext\tmp5622617008.cfg.old
[2013.02.01 19:35:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3461211073-1526684044-2221221769-1000Core.job
[2013.02.01 19:29:14 | 000,000,456 | ---- | M] () -- C:\Users\*****\Desktop\Drahtlosnetzwerkverbindung - Verknüpfung.lnk
[2013.02.01 19:21:49 | 000,001,352 | ---- | M] () -- C:\Windows\SysWow64\drivers\ext\tmp4612141731.cfg
[2013.02.01 19:21:49 | 000,000,280 | ---- | M] () -- C:\Windows\SysWow64\drivers\ext\tmp9851225802.cfg
[2013.02.01 18:53:03 | 000,007,599 | ---- | M] () -- C:\Users\*****\AppData\Local\resmon.resmoncfg
[2013.02.01 17:41:32 | 000,054,104 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\kltdi.sys
[2013.02.01 17:41:31 | 000,613,720 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2013.02.01 16:55:27 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.02.01 16:14:53 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2013.02.01 14:24:57 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.02.01 11:42:43 | 001,621,308 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.01 11:42:43 | 000,700,418 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.01 11:42:43 | 000,655,090 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.01 11:42:43 | 000,149,182 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.01 11:42:43 | 000,121,962 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.31 22:25:51 | 000,000,280 | ---- | M] () -- C:\Windows\SysWow64\drivers\ext\tmp9851225802.cfg.old
[2013.01.31 22:25:50 | 000,001,112 | ---- | M] () -- C:\Windows\SysWow64\drivers\ext\tmp4612141731.cfg.old
[2013.01.20 03:53:05 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3461211073-1526684044-2221221769-1004Core.job
[2013.01.20 03:00:02 | 000,116,480 | ---- | M] (AVM Berlin) -- C:\Windows\SysNative\drivers\avmaura.sys
[2013.01.20 01:36:23 | 000,001,183 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.01.17 21:48:03 | 000,220,928 | ---- | M] () -- C:\Windows\SysWow64\bmon.exe
[2013.01.17 21:47:57 | 000,981,130 | ---- | M] () -- C:\Windows\SysWow64\drivers\ext\tmp5460680952.cfg
[2013.01.17 21:47:57 | 000,210,176 | ---- | M] () -- C:\Windows\SysWow64\sasvc.exe
[2013.01.17 21:47:55 | 000,034,099 | ---- | M] () -- C:\Windows\SysWow64\drivers\ext\tmp5129300737.cfg
[2013.01.17 21:47:54 | 000,002,637 | ---- | M] () -- C:\Windows\SysWow64\drivers\ext\tmp3866038127.cfg
[2013.01.17 21:47:53 | 000,113,573 | ---- | M] () -- C:\Windows\SysWow64\drivers\ext\tmp310869315.cfg
[2013.01.17 21:47:53 | 000,006,446 | ---- | M] () -- C:\Windows\SysWow64\drivers\ext\tmp2719844686.cfg
[2013.01.17 21:47:51 | 000,134,112 | ---- | M] () -- C:\Windows\SysWow64\drivers\ext\tmp23393047594.cfg
[2013.01.17 21:47:50 | 000,000,840 | ---- | M] () -- C:\Windows\SysWow64\drivers\ext\tmp167013990385.cfg
[2013.01.17 21:47:50 | 000,000,640 | ---- | M] () -- C:\Windows\SysWow64\drivers\ext\tmp6277024184.cfg
[2013.01.17 21:47:50 | 000,000,208 | ---- | M] () -- C:\Windows\SysWow64\drivers\ext\tmp3297547218.cfg
[2013.01.17 21:47:50 | 000,000,144 | ---- | M] () -- C:\Windows\SysWow64\drivers\ext\tmp4832236295.cfg
[2013.01.17 21:32:15 | 000,000,854 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.01.17 19:29:47 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.01.12 12:42:39 | 000,002,291 | ---- | M] () -- C:\Users\*****\Desktop\Google Chrome.lnk
[2013.01.12 03:49:02 | 000,001,319 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2013.01.12 03:30:38 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.01.12 03:30:33 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.01.11 18:14:53 | 000,308,200 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.01.11 18:14:53 | 000,188,392 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.01.11 18:14:53 | 000,188,392 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.01.11 18:14:53 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.01.11 18:14:52 | 001,081,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013.01.11 18:14:52 | 000,959,976 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013.01.10 01:51:38 | 000,464,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.10 01:02:11 | 001,599,202 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.08 22:53:22 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.01.08 22:53:22 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.01.07 23:41:10 | 000,000,898 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013.01.05 01:25:09 | 000,287,772 | ---- | M] () -- C:\Users\*****\Documents\ts3_clientui-win64-1351504843-2013-01-05 01_25_08.805906.dmp
[2013.01.05 01:09:03 | 000,280,500 | ---- | M] () -- C:\Users\*****\Documents\ts3_clientui-win64-1351504843-2013-01-05 01_09_02.558640.dmp
[2013.01.05 01:08:18 | 000,281,524 | ---- | M] () -- C:\Users\*****\Documents\ts3_clientui-win64-1351504843-2013-01-05 01_08_17.684073.dmp
[2013.01.05 00:59:44 | 000,280,772 | ---- | M] () -- C:\Users\*****\Documents\ts3_clientui-win64-1351504843-2013-01-05 00_59_44.316710.dmp
[2013.01.05 00:59:15 | 000,290,247 | ---- | M] () -- C:\Users\*****\Documents\ts3_clientui-win64-1351504843-2013-01-05 00_59_15.484061.dmp
[2013.01.05 00:20:39 | 000,290,107 | ---- | M] () -- C:\Users\*****\Documents\ts3_clientui-win64-1351504843-2013-01-05 00_20_36.210406.dmp
[2013.01.04 20:26:59 | 000,287,295 | ---- | M] () -- C:\Users\*****\Documents\ts3_clientui-win64-1351504843-2013-01-04 20_26_58.466637.dmp
[2013.01.04 01:48:24 | 000,002,284 | ---- | M] () -- C:\Users\*****\Desktop\MorphVOX Pro.lnk
[2013.01.03 22:33:12 | 000,000,078 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mbam.context.scan
[7 C:\Windows\SysWow64\drivers\ext\*.tmp files -> C:\Windows\SysWow64\drivers\ext\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.01 19:29:14 | 000,000,456 | ---- | C] () -- C:\Users\*****\Desktop\Drahtlosnetzwerkverbindung - Verknüpfung.lnk
[2013.02.01 16:21:12 | 000,001,178 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2013.01.31 18:59:56 | 000,017,266 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013.01.17 21:48:03 | 000,220,928 | ---- | C] () -- C:\Windows\SysWow64\bmon.exe
[2013.01.17 21:47:57 | 000,210,176 | ---- | C] () -- C:\Windows\SysWow64\sasvc.exe
[2013.01.17 21:47:56 | 000,981,130 | ---- | C] () -- C:\Windows\SysWow64\drivers\ext\tmp5460680952.cfg
[2013.01.17 21:47:55 | 000,034,099 | ---- | C] () -- C:\Windows\SysWow64\drivers\ext\tmp5129300737.cfg
[2013.01.17 21:47:54 | 000,002,637 | ---- | C] () -- C:\Windows\SysWow64\drivers\ext\tmp3866038127.cfg
[2013.01.17 21:47:53 | 000,113,573 | ---- | C] () -- C:\Windows\SysWow64\drivers\ext\tmp310869315.cfg
[2013.01.17 21:47:53 | 000,006,446 | ---- | C] () -- C:\Windows\SysWow64\drivers\ext\tmp2719844686.cfg
[2013.01.17 21:47:51 | 000,134,112 | ---- | C] () -- C:\Windows\SysWow64\drivers\ext\tmp23393047594.cfg
[2013.01.17 21:47:51 | 000,004,872 | ---- | C] () -- C:\Windows\SysWow64\drivers\ext\tmp5622617008.cfg.old
[2013.01.17 21:47:51 | 000,004,872 | ---- | C] () -- C:\Windows\SysWow64\drivers\ext\tmp5622617008.cfg
[2013.01.17 21:47:51 | 000,000,280 | ---- | C] () -- C:\Windows\SysWow64\drivers\ext\tmp9851225802.cfg.old
[2013.01.17 21:47:51 | 000,000,280 | ---- | C] () -- C:\Windows\SysWow64\drivers\ext\tmp9851225802.cfg
[2013.01.17 21:47:50 | 000,001,352 | ---- | C] () -- C:\Windows\SysWow64\drivers\ext\tmp4612141731.cfg
[2013.01.17 21:47:50 | 000,001,112 | ---- | C] () -- C:\Windows\SysWow64\drivers\ext\tmp4612141731.cfg.old
[2013.01.17 21:47:50 | 000,000,840 | ---- | C] () -- C:\Windows\SysWow64\drivers\ext\tmp167013990385.cfg
[2013.01.17 21:47:50 | 000,000,640 | ---- | C] () -- C:\Windows\SysWow64\drivers\ext\tmp6277024184.cfg
[2013.01.17 21:47:50 | 000,000,208 | ---- | C] () -- C:\Windows\SysWow64\drivers\ext\tmp3297547218.cfg
[2013.01.17 21:47:50 | 000,000,144 | ---- | C] () -- C:\Windows\SysWow64\drivers\ext\tmp4832236295.cfg
[2013.01.17 19:29:47 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.01.12 19:30:53 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3461211073-1526684044-2221221769-1000UA.job
[2013.01.12 19:30:52 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3461211073-1526684044-2221221769-1000Core.job
[2013.01.12 03:48:51 | 000,001,319 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2013.01.12 03:48:32 | 000,000,940 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3461211073-1526684044-2221221769-1004UA.job
[2013.01.12 03:48:30 | 000,000,918 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3461211073-1526684044-2221221769-1004Core.job
[2013.01.09 13:24:11 | 000,000,770 | ---- | C] () -- C:\Users\*****\Desktop\Demon Slayer - Anmeldeclient.lnk
[2013.01.06 20:24:17 | 000,000,898 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013.01.05 01:25:08 | 000,287,772 | ---- | C] () -- C:\Users\*****\Documents\ts3_clientui-win64-1351504843-2013-01-05 01_25_08.805906.dmp
[2013.01.05 01:09:02 | 000,280,500 | ---- | C] () -- C:\Users\*****\Documents\ts3_clientui-win64-1351504843-2013-01-05 01_09_02.558640.dmp
[2013.01.05 01:08:17 | 000,281,524 | ---- | C] () -- C:\Users\*****\Documents\ts3_clientui-win64-1351504843-2013-01-05 01_08_17.684073.dmp
[2013.01.05 00:59:44 | 000,280,772 | ---- | C] () -- C:\Users\*****\Documents\ts3_clientui-win64-1351504843-2013-01-05 00_59_44.316710.dmp
[2013.01.05 00:59:15 | 000,290,247 | ---- | C] () -- C:\Users\*****\Documents\ts3_clientui-win64-1351504843-2013-01-05 00_59_15.484061.dmp
[2013.01.05 00:20:36 | 000,290,107 | ---- | C] () -- C:\Users\*****\Documents\ts3_clientui-win64-1351504843-2013-01-05 00_20_36.210406.dmp
[2013.01.04 20:26:58 | 000,287,295 | ---- | C] () -- C:\Users\*****\Documents\ts3_clientui-win64-1351504843-2013-01-04 20_26_58.466637.dmp
[2013.01.04 18:24:13 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013.01.04 01:48:24 | 000,002,284 | ---- | C] () -- C:\Users\*****\Desktop\MorphVOX Pro.lnk
[2013.01.03 22:33:12 | 000,000,078 | ---- | C] () -- C:\Users\*****\AppData\Roaming\mbam.context.scan
[2012.11.23 22:26:12 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2012.11.23 22:26:11 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2012.11.23 22:26:11 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2012.11.23 22:26:11 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2012.11.23 20:55:14 | 000,003,584 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.21 17:40:14 | 000,000,022 | ---- | C] () -- C:\Users\*****\zipnew.dat
[2012.11.21 17:40:14 | 000,000,020 | ---- | C] () -- C:\Users\*****\rarnew.dat
[2012.11.21 17:40:06 | 000,337,657 | ---- | C] () -- C:\Users\*****\WinRAR.chm
[2012.11.21 17:40:06 | 000,109,824 | ---- | C] () -- C:\Users\*****\Zip64.SFX
[2012.11.21 17:40:06 | 000,103,180 | ---- | C] () -- C:\Users\*****\winrar.lng
[2012.11.21 17:40:06 | 000,082,944 | ---- | C] () -- C:\Users\*****\Zip.SFX
[2012.11.21 17:40:06 | 000,038,566 | ---- | C] () -- C:\Users\*****\rar.lng
[2012.11.21 17:40:06 | 000,008,028 | ---- | C] () -- C:\Users\*****\uninstall.lng
[2012.11.21 17:40:06 | 000,003,584 | ---- | C] () -- C:\Users\*****\rarext.lng
[2012.11.21 17:40:05 | 000,106,448 | ---- | C] () -- C:\Users\*****\WinCon64.SFX
[2012.11.21 17:40:04 | 000,140,032 | ---- | C] () -- C:\Users\*****\Default64.SFX
[2012.11.21 17:40:04 | 000,102,400 | ---- | C] () -- C:\Users\*****\Default.SFX
[2012.11.21 17:40:04 | 000,076,288 | ---- | C] () -- C:\Users\*****\WinCon.SFX
[2012.11.21 17:40:02 | 000,003,973 | ---- | C] () -- C:\Users\*****\Order.htm
[2012.11.21 17:40:02 | 000,001,400 | ---- | C] () -- C:\Users\*****\RarFiles.lst
[2012.11.21 17:40:02 | 000,000,686 | ---- | C] () -- C:\Users\*****\Uninstall.lst
[2012.11.21 17:40:01 | 000,001,420 | ---- | C] () -- C:\Users\*****\Descript.ion
[2012.11.21 17:40:01 | 000,000,616 | ---- | C] () -- C:\Users\*****\File_Id.diz
[2012.11.14 18:08:09 | 000,005,197 | ---- | C] () -- C:\Windows\wininit.ini
[2012.11.10 18:28:15 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\Userdata.ini
[2012.11.08 14:49:22 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll
[2012.11.08 14:45:19 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2012.11.08 14:45:01 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2012.11.05 22:42:26 | 000,000,306 | RHS- | C] () -- C:\Users\*****\ntuser.pol
[2012.10.26 00:08:11 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.10.23 18:47:48 | 000,001,644 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.10.23 18:47:48 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.10.19 22:00:11 | 000,000,049 | ---- | C] () -- C:\Users\*****\jagex_cl_loginapplet_LIVE.dat
[2012.10.19 21:53:57 | 000,000,047 | ---- | C] () -- C:\Users\*****\jagex_cl_runescape_LIVE.dat
[2012.10.19 21:53:57 | 000,000,024 | ---- | C] () -- C:\Users\*****\random.dat
[2012.10.18 22:10:08 | 000,007,599 | ---- | C] () -- C:\Users\*****\AppData\Local\resmon.resmoncfg
[2012.10.18 02:06:20 | 001,749,376 | ---- | C] () -- C:\Windows\SysWow64\snp2uvc.sys
[2012.10.18 02:06:19 | 000,172,032 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2012.10.18 02:06:19 | 000,028,032 | ---- | C] () -- C:\Windows\SysWow64\sncduvc.sys
[2012.10.18 02:06:19 | 000,000,131 | ---- | C] () -- C:\Windows\SysWow64\PidList.ini
[2012.10.18 01:26:28 | 000,000,030 | ---- | C] () -- C:\Windows\iedit.INI
[2012.10.18 01:22:41 | 000,000,603 | ---- | C] () -- C:\Windows\ulead32.ini
[2012.10.17 15:57:24 | 001,599,202 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.09 13:24:08 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\7road
[2012.10.22 18:00:57 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\AC3Filter
[2012.10.19 20:41:06 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\AnvSoft
[2013.01.03 18:48:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\COMPUTERBILD-Abzockschutz
[2013.02.01 22:55:59 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DAEMON Tools Pro
[2013.02.01 00:04:08 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\dclogs
[2013.01.04 20:33:58 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\eType
[2012.12.09 02:31:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\EurekaLog
[2013.01.31 19:31:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FileZilla
[2013.01.17 21:40:54 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FRITZ!
[2013.01.07 23:40:36 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Iminent
[2012.12.20 16:24:28 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\LumacDaemon
[2012.11.08 17:47:25 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\MAGIX
[2012.11.03 23:11:08 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\MAXON
[2012.11.21 16:17:12 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2012.10.29 21:49:22 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2012.10.25 19:01:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OneTab
[2013.01.04 22:03:16 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PlatinumHideIP
[2012.10.18 22:31:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\portable
[2013.01.02 21:33:24 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Screaming Bee
[2012.12.06 22:37:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Steganos
[2013.01.12 03:41:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TeamViewer
[2013.01.15 13:40:51 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TestApp
[2013.02.01 14:29:52 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TS3Client
[2012.12.15 01:48:26 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ts3overlay
[2012.12.15 01:47:00 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ts3overlay_hook_win64
[2012.12.17 15:00:02 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TuneUp Software
[2012.11.15 20:46:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\uTorrent
[2012.12.07 19:50:47 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\EurekaLog
[2012.12.07 19:50:47 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\EurekaLog
[2012.12.07 19:50:47 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\EurekaLog
[2012.12.07 19:50:47 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\EurekaLog
[2012.12.07 19:50:47 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser.*****\AppData\Roaming\EurekaLog
[2012.10.17 18:05:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AnvSoft
[2013.01.20 06:31:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BabSolution
[2013.01.20 06:24:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Babylon
[2012.10.09 09:08:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DRPSu
[2013.01.07 15:00:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Iminent
[2012.11.08 15:01:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MAGIX
[2012.12.06 23:43:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Steganos
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >
         
HijackThis
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:54:01, on 02.02.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
C:\Program Files (x86)\LogMeIn Hamachi2\hamachi-2-ui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\*****\AppData\Local\Apps\2.0\QE3JXTYP.KJ7\9QHDYYQR.MOK\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\*****\Desktop\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=4f12f484-899c-41d0-9804-253b25f2e3e4&searchtype=ds&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=4f12f484-899c-41d0-9804-253b25f2e3e4&searchtype=ds&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={3BC7965D-419A-11E2-89A5-0017C4CA868C}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=4f12f484-899c-41d0-9804-253b25f2e3e4&searchtype=ds&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=4f12f484-899c-41d0-9804-253b25f2e3e4&searchtype=ds&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: ProxTube - {0AA2810A-F009-4BD7-A10A-32F140A1B9F3} - C:\Users\User\AppData\LocalLow\ProxTube\IE\ProxTube.dll (file missing)
O2 - BHO: OneTab Add-on - {16ADEA98-D215-4F51-80AF-5E5ED660B9C0} - C:\Users\*****\AppData\Roaming\OneTab\OneTab.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
O2 - BHO: (no name) - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - (no file)
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~2\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi2\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [AVMUSBFernanschluss] "C:\Users\*****\AppData\Local\Apps\2.0\QE3JXTYP.KJ7\9QHDYYQR.MOK\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\*****\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\*****\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
O4 - Startup: Facebook Messenger.lnk = *****\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BC0B89A-3EEF-4403-A4EA-677FF0919390}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{79177F28-CEC0-4E58-9BB4-BB8F83901D36}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{6BC0B89A-3EEF-4403-A4EA-677FF0919390}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{6BC0B89A-3EEF-4403-A4EA-677FF0919390}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: G-Filter Service (GFilterSvc) - Unknown owner - C:\Windows\System32\GFilterSvc.exe (file missing)
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi2\hamachi-2.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Monitor Color Manager (MCMUv2) - Unknown owner - C:\Windows\syswow64\bmon.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Messenger Plus! Service (MsgPlusService) - Yuna Software - C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Hauppauge MFC Power (prevhpst) - Unknown owner - C:\Windows\system32\L2SecHCd.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: USB Device Adapter (SABBv1b) - Unknown owner - C:\Windows\syswow64\sasvc.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 14820 bytes
         
__________________

Alt 02.02.2013, 17:50   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden - Standard

Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden



Zitat:
Ja weil dieser Backdoor Troj. in Quarantäne ist deswegen ist in LOGS nichts zu finden
Das ist ja nun Blödsinn hoch drei
Hast du dir überhaupt mal die Mühe gemacht meinen verlinkten Artikel zu lesen?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.02.2013, 17:55   #5
oguzhan002
 
Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden - Standard

Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden



Zitat:
Zitat von cosinus Beitrag anzeigen
Das ist ja nun Blödsinn hoch drei
Hast du dir überhaupt mal die Mühe gemacht meinen verlinkten Artikel zu lesen?
Ja das habe ich doch ... ich weiß ja jetzt wie man Logs einfügt.


Alt 02.02.2013, 17:56   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden - Standard

Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden



Zitat:
Ja das habe ich doch ...
Offensichtlich nicht oder du hast es nicht verstanden, sonst hätte man ja schon längst die Logs von dir bekommen
__________________
--> Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden

Alt 02.02.2013, 18:05   #7
oguzhan002
 
Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden - Standard

Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden



Zitat:
Zitat von cosinus Beitrag anzeigen
Offensichtlich nicht oder du hast es nicht verstanden, sonst hätte man ja schon längst die Logs von dir bekommen
Ich zeig dir MBAM LOG von 31.01.13 an dem Tag habe ich diesen Troj. gefunden.

Code:
ATTFilter
 Malwarebytes Anti-Malware  (PRO) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.31.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Abdullah :: ***** [Administrator]

Schutz: Aktiviert

31.01.2013 20:29:32
mbam-log-2013-01-31 (20-29-32).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 313696
Laufzeit: 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|rundll32 (Backdoor.Agent.DCGen) -> Daten: C:\Users\*****\AppData\Local\Temp\MSDCSC\msdcsc.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 02.02.2013, 18:07   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden - Standard

Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden



Sind das alle Logs mit Funden?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.02.2013, 18:10   #9
oguzhan002
 
Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden - Standard

Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden



Zitat:
Zitat von cosinus Beitrag anzeigen
Sind das alle Logs mit Funden?
In allen Loggs sind keine Funden.. ich habs nur bei MBAM Fund gefunden.

Ansonsten hätte ich die ja auch eingefügt.

Alt 03.02.2013, 00:25   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden - Standard

Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.02.2013, 17:15   #11
oguzhan002
 
Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden - Standard

Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden



Hier bitteschön alles wie gefolgt.

mbar-log-2013-02-03 (18-08-36)

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org

Database version: v2013.02.03.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
***** :: ***** [administrator]

03.02.2013 18:08:36
mbar-log-2013-02-03 (18-08-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29272
Time elapsed: 4 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Delete on reboot.
HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Alt 03.02.2013, 21:49   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden - Standard

Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden



Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus.

aswMBR-Download => aswMBR.exe - speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.02.2013, 14:17   #13
oguzhan002
 
Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden - Standard

Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden



aswMBR ist immer abgestürzt. Musste halt unten links auf ,,None'' stellen.
Dann konnte ich den Scan vollenden.

Das ist immer rausgekommen







GMER Logfile musste ich Anhängen weil wegen über 135.000 Zeichen.

aswMBR Logfile

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-04 15:03:11
-----------------------------
15:03:11.859    OS Version: Windows x64 6.1.7601 Service Pack 1
15:03:11.860    Number of processors: 2 586 0x170A
15:03:11.861    ComputerName: ***** UserName: 
15:03:14.504    Initialze error C000010E - driver not loaded
15:03:25.587    AVAST engine defs: 13020400
15:03:45.446    Service scanning
15:04:21.212    Modules scanning
15:04:21.219    Disk 0 trace - called modules:
15:04:21.222    
15:04:21.228    Scan finished successfully
15:05:08.848    The log file has been saved successfully to "C:\Users\*****\Desktop\aswMBR.txt"
         

Alt 04.02.2013, 14:23   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden - Standard

Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden



Zitat:
C:\Users\*****\Desktop\OggY95\Playworld 3 2011 Client1\Playworld\xb3-Patchlist-Creator2.exe
Was sagt dir das?

Und aswMBR bitte nochmal machen, da ist irgendwas schiefgelaufen und das Log was du gepostet hast ziemlich unbrauchbar
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.02.2013, 17:49   #15
oguzhan002
 
Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden - Standard

Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden



C:\Users\*****\Desktop\OggY95\Playworld 3 2011 Client1\Playworld\xb3-Patchlist-Creator2.exe

Das da ist ein MMORPG Online Spiel ,,Metin2'' nur halt Privater Server.
Dieser Patchlist ist kein Virus.Es lädt nur neue Datenlisten von der Server runter damit die Serverdateien aktuell bleiben.

habe nochmal Scan gemacht aber kommt nix, stürzt immer wieder ab wenn ich Quick Scan mache <.<

Geändert von oguzhan002 (04.02.2013 um 18:42 Uhr)

Antwort

Themen zu Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden
datei, dll, dsl, festplatte, fritzbox, geschwindigkeit, hijack, hijackthis, interne, internet, internetgeschwindigkeit, laptop, malwarebytes, microsoft, nichts, platte, plugins, problemlos, registry value, scan, schnell, software, trojaner, update, version, virus, windows, woche, wochen



Ähnliche Themen: Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden


  1. Windows 7 x64 - Internetzugang wird geblockt und gebremst
    Log-Analyse und Auswertung - 07.09.2014 (3)
  2. pop.optinal.globalupdate.a wird von malewarebytes gefunden, aber erscheint immer wieder
    Plagegeister aller Art und deren Bekämpfung - 13.08.2014 (15)
  3. Windows 7: Leerlauf Scan im BitDefender wird immer wieder ausgeschaltet und Browser Startseite "google" wird geändert
    Log-Analyse und Auswertung - 20.05.2014 (13)
  4. PC wird immer langsamer. Ich habe mehrere Backdoor server und einen trojaner + Adware
    Log-Analyse und Auswertung - 28.08.2013 (6)
  5. Mit Malwarebytes Backdoor/Agent ; Trojaner/Agent gefunden. Was Tun?
    Log-Analyse und Auswertung - 05.03.2013 (18)
  6. Exploit:HTML/IframeRef.Z wird immer wieder aufs neue gefunden
    Log-Analyse und Auswertung - 09.12.2011 (12)
  7. TR/Spy.59392.133 wird immer und immer wieder gefunden...
    Plagegeister aller Art und deren Bekämpfung - 30.10.2011 (11)
  8. backdoor.agent von mbam gefunden (hh.exe)
    Plagegeister aller Art und deren Bekämpfung - 01.02.2011 (24)
  9. Internet immer wieder langsam, dann wieder normal usw.
    Log-Analyse und Auswertung - 20.10.2010 (1)
  10. Trotz neuinstallation wird Internet immer wieder von Virus geblockt.
    Plagegeister aller Art und deren Bekämpfung - 27.08.2010 (2)
  11. Backdoor.Bot -> immer wieder in Registry eintrag zu finden.
    Log-Analyse und Auswertung - 15.08.2010 (19)
  12. 'BDS/Sinowal.ilw' [backdoor] und trojanische Pferde kommen immer wieder
    Log-Analyse und Auswertung - 06.05.2010 (7)
  13. TR/Agent.RUO kommt immer wieder, jetzt TR/Agent.RUO.6
    Plagegeister aller Art und deren Bekämpfung - 02.04.2010 (1)
  14. Backdoor wird gefunden!
    Log-Analyse und Auswertung - 30.12.2007 (0)
  15. Backdoor.Win32.Small.or kommt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 06.07.2007 (9)
  16. Trojaner SPY.VB.EH.3 wird immer wieder gefunden !
    Log-Analyse und Auswertung - 30.04.2005 (2)
  17. Backdoor programm BDS/Agent AY gefunden!!!
    Plagegeister aller Art und deren Bekämpfung - 15.03.2005 (1)

Zum Thema Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden - Hallo Community Ich habe vor 3-4 Wochen problemlos gesurft und hatte keine Probleme. Aber diese Woche habe ich gemerkt das mit mein Internet irgendwas nicht stimmt. Mein Internet wird immer - Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden...
Archiv
Du betrachtest: Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.