Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Miner.exe, TR/hijacker.Gen, etc?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 03.06.2013, 00:03   #1
Morbox
 
Miner.exe, TR/hijacker.Gen, etc? - Standard

Miner.exe, TR/hijacker.Gen, etc?



Hallo! Super, dass es sowas wie diese Seite gibt!

Ich habe wegen Trojaner-Meldungen meinen Computer neu aufgesetzt und habe dabei nur die System-Partition gelöscht. Jetzt habe ich festgestellt, dass da eine Miner.exe (offenbar ein Bitcoinminer) läuft - das war vorher allerdings nicht. Bin mir nicht sicher, ob oder inwiefern die neue Infektion mit der alten zusammenhängt, aber offenbar war der schon da, als ich mein erstes Abbild erstellt hab...da hatte ich aber auch schon einige Programme runtergeladen. Zusätzlich erzählt mir Avira jetzt noch von einem "TR/Hijacker.Gen" in einer MuterHook-32.dll. Bisher läuft außer den Geschwindigkeitseinbrüchen durch den Miner (der nicht aus bleibt, wenn man ihn killt) alles stabil und ich hatte auch keine Probleme mit Konten oder so. Wäre eine Einschätzung möglich, wie stark meine Passwörter gefährdet sind? Ein Problem bei der Durchführung eurer Standard-Tests ist, dass GMER bei mir nicht läuft. Jedenfalls nicht lange, dann stürzt es ab. Hier die restlichen Logs:

OTL.txt als 7z

OTL Extras
Code:
ATTFilter
OTL Extras logfile created on: 02.06.2013 23:35:43 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Nyarlathothep\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,06 Gb Available Physical Memory | 67,70% Memory free
12,00 Gb Paging File | 9,74 Gb Available in Paging File | 81,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 488,28 Gb Total Space | 386,45 Gb Free Space | 79,15% Space Free | Partition Type: NTFS
Drive D: | 488,18 Gb Total Space | 464,96 Gb Free Space | 95,24% Space Free | Partition Type: NTFS
Drive E: | 886,45 Gb Total Space | 213,24 Gb Free Space | 24,06% Space Free | Partition Type: NTFS
Drive F: | 7,59 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 596,17 Gb Total Space | 68,42 Gb Free Space | 11,48% Space Free | Partition Type: NTFS
 
Computer Name: RHEA | User Name: Nyarlathothep | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1540B103-8F17-4EF0-B6ED-543E97818A82}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{1EEA4F2A-2B5C-4CDA-9555-CE9CD9480914}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{41EAE35B-8F16-418E-86D7-39870CFCAE60}" = lport=138 | protocol=17 | dir=in | app=system | 
"{44DD3166-E011-4E1D-9E35-C60E5A28901B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{481C42E9-086C-4526-BF1B-2D2C23DAE67E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6D423D50-DBDE-4FC7-8D18-A08022A7BED5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{82A385A8-E8D7-49C5-8EAA-198D3A43AF8E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8BD9B978-F400-4D21-9553-36E9AAD4965E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{91FC4D39-B846-4E36-9C78-3BA916E6C6B9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9DA4B644-B7AC-4E32-9EC9-D340B44E8D19}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9E022012-4086-44EC-9B06-98BB7C3BAF5A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{ABCF6F27-841E-4C44-802F-E12D300B2693}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{AFAE1F1B-DFDF-444F-A368-6D3AF3FD3061}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AFD9E10C-A3E3-47E4-9B4C-C38AA7F66541}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B3A2E33C-A8ED-491F-BEA2-10CDAE71F593}" = lport=137 | protocol=17 | dir=in | app=system | 
"{BE7520EA-AB7F-4692-8704-A76F75AD37EE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CC2B2658-AD89-42FA-ABD6-68F0FC6DD446}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E4893491-8778-4AE4-A465-55E6BD51EEEF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ED8F4F7D-259C-4584-A9C4-46926D0E30DB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EF02404D-BE4A-483B-B2E3-B7C45E697436}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F9046807-1E64-4B7F-9C32-8B536FABD092}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02750B74-AF7A-426C-8397-05D9189EBA5C}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\brutallegend\brutallegend.exe | 
"{0E812CAE-4564-4EFE-9BE6-C4119BBFC448}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{169A1915-D7E7-4069-AE84-0DB0DB168FE9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{17708AEC-A023-4C13-9EE8-6BD57B673ABA}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\prince of persia\launcher\launcher.exe | 
"{242FC206-E16A-4F6B-986D-2A85D7AF65AF}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"{26A1F545-F878-42C9-A98E-773AE3385AC5}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe | 
"{2942FEE7-9340-4BA3-BC24-CA701ED031EC}" = protocol=6 | dir=in | app=c:\spiele\the secret world\clientpatcher.exe | 
"{2FF93F3E-3A7A-43D7-A84F-559A2F00370B}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"{3039BFC2-8147-4595-A182-524FC381AEB4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{34D57681-E206-4930-8044-981DF5879839}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | 
"{37F1B995-629C-415A-B535-20B3A194431D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{38559919-9DF2-498F-82EB-984D5D8A5389}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\prince of persia\launcher\launcher.exe | 
"{3BF36B92-E853-435D-BE27-584B1B0D3E21}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{3CCBD957-D0A8-43E9-9272-37B67923CDA9}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\prince of persia two thrones\princeofpersia.exe | 
"{4169B2EB-C871-4A1A-AD89-5416559BE6A0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4240F69F-C52E-4262-A8CC-C87E1DC90961}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe | 
"{4E85090A-37D3-4490-B7A7-DDAF740BC552}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\darksiders 2\darksiders2.exe | 
"{50D6679A-BC4D-4256-8FA1-09353A8AD6DE}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\darksiders 2\darksiders2.exe | 
"{50F1AFA5-DEF7-44D7-9E70-681D7209E244}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{5871A23D-43B7-4A9A-BEBA-C66072A1D6CC}" = protocol=17 | dir=in | app=c:\users\nyarlathothep\appdata\roaming\dropbox\bin\dropbox.exe | 
"{59AF43CD-3C3E-4F69-9A5B-01C7333BF96F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5F685814-88B1-4397-ADC9-DF1F14C7AE60}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{60FEEB05-0530-413B-B526-24106B1484F0}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe | 
"{63556343-285E-41DA-801A-041BAAAE50BE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{66F764B2-C5AD-45E0-A322-E4EB11BD8921}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{73524250-304F-4828-91EA-739AE630E815}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7C22EC90-CCC1-4704-A249-214A65581879}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7F3565D0-ACD4-40C0-8477-1C5EA5BB6AF0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{84C2DB94-78BA-4F7C-8D45-0CC233154951}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{8AFC4ECB-70CC-4D70-88AE-96492E4D0C21}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9A3A8A8B-A21F-400D-AC20-209006930608}" = protocol=6 | dir=out | app=system | 
"{9B301EC2-A055-47BF-86DF-22402C922F7B}" = protocol=17 | dir=in | app=c:\spiele\the secret world\clientpatcher.exe | 
"{AA5A00DA-1AA3-411D-9503-E934D06B37DD}" = protocol=6 | dir=in | app=c:\users\nyarlathothep\appdata\roaming\dropbox\bin\dropbox.exe | 
"{AD76F172-D10C-4DFB-A410-621F0ACDE9B9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C14C99BA-8D1F-4167-932D-2B6B42393543}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | 
"{C6BDE43A-A037-457A-AE3A-B8A6BA33DC2D}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{D08ABC09-1EF8-4755-9452-2D6A5EF634B7}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{D41C517F-AD31-45C9-9D89-8C604FD33E53}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{D4DBD35A-C792-43D1-8D76-A5BE456CD2F0}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\prince of persia two thrones\princeofpersia.exe | 
"{D59DCB41-7BC4-484F-B422-CF6CF8BE671F}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\brutallegend\brutallegend.exe | 
"{D75C79CB-F083-4540-81FF-DF4134517B0E}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{DB31AA5F-4C51-4A47-BBBF-093797156F68}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\dota 2 beta\dota.exe | 
"{DBE14323-7140-43E5-B0B0-0F4D10B19B58}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{DE2A1967-B1D4-4E82-A0F3-42E5E514588F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{DEA801F1-5F09-4DF1-AC2F-2122F2189CD1}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\dota 2 beta\dota.exe | 
"{E222B542-6B02-4CE4-A3F7-610654905EB1}" = protocol=6 | dir=in | app=e:\steam\steam.exe | 
"{E7315B53-5F5F-40A0-A51D-77FF96E1FBEC}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe | 
"{EE96B9E1-DECE-49D1-ACE6-B5961B4CC616}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EEE0AF90-FD8B-4E68-9B8F-D6C7062B06B3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F176D5F0-1DFD-447C-9796-9BE94ACD83F2}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{F92297F6-452E-4494-B349-E9DED60D8758}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{FDEE965F-260C-4D26-A425-EF771B2377D8}" = protocol=17 | dir=in | app=e:\steam\steam.exe | 
"TCP Query User{2B456E2D-81FA-4C19-B975-FE06695E37A1}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
"TCP Query User{746085C9-E776-47F6-9C38-C6D822F0B103}E:\spiele\world of tanks\wotlauncher.exe" = protocol=6 | dir=in | app=e:\spiele\world of tanks\wotlauncher.exe | 
"TCP Query User{FBA1F8F6-78D1-4CCB-9BDD-F17E1464247A}C:\users\nyarlathothep\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\nyarlathothep\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{0456554D-40EF-491B-A2F1-C6AA295C4F60}E:\spiele\world of tanks\wotlauncher.exe" = protocol=17 | dir=in | app=e:\spiele\world of tanks\wotlauncher.exe | 
"UDP Query User{46AB6E10-ABEE-4F26-B157-319B6DAA589E}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
"UDP Query User{532DFB91-55CD-4FE5-A7B3-4A065D769B1E}C:\users\nyarlathothep\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\nyarlathothep\appdata\roaming\spotify\spotify.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003B37AE-21F5-5BC5-F5EB-CD60A8928696}" = AMD Accelerated Video Transcoding
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{24F93B56-61F5-415F-85B9-AA444DA34AFC}" = Microsoft Mouse and Keyboard Center
"{35D00343-3BFA-46A1-C6DD-FFD770501E0B}" = AMD Drag and Drop Transcoding
"{653B9326-BD45-53BE-681A-A49CAAEE8A3C}" = ccc-utility64
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}" = AMD Catalyst Install Manager
"{AAFE68DD-A2D5-BDBF-E1B2-CB01DEFD6EB0}" = AMD Media Foundation Decoders
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"8461-7759-5462-8226" = Vuze
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{13464292-6666-B2DB-1B0C-A3FE14DAD1F9}" = CCC Help Dutch
"{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Hama Wireless LAN Adapter
"{29E62210-A2B4-4809-8198-6F3055DA35DF}_is1" = WOT Tank Viewer version 0.4.1
"{338CD56F-1CDC-CF32-33F6-DED2DF92284E}" = CCC Help French
"{36A19DE0-7C35-41E3-9BA6-DB85C74B3021}" = SlimDrivers
"{46458556-5C46-79A9-A6FF-81DF1F8B2729}" = CCC Help Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{519D68B8-A768-4CDC-E4C9-B115D49CED93}" = CCC Help Norwegian
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{51D383BC-D988-8C1E-FAA1-BC5260A32A87}" = CCC Help Polish
"{5A883D2B-D279-0D01-6E62-B810AFD8CC62}" = Catalyst Control Center InstallProxy
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{67A4760F-9804-CCF6-C319-27840ED77924}" = CCC Help Korean
"{6BE5E4A9-D88B-532D-26E6-883C32BF098A}" = CCC Help Thai
"{6E0D26C1-4265-1D02-4D19-D0A8F6A463F8}" = Catalyst Control Center
"{73917C27-8DF3-4E3A-8B6B-DC4F2BE84F24}" = MURPG Character Builder
"{7DD62206-7B6C-E32E-BD11-B49B3B089D16}" = CCC Help Danish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9739158D-EDED-D628-9865-1460B5A7FAE3}" = CCC Help Portuguese
"{9809124C-0C4C-2367-7889-1E16D8EF1AAF}" = CCC Help Chinese Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A6E1EE9D-01DD-82FD-BDBC-193BCEF9FD5C}" = CCC Help Greek
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB13F192-49FC-A065-F15C-746B10CC43C8}" = CCC Help Japanese
"{AE548812-D611-608D-61C6-7E40F28573A2}" = CCC Help Russian
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{BC63AEF9-1367-9F7C-5926-52E56450EDCD}" = CCC Help Spanish
"{C1E2D27F-B363-588E-8859-9EF7F4EBF418}" = CCC Help Chinese Traditional
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron Version SRWare Iron 26.0.1450.1
"{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}" = Razer Lachesis
"{D76AC809-CCC1-6198-4970-A63FA5CF7DCB}" = CCC Help Swedish
"{DA675EE2-4C04-9699-0EE2-7EF9FE7AB870}" = CCC Help German
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.6.0
"{E06F7C95-4D68-63D9-2231-AA5F8E186FCB}" = CCC Help English
"{E21A8F3C-1ACB-46B1-CE72-E9CF09549DED}" = Catalyst Control Center Localization All
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E2F52AC2-B925-C18F-E1AE-42FBD46ECAC7}" = CCC Help Czech
"{E649AC39-69C0-C6FE-0A54-4752DB5D1FD2}" = Catalyst Control Center Graphics Previews Common
"{E9463114-898C-7C2A-2C47-E9ABC63F5D43}" = CCC Help Finnish
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F77ED0CD-2E5E-4FC7-82E0-BB7D461E739F}" = LibreOffice 4.0.3.3
"{FF10AC4D-3349-99DA-3E58-5197CEA1D833}" = CCC Help Italian
"{FFEC93FF-C162-C0C3-B5E7-01214B0E5F2D}" = CCC Help Turkish
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Audacity_is1" = Audacity 2.0.3
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Ultra" = DAEMON Tools Ultra
"DivX Setup" = DivX-Setup
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"ExpressBurn" = Express Burn
"FastStone Image Viewer" = FastStone Image Viewer 4.8
"foobar2000" = foobar2000 v1.2.6
"Foxit Reader_is1" = Foxit Reader
"Guitar Pro 5_is1" = Guitar Pro 5.1
"lrcfan@fansoft.br" = Lyrics Fan
"MixPad" = MixPad
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"RarmaRadio_is1" = RarmaRadio 2.69
"SearchProtect" = Search Protect by conduit
"The Secret World_is1" = The Secret World
"ToneGen" = NCH Tone Generator
"TradersLittleHelper_is1" = Trader's Little Helper 2.7.0
"TrueCrypt" = TrueCrypt
"Ultracopier" = Ultracopier 1.0.1.4
"VLC media player" = VLC media player 2.0.6
"Voxal" = Voxal Voice Changer
"WavePad" = WavePad Sound Editor
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 28.05.2013 16:41:54 | Computer Name = Rhea | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 28.05.2013 22:27:00 | Computer Name = Rhea | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mscorsvw.exe, Version: 4.0.30319.17929,
 Zeitstempel: 0x4ffa55d9  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x732d6a64  ID des fehlerhaften
 Prozesses: 0xbd0  Startzeit der fehlerhaften Anwendung: 0x01ce5c13fccd6074  Pfad der
 fehlerhaften Anwendung: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 3d571329-c807-11e2-809f-001fd0800614
 
Error - 28.05.2013 22:27:03 | Computer Name = Rhea | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: UMVPFSrv.exe, Version: 13.31.1044.0,
 Zeitstempel: 0x4f166843  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x732d6a64  ID des fehlerhaften
 Prozesses: 0x454  Startzeit der fehlerhaften Anwendung: 0x01ce5c13ab14422c  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 3f521843-c807-11e2-809f-001fd0800614
 
Error - 28.05.2013 22:27:05 | Computer Name = Rhea | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CltMngSvc.exe, Version: 1.5.0.71,
 Zeitstempel: 0x5189ee17  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x732d6a64  ID des fehlerhaften
 Prozesses: 0x71c  Startzeit der fehlerhaften Anwendung: 0x01ce5c13afe54afa  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 4017aa7a-c807-11e2-809f-001fd0800614
 
Error - 28.05.2013 22:27:06 | Computer Name = Rhea | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RaRegistry.exe, Version: 1.0.0.15,
 Zeitstempel: 0x4c049b79  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x732d6a64  ID des fehlerhaften
 Prozesses: 0x748  Startzeit der fehlerhaften Anwendung: 0x01ce5c13b05eb128  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Hama\Common\RaRegistry.exe  Pfad des
 fehlerhaften Moduls: unknown  Berichtskennung: 4141367c-c807-11e2-809f-001fd0800614
 
Error - 28.05.2013 22:27:21 | Computer Name = Rhea | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SDWSCSvc.exe, Version: 2.1.18.2, 
Zeitstempel: 0x51936fb9  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, 
Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x732d6a64  ID des fehlerhaften
 Prozesses: 0x6ec  Startzeit der fehlerhaften Anwendung: 0x01ce5c13b4336819  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 49add535-c807-11e2-809f-001fd0800614
 
Error - 28.05.2013 22:27:21 | Computer Name = Rhea | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SDUpdSvc.exe, Version: 2.1.18.76,
 Zeitstempel: 0x51949f41  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x732d6a64  ID des fehlerhaften
 Prozesses: 0x544  Startzeit der fehlerhaften Anwendung: 0x01ce5c13b2c0116e  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 49b9bc16-c807-11e2-809f-001fd0800614
 
Error - 28.05.2013 22:27:21 | Computer Name = Rhea | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SDFSSvc.exe, Version: 2.1.18.208,
 Zeitstempel: 0x51949f3c  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x732d6a64  ID des fehlerhaften
 Prozesses: 0x788  Startzeit der fehlerhaften Anwendung: 0x01ce5c13b06a9809  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 49b9e326-c807-11e2-809f-001fd0800614
 
Error - 29.05.2013 18:27:17 | Computer Name = Rhea | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Nyarlathothep\Downloads\SoftonicDownloader_fuer_mixpad.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
 
Error - 29.05.2013 21:57:30 | Computer Name = Rhea | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\rarmaradio\CrashReport.exe".  Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 28.05.2013 22:27:27 | Computer Name = Rhea | Source = Service Control Manager | ID = 7034
Description = Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits 3
 Mal passiert.
 
Error - 28.05.2013 22:27:32 | Computer Name = Rhea | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147467243.
 
Error - 28.05.2013 22:31:00 | Computer Name = Rhea | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler 
beendet:   %%16405
 
Error - 28.05.2013 23:07:44 | Computer Name = Rhea | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von 
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
 Firmware verfügbar ist.
 
Error - 02.06.2013 16:59:42 | Computer Name = Rhea | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?02.?06.?2013 um 22:57:26 unerwartet heruntergefahren.
 
Error - 02.06.2013 16:59:43 | Computer Name = Rhea | Source = BugCheck | ID = 1001
Description = 
 
Error - 02.06.2013 17:00:15 | Computer Name = Rhea | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Spybot-S&D 2 Scanner Service erreicht.
 
Error - 02.06.2013 17:00:15 | Computer Name = Rhea | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 02.06.2013 17:00:45 | Computer Name = Rhea | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Spybot-S&D 2 Updating Service erreicht.
 
Error - 02.06.2013 17:00:45 | Computer Name = Rhea | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Spybot-S&D 2 Updating Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
 
< End of report >
         

Alt 03.06.2013, 00:11   #2
aharonov
/// TB-Ausbilder
 
Miner.exe, TR/hijacker.Gen, etc? - Standard

Miner.exe, TR/hijacker.Gen, etc?



Hi,

Zitat:
Jetzt habe ich festgestellt, dass da eine Miner.exe (offenbar ein Bitcoinminer) läuft - das war vorher allerdings nicht.
Diesen Miner hast du dir selber mit der Software "Ultracopier 1.0.1.4" installiert:
Code:
ATTFilter
C:\Programme\Ultracopier\miner\miner.exe
         
War das bewusst?

Zitat:
Zusätzlich erzählt mir Avira jetzt noch von einem "TR/Hijacker.Gen" in einer MuterHook-32.dll.
Kannst du mir bitte den Report von Avira noch posten, wo dieser Fund genau dokumentiert ist?
__________________

__________________

Alt 03.06.2013, 00:29   #3
Morbox
 
Miner.exe, TR/hijacker.Gen, etc? - Standard

Miner.exe, TR/hijacker.Gen, etc?



Ach...so...das ist natürlich dämlich. Dachte, das wäre einfach eine normale neue Version von Super Copier 2. Naja. Reicht deinstallieren von Ultracopier?

Der Ordner der anderen Datei lässt sich in Appdata auf ein Firefox-Plugin zurückverfolgen, das bisher keine Probleme gemacht hat, das ich aber doch nicht wirklich brauche, da es Flash nicht muten kann (APPDATA\Roaming\Mozilla\Firefox\Profiles\djgxui4n.default\extensions\muter@yxl.name\modules\ctypes-binary\MuterHook-32.dll). Soll ich das deinstallieren? Was ist sonst zu tun?
__________________

Alt 03.06.2013, 00:50   #4
aharonov
/// TB-Ausbilder
 
Miner.exe, TR/hijacker.Gen, etc? - Standard

Miner.exe, TR/hijacker.Gen, etc?



Ja, deinstalliere die beiden erwähnten Dinge.
Zusätzlich:


Schritt 1
  • Gehe zu Start --> Systemsteuerung und öffne Programme und Funktionen.
  • Suche und deinstalliere dort der Reihe nach folgende Einträge:
    • Lyrics Fan
    • Search Protect by conduit
  • Schliesse das Fenster wieder und führe einen Neustart durch, wenn das gefordert wurde.



Schritt 2

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 3

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von AdwCleaner
  • Log von OTL
__________________
cheers,
Leo

Alt 03.06.2013, 01:24   #5
Morbox
 
Miner.exe, TR/hijacker.Gen, etc? - Standard

Miner.exe, TR/hijacker.Gen, etc?



Adwcleaner:

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.301 - Datei am 03/06/2013 um 02:22:50 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Professional  (64 bits)
# Benutzer : Nyarlathothep - RHEA
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Nyarlathothep\Downloads\adwcleaner(1).exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Users\Nyarlathothep\AppData\Roaming\Mozilla\Firefox\Profiles\djgxui4n.default\jetpack

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\APN PIP
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Schlüssel Gefunden : HKCU\Software\SearchProtect
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gefunden : HKLM\Software\PIP

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Nyarlathothep\AppData\Roaming\Mozilla\Firefox\Profiles\djgxui4n.default\prefs.js

Gefunden : user_pref("CT3282495.1000082.isPlayDisplay", "true");
Gefunden : user_pref("CT3282495.1000082.state", "{\"state\":\"stopped\",\"text\":\"Virgin Ra...\",\"description[...]
Gefunden : user_pref("CT3282495.1000234.TWC_TMP_city", "SULZBACH");
Gefunden : user_pref("CT3282495.1000234.TWC_TMP_country", "DE");
Gefunden : user_pref("CT3282495.1000234.TWC_country", "GERMANY");
Gefunden : user_pref("CT3282495.1000234.TWC_locId", "GMTH1656");
Gefunden : user_pref("CT3282495.1000234.TWC_location", "Sulzbach, Germany");
Gefunden : user_pref("CT3282495.1000234.TWC_region", "DE");
Gefunden : user_pref("CT3282495.1000234.TWC_temp_dis", "c");
Gefunden : user_pref("CT3282495.1000234.TWC_wind_dis", "kmh");
Gefunden : user_pref("CT3282495.1000234.weatherData", "{\"icon\":\"26.png\",\"temperature\":\"7°C\",\"temperatu[...]
Gefunden : user_pref("CT3282495.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT3282495.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gefunden : user_pref("CT3282495.FF19Solved", "true");
Gefunden : user_pref("CT3282495.FirstTime", "true");
Gefunden : user_pref("CT3282495.FirstTimeFF3", "true");
Gefunden : user_pref("CT3282495.UserID", "UN20362629623244930");
Gefunden : user_pref("CT3282495.addressBarTakeOverEnabledInHidden", "true");
Gefunden : user_pref("CT3282495.addressUrlXPETakeover", "true");
Gefunden : user_pref("CT3282495.autoDisableScopes", 0);
Gefunden : user_pref("CT3282495.defaultSearch", "false");
Gefunden : user_pref("CT3282495.embeddedsData", "[{\"appId\":\"130038710980568143\",\"apiPermissions\":{\"cross[...]
Gefunden : user_pref("CT3282495.enableAlerts", "true");
Gefunden : user_pref("CT3282495.enableFix404ByUser", "TRUE");
Gefunden : user_pref("CT3282495.enableSearchFromAddressBar", "true");
Gefunden : user_pref("CT3282495.firstTimeDialogOpened", "true");
Gefunden : user_pref("CT3282495.fixPageNotFoundError", "true");
Gefunden : user_pref("CT3282495.fixPageNotFoundErrorByUser", "true");
Gefunden : user_pref("CT3282495.fixPageNotFoundErrorInHidden", "true");
Gefunden : user_pref("CT3282495.fixUrls", true);
Gefunden : user_pref("CT3282495.hxxp___pinterest_aot_im.isEnabled.enc", "WQ==");
Gefunden : user_pref("CT3282495.installDate", "24/5/2013 11:25:52");
Gefunden : user_pref("CT3282495.installId", "conduitinstaller.exe");
Gefunden : user_pref("CT3282495.installSessionId", "-1");
Gefunden : user_pref("CT3282495.installSp", "true");
Gefunden : user_pref("CT3282495.installType", "conduitnsisintegration");
Gefunden : user_pref("CT3282495.installUsage", "2013-05-24T12:26:51.7705654+03:00");
Gefunden : user_pref("CT3282495.installUsageEarly", "2013-05-24T12:26:33.5203885+03:00");
Gefunden : user_pref("CT3282495.installerVersion", "1.4.2.3");
Gefunden : user_pref("CT3282495.isCheckedStartAsHidden", true);
Gefunden : user_pref("CT3282495.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT3282495.isFirstTimeToolbarLoading", "false");
Gefunden : user_pref("CT3282495.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gefunden : user_pref("CT3282495.keyword", "true");
Gefunden : user_pref("CT3282495.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.condui[...]
Gefunden : user_pref("CT3282495.lastVersion", "10.16.2.10");
Gefunden : user_pref("CT3282495.mam_gk_installer_preapproved.enc", "dHJ1ZQ==");
Gefunden : user_pref("CT3282495.migrateAppsAndComponents", true);
Gefunden : user_pref("CT3282495.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fskyrim.nexusmods[...]
Gefunden : user_pref("CT3282495.openThankYouPage", "false");
Gefunden : user_pref("CT3282495.openUninstallPage", "true");
Gefunden : user_pref("CT3282495.originalSearchAddressUrl", "");
Gefunden : user_pref("CT3282495.revertSettingsEnabled", "false");
Gefunden : user_pref("CT3282495.search.searchAppId", "130038710980568143");
Gefunden : user_pref("CT3282495.search.searchCount", "0");
Gefunden : user_pref("CT3282495.searchInNewTabEnabledByUser", "false");
Gefunden : user_pref("CT3282495.searchInNewTabEnabledInHidden", "true");
Gefunden : user_pref("CT3282495.searchRevert", "false");
Gefunden : user_pref("CT3282495.searchUserMode", "1");
Gefunden : user_pref("CT3282495.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT3282495.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gefunden : user_pref("CT3282495.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]
Gefunden : user_pref("CT3282495.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gefunden : user_pref("CT3282495.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gefunden : user_pref("CT3282495.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gefunden : user_pref("CT3282495.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gefunden : user_pref("CT3282495.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1369387625204");
Gefunden : user_pref("CT3282495.serviceLayer_services_appsMetadata_lastUpdate", "1369387612635");
Gefunden : user_pref("CT3282495.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1369387610631");
Gefunden : user_pref("CT3282495.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1369387592[...]
Gefunden : user_pref("CT3282495.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1369387611162")[...]
Gefunden : user_pref("CT3282495.serviceLayer_services_location_lastUpdate", "1369387594118");
Gefunden : user_pref("CT3282495.serviceLayer_services_login_10.16.2.10_lastUpdate", "1369387611080");
Gefunden : user_pref("CT3282495.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1369387611363");
Gefunden : user_pref("CT3282495.serviceLayer_services_searchAPI_lastUpdate", "1369387603711");
Gefunden : user_pref("CT3282495.serviceLayer_services_serviceMap_lastUpdate", "1369387588823");
Gefunden : user_pref("CT3282495.serviceLayer_services_toolbarContextMenu_lastUpdate", "1369387606459");
Gefunden : user_pref("CT3282495.serviceLayer_services_toolbarSettings_lastUpdate", "1369387604928");
Gefunden : user_pref("CT3282495.serviceLayer_services_translation_lastUpdate", "1369387610431");
Gefunden : user_pref("CT3282495.settingsINI", true);
Gefunden : user_pref("CT3282495.shouldFirstTimeDialog", "false");
Gefunden : user_pref("CT3282495.showToolbarPermission", "false");
Gefunden : user_pref("CT3282495.smartbar.CTID", "CT3282495");
Gefunden : user_pref("CT3282495.smartbar.Uninstall", "0");
Gefunden : user_pref("CT3282495.smartbar.toolbarName", "NCH_EN ");
Gefunden : user_pref("CT3282495.startPage", "false");
Gefunden : user_pref("CT3282495.toolbarBornServerTime", "24-5-2013");
Gefunden : user_pref("CT3282495.toolbarCurrentServerTime", "24-5-2013");
Gefunden : user_pref("CT3282495.toolbarLoginClientTime", "Fri May 24 2013 11:26:51 GMT+0200");
Gefunden : user_pref("CT3282495.twitter_v1.8.0_twitter_app_open_t_f.enc", "ZmFsc2U=");
Gefunden : user_pref("CT3282495.versionFromInstaller", "10.16.2.10");
Gefunden : user_pref("CT3282495_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Gefunden : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Gefunden : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir[...]
Gefunden : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282495&SearchSource=2&CU[...]
Gefunden : user_pref("smartbar.addressBarOwnerCTID", "CT3282495");
Gefunden : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Gefunden : user_pref("smartbar.machineId", "P4FON156MEWBDLMXHLCHYLRAZYPSRCXFEZJAL0XQ0WEQSMBU1ATOESS9Y/Z93AUMKVC[...]

-\\ Chromium v26.0.1450.1

Datei : C:\Users\Nyarlathothep\AppData\Local\Chromium\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [20159 octets] - [28/05/2013 00:44:16]
AdwCleaner[R2].txt - [10125 octets] - [03/06/2013 02:01:31]
AdwCleaner[R3].txt - [10186 octets] - [03/06/2013 02:02:05]
AdwCleaner[R4].txt - [9938 octets] - [03/06/2013 02:22:50]
AdwCleaner[S1].txt - [10265 octets] - [28/05/2013 00:44:51]

########## EOF - C:\AdwCleaner[R4].txt - [10059 octets] ##########
         
--- --- ---

[/code]

OTL
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.06.2013 02:14:30 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Nyarlathothep\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 3,97 Gb Available Physical Memory | 66,22% Memory free
12,00 Gb Paging File | 9,87 Gb Available in Paging File | 82,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 488,28 Gb Total Space | 385,96 Gb Free Space | 79,05% Space Free | Partition Type: NTFS
Drive D: | 488,18 Gb Total Space | 464,96 Gb Free Space | 95,24% Space Free | Partition Type: NTFS
Drive E: | 886,45 Gb Total Space | 213,24 Gb Free Space | 24,06% Space Free | Partition Type: NTFS
Drive F: | 7,59 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 596,17 Gb Total Space | 68,42 Gb Free Space | 11,48% Space Free | Partition Type: NTFS
 
Computer Name: RHEA | User Name: Nyarlathothep | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.03 01:59:45 | 000,632,031 | ---- | M] () -- C:\Users\Nyarlathothep\Downloads\adwcleaner(1).exe
PRC - [2013.05.28 23:52:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nyarlathothep\Desktop\OTL.exe
PRC - [2013.05.24 10:27:07 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
PRC - [2013.05.23 23:19:06 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.05.23 23:18:46 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.05.23 23:18:45 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.05.23 20:10:52 | 028,712,088 | ---- | M] (Dropbox, Inc.) -- C:\Users\Nyarlathothep\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.05.23 13:32:08 | 000,632,352 | ---- | M] (Disc Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
PRC - [2013.05.16 10:59:00 | 003,830,224 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013.05.16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013.05.15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013.05.04 01:35:30 | 001,635,752 | ---- | M] (Valve Corporation) -- E:\Steam\Steam.exe
PRC - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013.04.24 14:12:18 | 029,374,784 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
PRC - [2013.04.16 16:10:44 | 019,662,744 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2010.06.15 10:36:40 | 006,479,712 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Hama\Common\RaUI.exe
PRC - [2010.06.01 13:37:58 | 000,193,888 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Hama\Common\RaRegistry.exe
PRC - [2007.09.12 11:52:18 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
PRC - [2007.06.05 10:37:12 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Lachesis\razerofa.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.06.03 01:59:45 | 000,632,031 | ---- | M] () -- C:\Users\Nyarlathothep\Downloads\adwcleaner(1).exe
MOD - [2013.06.02 23:01:35 | 001,175,040 | ---- | M] () -- C:\Users\NYARLA~1\AppData\Local\Temp\_MEI38762\wx._core_.pyd
MOD - [2013.06.02 23:01:35 | 001,153,024 | ---- | M] () -- C:\Users\NYARLA~1\AppData\Local\Temp\_MEI38762\_ssl.pyd
MOD - [2013.06.02 23:01:35 | 001,022,416 | ---- | M] () -- C:\Users\NYARLA~1\AppData\Local\Temp\_MEI38762\windows._cacheinvalidation.pyd
MOD - [2013.06.02 23:01:35 | 000,811,008 | ---- | M] () -- C:\Users\NYARLA~1\AppData\Local\Temp\_MEI38762\wx._windows_.pyd
MOD - [2013.06.02 23:01:35 | 000,805,888 | ---- | M] () -- C:\Users\NYARLA~1\AppData\Local\Temp\_MEI38762\wx._gdi_.pyd
MOD - [2013.06.02 23:01:35 | 000,735,232 | ---- | M] () -- C:\Users\NYARLA~1\AppData\Local\Temp\_MEI38762\wx._misc_.pyd
MOD - [2013.06.02 23:01:35 | 000,711,680 | ---- | M] () -- C:\Users\NYARLA~1\AppData\Local\Temp\_MEI38762\_hashlib.pyd
MOD - [2013.06.02 23:01:35 | 000,557,056 | ---- | M] () -- C:\Users\NYARLA~1\AppData\Local\Temp\_MEI38762\pysqlite2._sqlite.pyd
MOD - [2013.06.02 23:01:35 | 000,364,544 | ---- | M] () -- C:\Users\NYARLA~1\AppData\Local\Temp\_MEI38762\pythoncom27.dll
MOD - [2013.06.02 23:01:35 | 000,320,512 | ---- | M] () -- C:\Users\NYARLA~1\AppData\Local\Temp\_MEI38762\win32com.shell.shell.pyd
MOD - [2013.06.02 23:01:35 | 000,128,512 | ---- | M] () -- C:\Users\NYARLA~1\AppData\Local\Temp\_MEI38762\_elementtree.pyd
MOD - [2013.06.02 23:01:35 | 000,122,368 | ---- | M] () -- C:\Users\NYARLA~1\AppData\Local\Temp\_MEI38762\wx._wizard.pyd
MOD - [2013.06.02 23:01:35 | 000,119,808 | ---- | M] () -- C:\Users\NYARLA~1\AppData\Local\Temp\_MEI38762\win32file.pyd
MOD - [2013.06.02 23:01:35 | 000,110,080 | ---- | M] () -- C:\Users\NYARLA~1\AppData\Local\Temp\_MEI38762\pywintypes27.dll
MOD - [2013.06.02 23:01:35 | 000,108,544 | ---- | M] () -- C:\Users\NYARLA~1\AppData\Local\Temp\_MEI38762\win32security.pyd
MOD - [2013.06.02 23:01:35 | 000,098,816 | ---- | M] () -- C:\Users\NYARLA~1\AppData\Local\Temp\_MEI38762\win32api.pyd
MOD - [2013.06.02 23:01:35 | 000,087,040 | ---- | M] () -- C:\Users\NYARLA~1\AppData\Local\Temp\_MEI38762\_ctypes.pyd
MOD - [2013.06.02 23:01:35 | 000,070,656 | ---- | M] () -- C:\Users\NYARLA~1\AppData\Local\Temp\_MEI38762\wx._html2.pyd
MOD - [2013.06.02 23:01:35 | 000,044,032 | ---- | M] () -- C:\Users\NYARLA~1\AppData\Local\Temp\_MEI38762\_socket.pyd
MOD - [2013.06.02 23:01:35 | 000,035,840 | ---- | M] () -- C:\Users\NYARLA~1\AppData\Local\Temp\_MEI38762\win32process.pyd
MOD - [2013.06.02 23:01:35 | 000,026,624 | ---- | M] () -- C:\Users\NYARLA~1\AppData\Local\Temp\_MEI38762\_multiprocessing.pyd
MOD - [2013.06.02 23:01:35 | 000,025,600 | ---- | M] () -- C:\Users\NYARLA~1\AppData\Local\Temp\_MEI38762\win32pdh.pyd
MOD - [2013.06.02 23:01:35 | 000,022,528 | ---- | M] () -- C:\Users\NYARLA~1\AppData\Local\Temp\_MEI38762\win32ts.pyd
MOD - [2013.06.02 23:01:35 | 000,017,408 | ---- | M] () -- C:\Users\NYARLA~1\AppData\Local\Temp\_MEI38762\win32profile.pyd
MOD - [2013.06.02 23:01:35 | 000,011,264 | ---- | M] () -- C:\Users\NYARLA~1\AppData\Local\Temp\_MEI38762\win32crypt.pyd
MOD - [2013.06.02 23:01:34 | 001,062,400 | ---- | M] () -- C:\Users\NYARLA~1\AppData\Local\Temp\_MEI38762\wx._controls_.pyd
MOD - [2013.06.02 23:01:34 | 000,686,080 | ---- | M] () -- C:\Users\NYARLA~1\AppData\Local\Temp\_MEI38762\unicodedata.pyd
MOD - [2013.06.02 23:01:34 | 000,127,488 | ---- | M] () -- C:\Users\NYARLA~1\AppData\Local\Temp\_MEI38762\pyexpat.pyd
MOD - [2013.06.02 23:01:34 | 000,038,912 | ---- | M] () -- C:\Users\NYARLA~1\AppData\Local\Temp\_MEI38762\win32inet.pyd
MOD - [2013.06.02 23:01:34 | 000,018,432 | ---- | M] () -- C:\Users\NYARLA~1\AppData\Local\Temp\_MEI38762\win32event.pyd
MOD - [2013.06.02 23:01:34 | 000,010,240 | ---- | M] () -- C:\Users\NYARLA~1\AppData\Local\Temp\_MEI38762\select.pyd
MOD - [2013.05.16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2013.05.16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013.05.16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2013.05.04 01:35:30 | 001,114,536 | ---- | M] () -- E:\Steam\bin\chromehtml.dll
MOD - [2013.04.24 04:30:08 | 000,652,800 | ---- | M] () -- E:\Steam\SDL2.dll
MOD - [2013.03.27 02:16:40 | 020,341,672 | ---- | M] () -- E:\Steam\bin\libcef.dll
MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Nyarlathothep\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013.02.13 04:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2012.12.11 19:51:10 | 001,100,800 | ---- | M] () -- E:\Steam\bin\avcodec-53.dll
MOD - [2012.12.11 19:51:10 | 000,192,000 | ---- | M] () -- E:\Steam\bin\avformat-53.dll
MOD - [2012.12.11 19:51:10 | 000,124,416 | ---- | M] () -- E:\Steam\bin\avutil-51.dll
MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Nyarlathothep\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2010.06.14 14:38:44 | 000,984,416 | ---- | M] () -- C:\Program Files (x86)\Hama\Common\RaWLAPI.dll
MOD - [2007.09.12 11:52:18 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.03.29 03:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.05.24 09:23:09 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.23 23:19:06 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.05.23 23:18:46 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.05.23 13:32:08 | 000,632,352 | ---- | M] (Disc Soft Ltd) [On_Demand | Running] -- C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe -- (Disc Soft Bus Service)
SRV - [2013.05.12 00:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.04.19 15:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010.06.01 13:38:46 | 000,211,296 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Hama\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2010.06.01 13:37:58 | 000,193,888 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Hama\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.06.02 23:00:19 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2013.05.24 12:58:53 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2013.05.24 12:57:13 | 000,033,488 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\voxaldriverx64.sys -- (voxaldriver)
DRV:64bit: - [2013.05.24 10:06:01 | 000,029,696 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtscsibus.sys -- (dtscsibus)
DRV:64bit: - [2013.05.23 23:19:16 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.05.23 23:19:16 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.05.23 23:19:16 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.03.29 04:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013.03.29 03:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013.02.14 13:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012.01.18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.05.26 20:30:00 | 001,121,632 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2000.01.01 02:00:00 | 000,685,672 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2000.01.01 02:00:00 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3777224684-1492562671-3333306322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3777224684-1492562671-3333306322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3777224684-1492562671-3333306322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 89 E4 38 24 0C 58 CE 01  [binary data]
IE - HKU\S-1-5-21-3777224684-1492562671-3333306322-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3777224684-1492562671-3333306322-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3777224684-1492562671-3333306322-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-3777224684-1492562671-3333306322-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledAddons: feedly%40devhd:14.0.485
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.172
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.1.0
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.2
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.7.2.1
FF - prefs.js..extensions.enabledAddons: lazarus%40interclue.com:2.3
FF - prefs.js..extensions.enabledAddons: autopager%40mozilla.org:0.8.0.8
FF - prefs.js..extensions.enabledAddons: SkipScreen%40SkipScreen:0.7.0
FF - prefs.js..extensions.enabledAddons: %7B463F6CA5-EE3C-4be1-B7E6-7FEE11953374%7D:4.3.6
FF - prefs.js..extensions.enabledAddons: %7Bd37dc5d0-431d-44e5-8c91-49419370caa1%7D:3.1.26
FF - prefs.js..extensions.enabledAddons: %7B8f8fe09b-0bd3-4470-bc1b-8cad42b8203a%7D:0.17
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.9
FF - prefs.js..extensions.enabledAddons: firefoxaddon%40youtubeenhancer.com:1.9
FF - prefs.js..extensions.enabledAddons: en-GB%40dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledAddons: dictionary-switcher%40design-noir.de:1.3.2
FF - prefs.js..extensions.enabledAddons: FasterFox_Lite%40BigRedBrent:3.9.9Lite
FF - prefs.js..extensions.enabledAddons: %7B097d3191-e6fa-4728-9826-b533d755359d%7D:0.7.18
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.5
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15
FF - prefs.js..extensions.enabledAddons: multipletab%40piro.sakura.ne.jp:0.7.2013052901
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282495&SearchSource=2&CUI=UN20362629623244930&UM=1&q="
FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1)%20%7B%20return%20'PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF - prefs.js..network.proxy.type: 2
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.05.24 10:12:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.24 10:12:53 | 000,000,000 | ---D | M]
 
[2013.05.23 23:39:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nyarlathothep\AppData\Roaming\mozilla\Extensions
[2013.06.03 02:02:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nyarlathothep\AppData\Roaming\mozilla\Firefox\Profiles\djgxui4n.default\extensions
[2013.05.29 22:42:23 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\Nyarlathothep\AppData\Roaming\mozilla\Firefox\Profiles\djgxui4n.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2013.05.28 00:06:16 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Nyarlathothep\AppData\Roaming\mozilla\Firefox\Profiles\djgxui4n.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013.05.28 00:06:16 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\Nyarlathothep\AppData\Roaming\mozilla\Firefox\Profiles\djgxui4n.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2013.05.28 00:06:16 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Nyarlathothep\AppData\Roaming\mozilla\Firefox\Profiles\djgxui4n.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2013.05.24 09:46:03 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Nyarlathothep\AppData\Roaming\mozilla\Firefox\Profiles\djgxui4n.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.05.29 08:57:11 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Nyarlathothep\AppData\Roaming\mozilla\Firefox\Profiles\djgxui4n.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.05.27 20:40:09 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\Nyarlathothep\AppData\Roaming\mozilla\Firefox\Profiles\djgxui4n.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2013.05.28 00:06:17 | 000,000,000 | ---D | M] (Dictionary Switcher) -- C:\Users\Nyarlathothep\AppData\Roaming\mozilla\Firefox\Profiles\djgxui4n.default\extensions\dictionary-switcher@design-noir.de
[2013.05.28 00:06:17 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Nyarlathothep\AppData\Roaming\mozilla\Firefox\Profiles\djgxui4n.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2013.05.27 20:40:41 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Users\Nyarlathothep\AppData\Roaming\mozilla\Firefox\Profiles\djgxui4n.default\extensions\FasterFox_Lite@BigRedBrent
[2013.05.28 00:06:16 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Nyarlathothep\AppData\Roaming\mozilla\Firefox\Profiles\djgxui4n.default\extensions\firefox@ghostery.com
[2013.05.28 00:06:16 | 000,000,000 | ---D | M] (Tube Enhancer Plus) -- C:\Users\Nyarlathothep\AppData\Roaming\mozilla\Firefox\Profiles\djgxui4n.default\extensions\firefoxaddon@youtubeenhancer.com
[2013.05.27 20:40:36 | 000,347,340 | ---- | M] () (No name found) -- C:\Users\Nyarlathothep\AppData\Roaming\mozilla\firefox\profiles\djgxui4n.default\extensions\autopager@mozilla.org.xpi
[2013.05.26 22:05:53 | 000,301,821 | ---- | M] () (No name found) -- C:\Users\Nyarlathothep\AppData\Roaming\mozilla\firefox\profiles\djgxui4n.default\extensions\compatibility@addons.mozilla.org.xpi
[2013.05.26 22:06:00 | 000,026,255 | ---- | M] () (No name found) -- C:\Users\Nyarlathothep\AppData\Roaming\mozilla\firefox\profiles\djgxui4n.default\extensions\diggidig@gmail.com.xpi
[2013.05.24 01:37:39 | 000,687,982 | ---- | M] () (No name found) -- C:\Users\Nyarlathothep\AppData\Roaming\mozilla\firefox\profiles\djgxui4n.default\extensions\feedly@devhd.xpi
[2013.05.24 14:45:26 | 000,374,078 | ---- | M] () (No name found) -- C:\Users\Nyarlathothep\AppData\Roaming\mozilla\firefox\profiles\djgxui4n.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
[2013.05.27 20:40:24 | 000,246,802 | ---- | M] () (No name found) -- C:\Users\Nyarlathothep\AppData\Roaming\mozilla\firefox\profiles\djgxui4n.default\extensions\lazarus@interclue.com.xpi
[2013.06.02 23:06:06 | 000,442,180 | ---- | M] () (No name found) -- C:\Users\Nyarlathothep\AppData\Roaming\mozilla\firefox\profiles\djgxui4n.default\extensions\multipletab@piro.sakura.ne.jp.xpi
[2013.05.27 20:40:15 | 000,346,768 | ---- | M] () (No name found) -- C:\Users\Nyarlathothep\AppData\Roaming\mozilla\firefox\profiles\djgxui4n.default\extensions\personas@christopher.beard.xpi
[2013.05.26 22:06:54 | 000,032,381 | ---- | M] () (No name found) -- C:\Users\Nyarlathothep\AppData\Roaming\mozilla\firefox\profiles\djgxui4n.default\extensions\quickdrag@mozilla.ktechcomputing.com.xpi
[2013.05.27 20:40:36 | 000,071,037 | ---- | M] () (No name found) -- C:\Users\Nyarlathothep\AppData\Roaming\mozilla\firefox\profiles\djgxui4n.default\extensions\SkipScreen@SkipScreen.xpi
[2013.05.28 22:09:55 | 000,455,379 | ---- | M] () (No name found) -- C:\Users\Nyarlathothep\AppData\Roaming\mozilla\firefox\profiles\djgxui4n.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
[2013.05.26 22:06:42 | 000,281,921 | ---- | M] () (No name found) -- C:\Users\Nyarlathothep\AppData\Roaming\mozilla\firefox\profiles\djgxui4n.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2013.05.26 22:06:40 | 000,232,420 | ---- | M] () (No name found) -- C:\Users\Nyarlathothep\AppData\Roaming\mozilla\firefox\profiles\djgxui4n.default\extensions\{655397ca-4766-496b-b7a8-3a5b176ee4c2}.xpi
[2013.05.27 20:40:14 | 000,534,261 | ---- | M] () (No name found) -- C:\Users\Nyarlathothep\AppData\Roaming\mozilla\firefox\profiles\djgxui4n.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.05.26 22:05:46 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Nyarlathothep\AppData\Roaming\mozilla\firefox\profiles\djgxui4n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.27 20:39:48 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Nyarlathothep\AppData\Roaming\mozilla\firefox\profiles\djgxui4n.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013.05.27 20:39:47 | 000,765,412 | ---- | M] () (No name found) -- C:\Users\Nyarlathothep\AppData\Roaming\mozilla\firefox\profiles\djgxui4n.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2013.05.27 20:40:12 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Nyarlathothep\AppData\Roaming\mozilla\firefox\profiles\djgxui4n.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013.05.23 23:37:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.23 23:37:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.05.24 10:12:58 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Lachesis] C:\Program Files (x86)\Razer\Lachesis\razerhid.exe ()
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3777224684-1492562671-3333306322-1000..\Run: [DAEMON Tools Ultra Agent] C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-3777224684-1492562671-3333306322-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-3777224684-1492562671-3333306322-1000..\Run: [Steam] E:\Steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [SpUninstallCleanUp] REG delete HKEY_CURRENT_USER\Software\SearchProtect /f File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3777224684-1492562671-3333306322-1000..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "C:\Users\Nyarlathothep\AppData\Roaming\SearchProtect" File not found
O4 - Startup: C:\Users\Nyarlathothep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CircleDock - Verknüpfung.lnk = C:\Program Files (x86)\CircleDock0.9.2Alpha8.1\CircleDock.exe (Eric Wong)
O4 - Startup: C:\Users\Nyarlathothep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Nyarlathothep\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36024C85-A9E9-499A-81F3-0ED690063816}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.12.01 13:15:56 | 000,206,657 | R--- | M] () - F:\Autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2012.05.14 15:03:14 | 000,000,106 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.03 01:45:47 | 000,000,000 | ---D | C] -- C:\Update
[2013.06.03 01:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2013.06.02 22:59:25 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.05.29 04:08:33 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.28 23:52:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nyarlathothep\Desktop\OTL.exe
[2013.05.28 03:05:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013.05.27 23:20:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013.05.27 22:55:24 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2013.05.27 22:55:06 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Roaming\Samsung
[2013.05.27 22:31:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2013.05.27 22:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2013.05.27 21:33:49 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\dwhelper
[2013.05.25 22:04:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2013.05.25 21:13:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2013.05.25 21:12:55 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Local\Origin
[2013.05.25 21:07:51 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Roaming\Origin
[2013.05.25 21:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013.05.25 21:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2013.05.25 21:07:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2013.05.24 21:27:52 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Local\Audible
[2013.05.24 21:27:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager
[2013.05.24 21:26:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Audible
[2013.05.24 21:26:39 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Audible
[2013.05.24 21:26:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audible
[2013.05.24 20:59:03 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Roaming\Razer
[2013.05.24 20:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2013.05.24 20:51:10 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Roaming\InstallShield
[2013.05.24 17:03:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JoytoKey
[2013.05.24 17:03:06 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VASSAL
[2013.05.24 17:03:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VASSAL-3.2.6
[2013.05.24 15:06:40 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Roaming\Wargaming.net
[2013.05.24 13:39:56 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Roaming\LibreOffice
[2013.05.24 13:12:48 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\.swt
[2013.05.24 13:11:52 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Roaming\Azureus
[2013.05.24 13:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze
[2013.05.24 13:10:43 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Local\Funcom
[2013.05.24 13:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\media center programs
[2013.05.24 13:10:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funcom
[2013.05.24 13:10:32 | 000,000,000 | ---D | C] -- C:\Spiele
[2013.05.24 13:00:54 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Local\Spotify
[2013.05.24 13:00:15 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Roaming\Spotify
[2013.05.24 12:59:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2013.05.24 12:59:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
[2013.05.24 12:58:53 | 000,231,376 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2013.05.24 12:58:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
[2013.05.24 12:58:52 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2013.05.24 12:58:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trader's Little Helper
[2013.05.24 12:58:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trader's Little Helper
[2013.05.24 12:58:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.05.24 12:57:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013.05.24 12:41:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CircleDock0.9.2Alpha8.1
[2013.05.24 12:34:00 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Roaming\XMedia Recode
[2013.05.24 12:33:17 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Roaming\DivX
[2013.05.24 12:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
[2013.05.24 12:33:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XMedia Recode
[2013.05.24 12:12:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WOT Tank Viewer
[2013.05.24 12:12:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wot_Tank_Viewer
[2013.05.24 12:00:52 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\ultracopier
[2013.05.24 12:00:47 | 000,000,000 | ---D | C] -- C:\Program Files\Ultracopier
[2013.05.24 11:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2013.05.24 11:58:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer
[2013.05.24 11:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RarmaRadio
[2013.05.24 11:50:50 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Roaming\RaimaRadioPro
[2013.05.24 11:50:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RarmaRadio
[2013.05.24 11:40:25 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.0
[2013.05.24 11:39:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibreOffice 4.0
[2013.05.24 11:35:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stainware
[2013.05.24 11:35:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MURPG Character Builder
[2013.05.24 11:25:18 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Mixpad Projects
[2013.05.24 11:25:14 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2013.05.24 11:25:14 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
[2013.05.24 11:25:09 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Roaming\NCH Software
[2013.05.24 11:25:09 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2013.05.24 11:24:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2013.05.24 11:24:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2013.05.24 11:24:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
[2013.05.24 11:14:48 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Local\DDMSettings
[2013.05.24 10:56:13 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Local\ElevatedDiagnostics
[2013.05.24 10:53:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\logishrd
[2013.05.24 10:53:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2013.05.24 10:50:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013.05.24 10:50:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.05.24 10:49:50 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Desktop\Downloads
[2013.05.24 10:48:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.05.24 10:47:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2013.05.24 10:47:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FindLyrics
[2013.05.24 10:42:57 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2013.05.24 10:42:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013.05.24 10:42:34 | 000,000,000 | ---D | C] -- C:\Intel
[2013.05.24 10:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 5
[2013.05.24 10:37:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guitar Pro 5
[2013.05.24 10:32:42 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013.05.24 10:31:46 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Roaming\FastStone
[2013.05.24 10:30:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
[2013.05.24 10:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FastStone Image Viewer
[2013.05.24 10:30:47 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Roaming\Dropbox
[2013.05.24 10:28:31 | 000,000,000 | --SD | C] -- C:\Users\Nyarlathothep\Google Drive
[2013.05.24 10:28:18 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Roaming\Skype
[2013.05.24 10:28:12 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.05.24 10:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.05.24 10:28:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.05.24 10:28:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.05.24 10:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013.05.24 10:27:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.05.24 10:27:05 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Local\Google
[2013.05.24 10:24:53 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Roaming\foobar2000
[2013.05.24 10:24:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\foobar2000
[2013.05.24 10:23:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
[2013.05.24 10:23:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Xbox 360 Accessories
[2013.05.24 10:18:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013.05.24 10:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013.05.24 10:18:36 | 002,080,120 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2013.05.24 10:18:36 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013.05.24 10:18:36 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013.05.24 10:18:36 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013.05.24 10:18:36 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013.05.24 10:18:35 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013.05.24 10:18:35 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013.05.24 10:18:35 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013.05.24 10:18:35 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013.05.24 10:18:35 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013.05.24 10:18:35 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013.05.24 10:18:34 | 002,714,720 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013.05.24 10:18:34 | 002,028,920 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll
[2013.05.24 10:18:34 | 000,869,752 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2013.05.24 10:18:34 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013.05.24 10:18:33 | 000,110,592 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2013.05.24 10:18:04 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013.05.24 10:18:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.05.24 10:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2013.05.24 10:12:05 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2013.05.24 10:11:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2013.05.24 10:10:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2013.05.24 10:08:35 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Local\DTClient
[2013.05.24 10:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2013.05.24 10:08:16 | 000,685,672 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2013.05.24 10:08:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013.05.24 10:04:46 | 000,029,696 | ---- | C] (Disc Soft Ltd) -- C:\Windows\SysNative\drivers\dtscsibus.sys
[2013.05.24 10:04:41 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Roaming\DAEMON Tools Ultra
[2013.05.24 10:04:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Ultra
[2013.05.24 10:04:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2013.05.24 10:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2013.05.24 09:59:39 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Ultra
[2013.05.24 09:58:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2013.05.24 09:57:39 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Local\SlimWare Utilities Inc
[2013.05.24 09:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
[2013.05.24 09:57:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlimDrivers
[2013.05.24 09:57:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2013.05.24 09:56:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013.05.24 09:56:27 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Roaming\Foxit Software
[2013.05.24 09:56:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2013.05.24 09:35:20 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Roaming\ATI
[2013.05.24 09:35:20 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Local\ATI
[2013.05.24 09:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013.05.24 09:31:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2013.05.24 09:25:48 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Roaming\Macromedia
[2013.05.24 09:25:48 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Local\Macromedia
[2013.05.24 09:25:48 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Roaming\Adobe
[2013.05.24 09:23:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013.05.24 09:23:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013.05.24 09:22:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.05.24 09:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.05.24 09:20:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013.05.24 09:14:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.05.24 02:04:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2013.05.24 02:04:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013.05.24 02:04:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2013.05.24 02:04:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2013.05.24 02:03:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013.05.24 02:00:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2013.05.24 02:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2013.05.24 01:59:16 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013.05.24 01:58:18 | 000,000,000 | ---D | C] -- C:\AMD
[2013.05.24 01:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron
[2013.05.24 01:35:55 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Local\Chromium
[2013.05.24 01:35:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SRWare Iron
[2013.05.24 01:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.05.24 01:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.05.24 01:04:28 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013.05.24 01:04:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.05.24 01:03:32 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Local\Programs
[2013.05.24 00:57:35 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Roaming\doublefine
[2013.05.24 00:41:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013.05.24 00:14:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013.05.23 23:58:35 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Almost Human
[2013.05.23 23:58:35 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Activision
[2013.05.23 23:58:33 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\4A Games
[2013.05.23 23:58:33 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\2K Play
[2013.05.23 23:58:31 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Wizards of the Coast
[2013.05.23 23:57:25 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Witcher 2
[2013.05.23 23:57:23 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\WB Games
[2013.05.23 23:55:50 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Vuze Downloads
[2013.05.23 23:55:50 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\VHB - EDA
[2013.05.23 23:55:47 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Two Worlds Saves
[2013.05.23 23:55:47 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Tunngle
[2013.05.23 23:55:47 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Tomb Raider - Legend
[2013.05.23 23:55:20 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\The Witcher
[2013.05.23 23:55:20 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Telltale Games
[2013.05.23 23:55:19 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Square Enix
[2013.05.23 23:55:19 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\SightSpeed Recordings
[2013.05.23 23:55:19 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\SH3
[2013.05.23 23:55:19 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Sega
[2013.05.23 23:55:12 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Scanned Documents
[2013.05.23 23:55:11 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\SavedGames
[2013.05.23 23:54:58 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\samsung
[2013.05.23 23:54:58 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Runes of Magic
[2013.05.23 23:54:52 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Rockstar Games
[2013.05.23 23:54:52 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Remote Assistance Logs
[2013.05.23 23:54:52 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Remedy
[2013.05.23 23:54:52 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Prototype
[2013.05.23 23:54:52 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Nexus Mod Manager
[2013.05.23 23:54:52 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\New Star Soccer 5
[2013.05.23 23:53:18 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Neverwinter Nights 2
[2013.05.23 23:53:17 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\My Publications
[2013.05.23 23:53:02 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013.05.23 23:51:44 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\my games
[2013.05.23 23:51:44 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\My eBooks
[2013.05.23 23:51:44 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\My Curse
[2013.05.23 23:51:44 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Might & Magic Heroes VI
[2013.05.23 23:51:44 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Microsoft Hardware
[2013.05.23 23:51:44 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\JustCause
[2013.05.23 23:51:44 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\ICQ
[2013.05.23 23:51:44 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Hitman Blood Money
[2013.05.23 23:51:44 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Hero Lab
[2013.05.23 23:51:30 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\GTA San Andreas User Files
[2013.05.23 23:51:30 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\GOG.com Downloads
[2013.05.23 23:51:30 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Games for Windows - LIVE Demos
[2013.05.23 23:51:30 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Front Mission Evolved
[2013.05.23 23:51:30 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Electrontic Arts
[2013.05.23 23:51:29 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Electronic Arts
[2013.05.23 23:51:28 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\EA Games
[2013.05.23 23:51:28 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Deus Ex - Invisible War
[2013.05.23 23:51:28 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\CrypTool 2 Projects
[2013.05.23 23:51:27 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Citavi 3
[2013.05.23 23:51:23 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Ceville
[2013.05.23 23:51:23 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Bluetooth-Exchange-Ordner
[2013.05.23 23:51:16 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Bluetooth
[2013.05.23 23:51:09 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\BioWare
[2013.05.23 23:51:09 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Bioshock2
[2013.05.23 23:51:01 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Bioshock
[2013.05.23 23:51:01 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\BFBC2
[2013.05.23 23:51:01 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Bethesda
[2013.05.23 23:51:01 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Battlestations-Pacific
[2013.05.23 23:51:01 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Backgrounds
[2013.05.23 23:50:58 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Battlefield Play4Free
[2013.05.23 23:50:58 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Battlefield 3
[2013.05.23 23:50:54 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Battlefield 2
[2013.05.23 23:50:54 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\AVS4YOU
[2013.05.23 23:50:53 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Ascaron Entertainment
[2013.05.23 23:50:53 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\ARES
[2013.05.23 23:50:53 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Amnesia
[2013.05.23 23:50:53 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Amazon MP3
[2013.05.23 23:50:50 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\Documents\Alpha Protocol
[2013.05.23 23:39:29 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Roaming\Mozilla
[2013.05.23 23:39:29 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Local\Mozilla
[2013.05.23 23:37:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.05.23 23:37:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.05.23 23:37:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.23 23:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2013.05.23 23:35:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2013.05.23 23:25:53 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Roaming\Avira
[2013.05.23 23:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.05.23 23:20:22 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.05.23 23:20:22 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.05.23 23:20:22 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.05.23 23:20:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.05.23 23:20:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.05.23 23:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink
[2013.05.23 23:11:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hama Wireless LAN
[2013.05.23 23:11:37 | 001,121,632 | ---- | C] (Ralink Technology Corp.) -- C:\Windows\SysNative\drivers\netr28ux.sys
[2013.05.23 23:11:37 | 000,326,496 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\SysNative\RaCoInstx.dll
[2013.05.23 23:11:37 | 000,000,000 | ---D | C] -- C:\ProgramData\RalinkRT2870 Driver
[2013.05.23 23:11:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2013.05.23 23:11:22 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.05.23 23:11:21 | 002,036,000 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RaCertMgr.dll
[2013.05.23 23:11:21 | 001,098,528 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RAIHV.dll
[2013.05.23 23:11:21 | 001,098,528 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RAIHV.dll
[2013.05.23 23:11:21 | 000,128,800 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RAEXTUI.dll
[2013.05.23 23:11:21 | 000,128,800 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RAEXTUI.dll
[2013.05.23 23:11:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RaLanguages
[2013.05.23 23:11:20 | 001,606,944 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RaCertMgr.dll
[2013.05.23 23:11:20 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.05.23 23:11:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hama
[2013.05.23 23:10:02 | 000,000,000 | R--D | C] -- C:\Users\Nyarlathothep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.05.23 23:10:02 | 000,000,000 | R--D | C] -- C:\Users\Nyarlathothep\Searches
[2013.05.23 23:10:02 | 000,000,000 | R--D | C] -- C:\Users\Nyarlathothep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.05.23 23:09:53 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Roaming\Identities
[2013.05.23 23:09:51 | 000,000,000 | R--D | C] -- C:\Users\Nyarlathothep\Contacts
[2013.05.23 23:09:49 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Local\VirtualStore
[2013.05.23 23:09:41 | 000,000,000 | --SD | C] -- C:\Users\Nyarlathothep\AppData\Roaming\Microsoft
[2013.05.23 23:09:41 | 000,000,000 | R--D | C] -- C:\Users\Nyarlathothep\Videos
[2013.05.23 23:09:41 | 000,000,000 | R--D | C] -- C:\Users\Nyarlathothep\Saved Games
[2013.05.23 23:09:41 | 000,000,000 | R--D | C] -- C:\Users\Nyarlathothep\Pictures
[2013.05.23 23:09:41 | 000,000,000 | R--D | C] -- C:\Users\Nyarlathothep\Music
[2013.05.23 23:09:41 | 000,000,000 | R--D | C] -- C:\Users\Nyarlathothep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.05.23 23:09:41 | 000,000,000 | R--D | C] -- C:\Users\Nyarlathothep\Links
[2013.05.23 23:09:41 | 000,000,000 | R--D | C] -- C:\Users\Nyarlathothep\Favorites
[2013.05.23 23:09:41 | 000,000,000 | R--D | C] -- C:\Users\Nyarlathothep\Downloads
[2013.05.23 23:09:41 | 000,000,000 | R--D | C] -- C:\Users\Nyarlathothep\Documents
[2013.05.23 23:09:41 | 000,000,000 | R--D | C] -- C:\Users\Nyarlathothep\Desktop
[2013.05.23 23:09:41 | 000,000,000 | R--D | C] -- C:\Users\Nyarlathothep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.05.23 23:09:41 | 000,000,000 | -HSD | C] -- C:\Users\Nyarlathothep\Vorlagen
[2013.05.23 23:09:41 | 000,000,000 | -HSD | C] -- C:\Users\Nyarlathothep\AppData\Local\Verlauf
[2013.05.23 23:09:41 | 000,000,000 | -HSD | C] -- C:\Users\Nyarlathothep\AppData\Local\Temporary Internet Files
[2013.05.23 23:09:41 | 000,000,000 | -HSD | C] -- C:\Users\Nyarlathothep\Startmenü
[2013.05.23 23:09:41 | 000,000,000 | -HSD | C] -- C:\Users\Nyarlathothep\SendTo
[2013.05.23 23:09:41 | 000,000,000 | -HSD | C] -- C:\Users\Nyarlathothep\Recent
[2013.05.23 23:09:41 | 000,000,000 | -HSD | C] -- C:\Users\Nyarlathothep\Netzwerkumgebung
[2013.05.23 23:09:41 | 000,000,000 | -HSD | C] -- C:\Users\Nyarlathothep\Lokale Einstellungen
[2013.05.23 23:09:41 | 000,000,000 | -HSD | C] -- C:\Users\Nyarlathothep\Documents\Eigene Videos
[2013.05.23 23:09:41 | 000,000,000 | -HSD | C] -- C:\Users\Nyarlathothep\Documents\Eigene Musik
[2013.05.23 23:09:41 | 000,000,000 | -HSD | C] -- C:\Users\Nyarlathothep\Eigene Dateien
[2013.05.23 23:09:41 | 000,000,000 | -HSD | C] -- C:\Users\Nyarlathothep\Documents\Eigene Bilder
[2013.05.23 23:09:41 | 000,000,000 | -HSD | C] -- C:\Users\Nyarlathothep\Druckumgebung
[2013.05.23 23:09:41 | 000,000,000 | -HSD | C] -- C:\Users\Nyarlathothep\Cookies
[2013.05.23 23:09:41 | 000,000,000 | -HSD | C] -- C:\Users\Nyarlathothep\AppData\Local\Anwendungsdaten
[2013.05.23 23:09:41 | 000,000,000 | -HSD | C] -- C:\Users\Nyarlathothep\Anwendungsdaten
[2013.05.23 23:09:41 | 000,000,000 | -H-D | C] -- C:\Users\Nyarlathothep\AppData
[2013.05.23 23:09:41 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Local\Temp
[2013.05.23 23:09:41 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Local\Microsoft
[2013.05.23 23:09:41 | 000,000,000 | ---D | C] -- C:\Users\Nyarlathothep\AppData\Roaming\Media Center Programs
[2013.05.23 23:09:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.05.23 23:09:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.05.23 23:09:33 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.05.23 23:09:33 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.05.23 23:09:33 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.05.23 23:09:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.05.23 23:09:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.05.23 23:09:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.05.23 23:09:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.05.23 23:09:33 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.05.23 23:09:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.05.23 23:09:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.05.23 22:56:55 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.05.23 22:54:28 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.05.23 22:54:08 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013.05.22 22:41:13 | 000,000,000 | R--D | C] -- C:\Users\Nyarlathothep\Dropbox
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.03 02:14:02 | 000,000,032 | ---- | M] () -- C:\Users\Nyarlathothep\Desktop\OTL.7z
[2013.06.03 01:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.03 01:32:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.02 23:33:26 | 000,377,856 | ---- | M] () -- C:\Users\Nyarlathothep\Desktop\gmer_2.1.19163.exe
[2013.06.02 23:30:31 | 000,050,477 | ---- | M] () -- C:\Users\Nyarlathothep\Desktop\Defogger.exe
[2013.06.02 23:09:27 | 000,016,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.02 23:09:27 | 000,016,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.02 23:06:12 | 001,618,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.02 23:06:12 | 000,698,688 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.02 23:06:12 | 000,653,526 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.02 23:06:12 | 000,148,828 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.02 23:06:12 | 000,121,398 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.02 23:00:52 | 000,000,426 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2013.06.02 23:00:19 | 000,016,152 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2013.06.02 23:00:04 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.02 22:59:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.02 22:59:17 | 535,683,071 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.02 22:59:16 | 587,427,111 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.05.30 03:05:14 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.30 03:05:12 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.05.30 00:26:43 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.05.29 20:03:53 | 000,000,480 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Scan.job
[2013.05.29 04:29:01 | 000,333,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.29 04:08:21 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.28 23:52:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nyarlathothep\Desktop\OTL.exe
[2013.05.28 01:22:09 | 000,000,000 | ---- | M] () -- C:\Users\Nyarlathothep\defogger_reenable
[2013.05.24 13:10:39 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\The Secret World.lnk
[2013.05.24 12:59:39 | 000,000,692 | ---- | M] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2013.05.24 12:58:53 | 000,231,376 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2013.05.24 12:57:13 | 000,033,488 | ---- | M] () -- C:\Windows\SysNative\drivers\voxaldriverx64.sys
[2013.05.24 12:57:13 | 000,000,326 | ---- | M] () -- C:\Users\Nyarlathothep\Documents\robot.voxal
[2013.05.24 12:57:13 | 000,000,274 | ---- | M] () -- C:\Users\Nyarlathothep\Documents\distorted.voxal
[2013.05.24 12:57:13 | 000,000,139 | ---- | M] () -- C:\Users\Nyarlathothep\Documents\chipmunk.voxal
[2013.05.24 12:43:41 | 000,001,647 | ---- | M] () -- C:\Users\Nyarlathothep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CircleDock - Verknüpfung.lnk
[2013.05.24 10:33:11 | 000,001,053 | ---- | M] () -- C:\Users\Nyarlathothep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.05.24 10:23:27 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2013.05.24 10:06:01 | 000,029,696 | ---- | M] (Disc Soft Ltd) -- C:\Windows\SysNative\drivers\dtscsibus.sys
[2013.05.24 09:16:15 | 001,558,224 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.05.24 08:54:36 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2013.05.24 01:26:57 | 000,002,389 | ---- | M] () -- C:\Users\Nyarlathothep\Documents\Firefox-Wiederherstellungs-Schlüssel.html
[2013.05.23 23:19:16 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.05.23 23:19:16 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.05.23 23:19:16 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.05.23 23:11:51 | 000,001,970 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hama Wireless LAN Utility.lnk
[2013.05.23 23:05:21 | 000,057,035 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.05.23 23:05:21 | 000,057,035 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013.05.23 22:59:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
 
========== Files Created - No Company Name ==========
 
[2013.06.03 00:47:43 | 000,000,032 | ---- | C] () -- C:\Users\Nyarlathothep\Desktop\OTL.7z
[2013.06.02 23:33:15 | 000,377,856 | ---- | C] () -- C:\Users\Nyarlathothep\Desktop\gmer_2.1.19163.exe
[2013.06.02 23:30:31 | 000,050,477 | ---- | C] () -- C:\Users\Nyarlathothep\Desktop\Defogger.exe
[2013.06.02 22:59:16 | 587,427,111 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.05.30 03:05:14 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.30 03:05:12 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.05.30 00:26:43 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.05.29 03:38:32 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.05.29 03:15:44 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.05.28 01:22:09 | 000,000,000 | ---- | C] () -- C:\Users\Nyarlathothep\defogger_reenable
[2013.05.24 13:12:05 | 000,001,798 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
[2013.05.24 13:10:39 | 000,000,802 | ---- | C] () -- C:\Users\Public\Desktop\The Secret World.lnk
[2013.05.24 13:00:53 | 000,001,827 | ---- | C] () -- C:\Users\Nyarlathothep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2013.05.24 12:59:39 | 000,000,692 | ---- | C] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2013.05.24 12:57:13 | 000,033,488 | ---- | C] () -- C:\Windows\SysNative\drivers\voxaldriverx64.sys
[2013.05.24 12:57:13 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voxal Voice Changer.lnk
[2013.05.24 12:43:41 | 000,001,647 | ---- | C] () -- C:\Users\Nyarlathothep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CircleDock - Verknüpfung.lnk
[2013.05.24 11:25:22 | 000,001,162 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk
[2013.05.24 11:25:18 | 000,001,096 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixPad.lnk
[2013.05.24 11:25:14 | 000,001,134 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk
[2013.05.24 11:24:47 | 000,001,130 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Tone Generator.lnk
[2013.05.24 11:05:28 | 000,000,480 | ---- | C] () -- C:\Windows\tasks\SlimDrivers Scan.job
[2013.05.24 10:48:50 | 000,002,005 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2013.05.24 10:48:50 | 000,001,949 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2013.05.24 10:48:50 | 000,001,928 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2013.05.24 10:33:11 | 000,001,053 | ---- | C] () -- C:\Users\Nyarlathothep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.05.24 10:27:11 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.24 10:27:10 | 000,001,120 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.24 10:24:46 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
[2013.05.24 10:23:27 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2013.05.24 10:18:35 | 000,394,185 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013.05.24 09:58:21 | 000,001,023 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2013.05.24 09:57:46 | 000,000,426 | ---- | C] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2013.05.24 09:57:40 | 000,016,152 | ---- | C] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2013.05.24 09:23:11 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.24 09:16:15 | 001,558,224 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.05.24 08:54:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.05.24 01:26:50 | 000,002,389 | ---- | C] () -- C:\Users\Nyarlathothep\Documents\Firefox-Wiederherstellungs-Schlüssel.html
[2013.05.24 01:04:32 | 000,001,395 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.05.23 23:58:32 | 036,000,054 | ---- | C] () -- C:\Users\Nyarlathothep\Documents\SAM_5401.bmp
[2013.05.23 23:58:32 | 000,002,574 | ---- | C] () -- C:\Users\Nyarlathothep\Documents\Zertifikat halt, kA, was Windows da will.pfx
[2013.05.23 23:58:31 | 000,005,459 | ---- | C] () -- C:\Users\Nyarlathothep\Documents\AutoHotkey.ahk
[2013.05.23 23:58:31 | 000,000,326 | ---- | C] () -- C:\Users\Nyarlathothep\Documents\robot.voxal
[2013.05.23 23:58:31 | 000,000,274 | ---- | C] () -- C:\Users\Nyarlathothep\Documents\distorted.voxal
[2013.05.23 23:58:31 | 000,000,139 | ---- | C] () -- C:\Users\Nyarlathothep\Documents\chipmunk.voxal
[2013.05.23 23:37:25 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.05.23 23:11:51 | 000,001,970 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hama Wireless LAN Utility.lnk
[2013.05.23 23:11:38 | 000,014,051 | ---- | C] () -- C:\Windows\SysNative\RaCoInst.dat
[2013.05.23 23:11:37 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2013.05.23 23:11:21 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
[2013.05.23 23:11:21 | 000,000,451 | ---- | C] () -- C:\Windows\SysNative\DiagFunc.ini
[2013.05.23 23:11:20 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2013.05.23 23:11:20 | 000,147,456 | ---- | C] () -- C:\Windows\SysNative\DiagFunc.dll
[2013.05.23 23:10:10 | 000,001,409 | ---- | C] () -- C:\Users\Nyarlathothep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013.05.23 23:10:04 | 000,001,443 | ---- | C] () -- C:\Users\Nyarlathothep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.05.23 23:05:05 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.05.23 23:04:52 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.05.23 22:59:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.05.23 22:54:08 | 535,683,071 | -HS- | C] () -- C:\hiberfil.sys
[2013.03.29 04:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013.03.29 04:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013.03.29 03:38:08 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013.03.29 03:38:08 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.11.27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.05.24 13:13:19 | 000,000,000 | ---D | M] -- C:\Users\Nyarlathothep\AppData\Roaming\Azureus
[2013.05.24 10:06:11 | 000,000,000 | ---D | M] -- C:\Users\Nyarlathothep\AppData\Roaming\DAEMON Tools Ultra
[2013.05.24 00:57:35 | 000,000,000 | ---D | M] -- C:\Users\Nyarlathothep\AppData\Roaming\doublefine
[2013.06.03 00:46:58 | 000,000,000 | ---D | M] -- C:\Users\Nyarlathothep\AppData\Roaming\Dropbox
[2013.05.28 22:14:48 | 000,000,000 | ---D | M] -- C:\Users\Nyarlathothep\AppData\Roaming\foobar2000
[2013.05.24 09:56:53 | 000,000,000 | ---D | M] -- C:\Users\Nyarlathothep\AppData\Roaming\Foxit Software
[2013.05.24 13:39:56 | 000,000,000 | ---D | M] -- C:\Users\Nyarlathothep\AppData\Roaming\LibreOffice
[2013.05.25 21:13:39 | 000,000,000 | ---D | M] -- C:\Users\Nyarlathothep\AppData\Roaming\Origin
[2013.05.24 11:50:56 | 000,000,000 | ---D | M] -- C:\Users\Nyarlathothep\AppData\Roaming\RaimaRadioPro
[2013.05.24 20:59:03 | 000,000,000 | ---D | M] -- C:\Users\Nyarlathothep\AppData\Roaming\Razer
[2013.05.27 22:55:25 | 000,000,000 | ---D | M] -- C:\Users\Nyarlathothep\AppData\Roaming\Samsung
[2013.05.24 13:14:44 | 000,000,000 | ---D | M] -- C:\Users\Nyarlathothep\AppData\Roaming\Spotify
[2013.05.24 15:06:40 | 000,000,000 | ---D | M] -- C:\Users\Nyarlathothep\AppData\Roaming\Wargaming.net
[2013.05.28 22:22:27 | 000,000,000 | ---D | M] -- C:\Users\Nyarlathothep\AppData\Roaming\XMedia Recode
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

[/CODE]

Vielen Dank!


Alt 03.06.2013, 01:44   #6
aharonov
/// TB-Ausbilder
 
Miner.exe, TR/hijacker.Gen, etc? - Standard

Miner.exe, TR/hijacker.Gen, etc?



Gut, fragen wir noch zwei Scanner, was sie noch so sehen.


Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282495&SearchSource=2&CUI=UN20362629623244930&UM=1&q="
IE - HKU\S-1-5-21-3777224684-1492562671-3333306322-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-3777224684-1492562671-3333306322-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320

:commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread



Schritt 2

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




Schritt 3


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Schritt 4

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTL
  • Log von MBAM
  • Log von ESET
  • Log von SecurityCheck
__________________
--> Miner.exe, TR/hijacker.Gen, etc?

Alt 04.06.2013, 01:25   #7
Morbox
 
Miner.exe, TR/hijacker.Gen, etc? - Standard

Miner.exe, TR/hijacker.Gen, etc?



Okay, ein paar Sachen wurden wieder gefunden:

OTL:

Code:
ATTFilter
All processes killed
========== OTL ==========
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282495&SearchSource=2&CUI=UN20362629623244930&UM=1&q=" removed from keyword.URL
HKU\S-1-5-21-3777224684-1492562671-3333306322-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-3777224684-1492562671-3333306322-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Nyarlathothep
->Temp folder emptied: 627032519 bytes
->Temporary Internet Files folder emptied: 66537407 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 382719669 bytes
->Flash cache emptied: 969 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9695131 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46456280 bytes
RecycleBin emptied: 46440019 bytes
 
Total Files Cleaned = 1.124,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06032013_150058

Files\Folders moved on Reboot...
C:\Users\Nyarlathothep\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
MBAM:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.03.06

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Nyarlathothep :: RHEA [Administrator]

Schutz: Aktiviert

03.06.2013 15:09:51
mbam-log-2013-06-03 (15-09-51).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 211704
Laufzeit: 3 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Securitycheck:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.64  
 Windows 7  x64 (UAC is enabled)  
 Out of date service pack!! 
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 21  
 Adobe Flash Player 11.7.700.202  
 Mozilla Firefox (21.0) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Spybot Teatimer.exe is disabled! 
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
ESET:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3f84e404353c034d8e27a69cd2bc7ebb
# engine=13981
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-04 12:12:23
# local_time=2013-06-04 02:12:23 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1799 16775165 100 96 40615 960908 33401 0
# compatibility_mode=5893 16776574 66 85 532137 121934593 0 0
# scanned=724398
# found=3
# cleaned=0
# scan_time=39218
sh=0947674BF32E76D5F30192230027B16C00A5CC81 ft=0 fh=0000000000000000 vn="Win32/Adware.AddLyrics.F application" ac=I fn="C:\Users\Nyarlathothep\AppData\Local\Chromium\User Data\Default\Extensions\nfeonecgpoepapkmdgdmjolonaakdknd\1.112_0\contentscript.js"
sh=F4E1A0B30C2633EC3585AEDEB8E3164CF1D0694F ft=0 fh=0000000000000000 vn="a variant of Win32/Packed.VMProtect.AAH trojan" ac=I fn="E:\Images\The.Elder.Scrolls.V.Skyrim.Dragonborn.Addon.DLC-RELOADED\rld-tesvskdb.iso"
sh=16DE598F2862D766615092C989EEE366A709B05A ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="G:\CRONOS\Backup Set 2011-10-09 190002\Backup Files 2011-10-09 190002\Backup files 9.zip"
         
So. Danke!

Alt 04.06.2013, 10:34   #8
aharonov
/// TB-Ausbilder
 
Miner.exe, TR/hijacker.Gen, etc? - Standard

Miner.exe, TR/hijacker.Gen, etc?



Hallo,

keine gravierenden Funde mehr. Aber das Service Pack 1 fehlt, das ist schon weniger gut..


Schritt 1
  • Starte bitte die OTL.exe.
  • Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
    Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.
Code:
ATTFilter
:files
C:\Users\Nyarlathothep\AppData\Local\Chromium\User Data\Default\Extensions\nfeonecgpoepapkmdgdmjolonaakdknd
E:\Images\The.Elder.Scrolls.V.Skyrim.Dragonborn.Addon.DLC-RELOADED
         
  • Schliesse nun bitte alle anderen Programme.
  • Klicke jetzt auf den Fix Button.



Schritt 2
  • Gehe bitte zu Start --> Alle Programme --> Windows Update.
  • Klicke dann links auf Nach Updates suchen und warte, bis die Suche beendet ist.
  • Drücke dann auf Updates installieren.
  • Starte nach Beendigung der Installation den Rechner neu auf.
  • Wiederhole diese Schritte, bis keine neuen Updates mehr verfügbar sind.

Falls das Service Pack 1 so nicht installiert werden konnte, dann:
Lade das Service Pack 1 für Windows 7 herunter und installiere es.



Schritt 3
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.



Bitte poste in deiner nächsten Antwort:
  • Log von SecurityCheck
__________________
cheers,
Leo

Alt 04.06.2013, 21:18   #9
Morbox
 
Miner.exe, TR/hijacker.Gen, etc? - Standard

Miner.exe, TR/hijacker.Gen, etc?



So, hier:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.64  
 Windows 7  x64 (UAC is enabled)  
 Out of date service pack!! 
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 21  
 Adobe Flash Player 11.7.700.202  
 Mozilla Firefox (21.0) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Spybot Teatimer.exe is disabled! 
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

Alt 04.06.2013, 21:32   #10
aharonov
/// TB-Ausbilder
 
Miner.exe, TR/hijacker.Gen, etc? - Standard

Miner.exe, TR/hijacker.Gen, etc?



Hm, das mit dem Service Pack 1 hat so nicht geklappt. Dann halt manuell:


Schritt 1

Lade das Service Pack 1 für Windows 7 herunter und installiere es.



Schritt 2
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.



Bitte poste in deiner nächsten Antwort:
  • Log von SecurityCheck
__________________
cheers,
Leo

Alt 08.06.2013, 22:45   #11
aharonov
/// TB-Ausbilder
 
Miner.exe, TR/hijacker.Gen, etc? - Standard

Miner.exe, TR/hijacker.Gen, etc?



Hi,

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.
__________________
cheers,
Leo

Alt 10.06.2013, 13:16   #12
aharonov
/// TB-Ausbilder
 
Miner.exe, TR/hijacker.Gen, etc? - Standard

Miner.exe, TR/hijacker.Gen, etc?



Fehlende Rückmeldung
Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung mehr über neue Antworten.
Schreib mir eine PM, falls du das Thema doch wieder fortsetzen möchtest. Dann machen wir hier weiter.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass dein Rechner schon sauber ist.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________
cheers,
Leo

Alt 13.06.2013, 00:02   #13
Morbox
 
Miner.exe, TR/hijacker.Gen, etc? - Standard

Miner.exe, TR/hijacker.Gen, etc?



Sorry für die späte Antwort. Hatte zu tun. Aber sieht ja auch gut aus.

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.64  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 21  
 Adobe Flash Player 11.7.700.224  
 Mozilla Firefox (21.0) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Spybot Teatimer.exe is disabled! 
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Danke noch mal für alles (falls da nicht noch irgendwas ist )

Antwort

Themen zu Miner.exe, TR/hijacker.Gen, etc?
adobe flash player, bitcoinminer, coinminer, computer, explorer, flash player, google, grand theft auto, home, html/scrinject.b.gen, install.exe, logfile, programme, realtek, registry, richtlinie, search protect, security, suche, super, svchost.exe, tr/hijacker.gen, udp, win32/adware.addlyrics.f, win32/packed.vmprotect.aah, windows



Ähnliche Themen: Miner.exe, TR/hijacker.Gen, etc?


  1. Passwörter ausgepäht; Ständige Captcha Abfragen bei Google Suche; Bitcoin-Miner
    Log-Analyse und Auswertung - 27.04.2015 (7)
  2. Bitcoin Miner c:\windows\logs\logonui.exe
    Plagegeister aller Art und deren Bekämpfung - 20.11.2014 (8)
  3. Externe FP mit PUP.Optional.Miner
    Log-Analyse und Auswertung - 27.03.2014 (3)
  4. Synology-NAS-Geräte als Bitcoin-Miner missbraucht
    Nachrichten - 14.02.2014 (0)
  5. Windows 7: TimeServer.exe und WindowsTime.exe anscheinend GPU-Bitcoin-Miner
    Log-Analyse und Auswertung - 10.11.2013 (11)
  6. Windows 7: Ständige Grafikkarten-Treiber Abstürze, Freezes & Bluescreen... Verdacht auf Bitcoin-Miner o.ä!
    Log-Analyse und Auswertung - 31.10.2013 (10)
  7. Bitcoin Miner in svhost.exe erscheint nach Neustart wieder
    Plagegeister aller Art und deren Bekämpfung - 12.09.2013 (27)
  8. Coin-miner zieht alle ressourcen! Processor 100%
    Plagegeister aller Art und deren Bekämpfung - 19.06.2013 (24)
  9. Coin Miner,msdcsc entfernen
    Plagegeister aller Art und deren Bekämpfung - 11.06.2013 (42)
  10. Trojan.Droppper.BC.Miner + Rootkits
    Plagegeister aller Art und deren Bekämpfung - 19.11.2012 (13)
  11. Coin Miner Virus
    Überwachung, Datenschutz und Spam - 15.10.2011 (1)
  12. Hijacker deaktivier Taskmanager und Registry-Editor - Hijacker nicht entfernbar
    Plagegeister aller Art und deren Bekämpfung - 17.08.2010 (2)
  13. Hilfe!! Data Miner in Registry :o(
    Plagegeister aller Art und deren Bekämpfung - 16.01.2009 (1)
  14. Data Miner
    Log-Analyse und Auswertung - 01.02.2007 (1)
  15. Trojaner VBS.Psyme.x und JS.Miner
    Plagegeister aller Art und deren Bekämpfung - 01.06.2005 (5)
  16. Data Miner
    Antiviren-, Firewall- und andere Schutzprogramme - 04.04.2005 (12)
  17. Trojan Downloader JS Miner
    Plagegeister aller Art und deren Bekämpfung - 22.02.2005 (1)

Zum Thema Miner.exe, TR/hijacker.Gen, etc? - Hallo! Super, dass es sowas wie diese Seite gibt! Ich habe wegen Trojaner-Meldungen meinen Computer neu aufgesetzt und habe dabei nur die System-Partition gelöscht. Jetzt habe ich festgestellt, dass da - Miner.exe, TR/hijacker.Gen, etc?...
Archiv
Du betrachtest: Miner.exe, TR/hijacker.Gen, etc? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.