| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: email gehackt überprüft durch BSI-sicherheitstestWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.01.2014, 13:24
| #1 |
 |  email gehackt überprüft durch BSI-sicherheitstest ich hatte gestern in der Zeitung das gelesen das im Dezember über 16 Mio. emailadressen geknackt wurden sind, und man diese bzw man kann auf der Seite hxxp://www.sicherheitstest.bsi.de seine mail überprüfen ob sie dabei ist!! hab ich gemacht und ca. 30min später diese Mail erhalten: Sehr geehrte Dame, sehr geehrter Herr, Sie haben diese E-Mail erhalten, weil die E-Mail-Adresse webmaster@rxxxxxxe.de auf der Webseite www.sicherheitstest.bsi.de eingegeben und überprüft wurde. Die von Ihnen angegebene E-Mail-Adresse webmaster@ricoteube.de wurde zusammen mit dem Kennwort eines mit dieser E-Mail-Adresse verknüpften Online-Kontos von kriminellen Botnetzbetreibern gespeichert. Dieses Konto verwenden Sie möglicherweise bei einem Sozialen Netzwerk, einem Online-Shop, einem E-Mail-Dienst, beim Online-Banking oder einem anderen Internet-Dienst. so also ist meine auch gehackt wurden !! ich habe schon einige scans durchgeführt . OTL txt Code:
ATTFilter OTL logfile created on: 19.01.2014 19:16:18 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rico\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16428) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 30,17% Memory free 8,00 Gb Paging File | 3,32 Gb Available in Paging File | 41,51% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 232,07 Gb Free Space | 49,84% Space Free | Partition Type: NTFS Computer Name: RICO-PC | User Name: Rico | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Rico\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\afwServ.exe (AVAST Software) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Opera\18.0.1284.68\opera_crashreporter.exe () PRC - C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe (Opera Software) PRC - C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe (Overwolf) PRC - C:\Program Files (x86)\Overwolf\Overwolf.exe (Overwolf) PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) PRC - C:\Program Files (x86)\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) PRC - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com)) PRC - C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe (Haufe-Lexware GmbH & Co. KG) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) PRC - C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.) PRC - C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe () PRC - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) PRC - C:\Windows\SysWOW64\WerFault.exe (Microsoft Corporation) PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Users\Rico\Downloads\bison_webcam_windows_7_8_mixedfeelings\x64\BisonMnt.exe (ALi) PRC - C:\Program Files (x86)\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe (Ulead Systems, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Users\Rico\AppData\Local\Temp\sfamcc00001.dll () MOD - C:\Users\Rico\AppData\Local\Temp\sfareca00001.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll () MOD - C:\Program Files (x86)\Opera\18.0.1284.68\ffmpegsumo.dll () MOD - C:\Program Files (x86)\Opera\18.0.1284.68\opera_crashreporter.exe () MOD - C:\Program Files (x86)\Overwolf\OWExplorerLauncher.dll () MOD - C:\Program Files (x86)\Overwolf\CoreAudioApi.dll () MOD - C:\Program Files (x86)\Overwolf\OWService.dll () MOD - C:\Program Files (x86)\Overwolf\OWExplorer-20125.dll () MOD - C:\Program Files (x86)\Overwolf\OWAgent.dll () MOD - C:\Program Files (x86)\Overwolf\OWLog.dll () MOD - C:\Program Files (x86)\Overwolf\ODK.AddIns.V2.HostView.dll () MOD - C:\Program Files (x86)\Overwolf\OWServer.dll () MOD - C:\Programme\AVAST Software\Avast\libcef.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\3bc7ec22c021d74dce4f8230f3631fca\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\639f444db9491d25b5d158531e1f7d9b\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\034c34ee777c7a2efc9c631b1179211c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a2eb039301af47660eebc7566ce02b9c\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\05ca0ca95b6fcc0d710b63b6200cc178\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c4477b3ce64d0d612d1ab0dba425b77f\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b9fe579783a35b57dd7e69375f35e239\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ef90aeb894485d14b249d102309b6df3\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\4e69f1e7d86d79012db2d7e0dadc8880\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d91f3556f8011a5d48e1448e3fa8df9e\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\1f56d5786274992934de0c900431c447\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\79f6324a598a7c4446a4a1168be7c4b1\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\509f36ec564b9ad2bb2ffda3d4a3b5fc\CustomMarshalers.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\045c9588954c3662d542b53f4462268b\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8f5b881951592b2fd05f710650bf7e04\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\8b5820f1ec9218f4d824680844cef0aa\System.AddIn.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c664f44617c6a89edcc171fa8596c89d\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\35a6b66e089f9164215c96127a0c6276\System.AddIn.Contract.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () MOD - C:\Windows\system\BisonCam.dll () ========== Services (SafeList) ========== SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation) SRV:64bit: - (ftpsvc) -- C:\Windows\SysNative\inetsrv\ftpsvc.dll (Microsoft Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (TlntSvr) -- C:\Windows\SysNative\tlntsvr.exe (Microsoft Corporation) SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (avast! Firewall) -- C:\Programme\AVAST Software\Avast\afwServ.exe (AVAST Software) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (OverwolfUpdaterService) -- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe (Overwolf) SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (DymoPnpService) -- C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe (Sanford, L.P.) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (Lexware_Datenbank_Plus) -- C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.) SRV - (DokanMounter) -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe () SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found DRV:64bit: - (aswNdisFlt) -- C:\Windows\SysNative\drivers\aswndisflt.sys (AVAST Software) DRV:64bit: - (aswStm) -- C:\Windows\SysNative\drivers\aswstm.sys (AVAST Software) DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys () DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys () DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.) DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (MirayVirtualDisk) -- C:\Windows\SysNative\drivers\mvd.sys (Miray) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (NBVol) -- C:\Windows\SysNative\drivers\NBVol.sys (Nero AG) DRV:64bit: - (NBVolUp) -- C:\Windows\SysNative\drivers\NBVolUp.sys (Nero AG) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (Dokan) -- C:\Windows\SysNative\drivers\dokan.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (WinDriver6) -- C:\Windows\SysNative\drivers\windrvr6.sys (Jungo) DRV:64bit: - (smserial) -- C:\Windows\SysNative\drivers\smserial.sys (Motorola Inc.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (MODEMCSA) -- C:\Windows\SysNative\drivers\MODEMCSA.sys (Microsoft Corporation) DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (SiFilter) -- C:\Windows\SysNative\drivers\SiWinAcc.sys (Silicon Image, Inc.) DRV:64bit: - (SiRemFil) -- C:\Windows\SysNative\drivers\SiRemFil.sys (Silicon Image, Inc.) DRV:64bit: - (Si3531) -- C:\Windows\SysNative\drivers\Si3531.sys (Silicon Image, Inc) DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics) DRV:64bit: - (cam) -- C:\Windows\SysNative\drivers\BisonCam.sys (Bison Electronics. Inc. ) DRV:64bit: - (itecir) -- C:\Windows\SysNative\drivers\itecir.sys (Windows (R) Codename Longhorn DDK provider) DRV - (cleanhlp) -- C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys (Emsisoft GmbH) DRV - (a2injectiondriver) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys (Emsisoft GmbH) DRV - (a2acc) -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys (Emsisoft GmbH) DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsisoft GmbH) DRV - (a2util) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys (Emsisoft GmbH) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.1und1.de/links/home IE - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 B1 4F 2E 75 2C CE 01 [binary data] IE - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001\..\SearchScopes,DefaultScope = {E50F5235-42F7-4645-A154-1273E9B07D79} IE - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001\..\SearchScopes\{0E43910A-5DD5-4ED8-AE84-3F9F57E1BDCC}: "URL" = hxxp://search.zonealarm.com/search?src=sp&tbid=goughDev3&Lan=de&q={searchTerms}&gu=4a2cdd017bde441686a3bd96090f9767&tu=11J3y00Be1B0Ca0&sku=&tstsId=&ver=&&r=502 IE - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001\..\SearchScopes\{5F33918C-4091-439E-B1F9-657D6F60E62F}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms} IE - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001\..\SearchScopes\{612DD442-8392-467E-99AE-68F0376E1CA9}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms} IE - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001\..\SearchScopes\{E50F5235-42F7-4645-A154-1273E9B07D79}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms} IE - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001\..\SearchScopes\{E7359880-4F31-44D2-B6B6-D806AC158565}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms} IE - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.openintab: true FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:7.5 FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.1.2.02 FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2011.70 FF - prefs.js..extensions.enabledAddons: pluswinks%40PlusWinks:3.0.0.0 FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.14 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@dymo.com/DymoLabelFramework: C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@nielsen/FirefoxTracker: C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.12.28 10:23:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\netsight@nielsen.com: C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014.01.16 15:43:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2014.01.16 15:43:33 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014.01.16 15:43:33 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.2.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2014.01.16 15:43:33 | 000,000,000 | ---D | M] [2013.05.26 15:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rico\AppData\Roaming\mozilla\Extensions [2014.01.17 20:19:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rico\AppData\Roaming\mozilla\Firefox\Profiles\3w7xw9pt.default\extensions [2013.12.23 22:08:58 | 000,395,578 | ---- | M] () (No name found) -- C:\Users\Rico\AppData\Roaming\mozilla\firefox\profiles\3w7xw9pt.default\extensions\ffext_basicvideoext@startpage24.xpi [2014.01.17 18:56:13 | 000,095,372 | ---- | M] () (No name found) -- C:\Users\Rico\AppData\Roaming\mozilla\firefox\profiles\3w7xw9pt.default\extensions\pluswinks@PlusWinks.xpi [2013.08.14 12:28:12 | 000,534,563 | ---- | M] () (No name found) -- C:\Users\Rico\AppData\Roaming\mozilla\firefox\profiles\3w7xw9pt.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2013.11.03 19:44:48 | 000,022,189 | ---- | M] () (No name found) -- C:\Users\Rico\AppData\Roaming\mozilla\firefox\profiles\3w7xw9pt.default\extensions\{4ffdbce8-e472-482b-9e41-f464737776a5}.xpi [2013.06.26 15:24:23 | 000,030,502 | ---- | M] () (No name found) -- C:\Users\Rico\AppData\Roaming\mozilla\firefox\profiles\3w7xw9pt.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2013.12.21 22:00:06 | 000,152,142 | ---- | M] () (No name found) -- C:\Users\Rico\AppData\Roaming\mozilla\firefox\profiles\3w7xw9pt.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2014.01.17 19:04:24 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\Rico\AppData\Roaming\mozilla\firefox\profiles\3w7xw9pt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.11.02 12:30:32 | 000,778,022 | ---- | M] () (No name found) -- C:\Users\Rico\AppData\Roaming\mozilla\firefox\profiles\3w7xw9pt.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014.01.17 20:19:43 | 000,287,587 | ---- | M] () (No name found) -- C:\Users\Rico\AppData\Roaming\mozilla\firefox\profiles\3w7xw9pt.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013.12.20 11:41:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.12.20 11:41:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.12.20 11:41:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.12.28 10:23:31 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://www.google.de/ CHR - Extension: Session Manager = C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi\0.4_0\ CHR - Extension: Tampermonkey = C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.5.3630.77_0\ CHR - Extension: avast! Online Security = C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2011.70_0\ CHR - Extension: Google Wallet = C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\ O1 HOSTS File: ([2014.01.14 23:06:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (PROMT) - {892E81F6-EC63-4d13-8422-835A7A05D6EB} - C:\Program Files (x86)\PRMT8\PRMTIE\prmtie.dll (PROMT Ltd.) O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3:64bit: - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [RealTray] C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Ulead AutoDetector] C:\Program Files (x86)\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe (Ulead Systems, Inc.) O4 - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001..\Run: [Display Cache] C:\ProgramData\Display Fusion Cache0\wtnwkloct.exe (The Privoxy team - www.privoxy.org) O4 - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001..\Run: [HP Officejet 6700 (NET)] C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe (Overwolf) O4 - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe (Adobe Systems Incorporated) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2666592708-3794203733-3362275663-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Internet-Suche - C:\Program Files (x86)\PRMT8\PRMTIE\search.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Seite übersetzen - C:\Program Files (x86)\PRMT8\PRMTIE\page.htm () O8:64bit: - Extra context menu item: Übersetzen - C:\Program Files (x86)\PRMT8\PRMTIE\translat.htm () O8:64bit: - Extra context menu item: Übersetzungsoptionen anpassen - C:\Program Files (x86)\PRMT8\PRMTIE\options.htm () O8:64bit: - Extra context menu item: Unbekannte Wörter - C:\Program Files (x86)\PRMT8\PRMTIE\infopanel.htm () O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Internet-Suche - C:\Program Files (x86)\PRMT8\PRMTIE\search.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite übersetzen - C:\Program Files (x86)\PRMT8\PRMTIE\page.htm () O8 - Extra context menu item: Übersetzen - C:\Program Files (x86)\PRMT8\PRMTIE\translat.htm () O8 - Extra context menu item: Übersetzungsoptionen anpassen - C:\Program Files (x86)\PRMT8\PRMTIE\options.htm () O8 - Extra context menu item: Unbekannte Wörter - C:\Program Files (x86)\PRMT8\PRMTIE\infopanel.htm () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Übersetzungsoptionen anpassen - {4034D172-4C52-49de-A6A1-E75F8F591FEC} - C:\Program Files (x86)\PRMT8\PRMTIE\options.htm () O9 - Extra 'Tools' menuitem : Übersetzen - {A2DA13D5-AC77-43b7-963B-40445EBCB8E0} - C:\Program Files (x86)\PRMT8\PRMTIE\prmtie5.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab (SysInfo Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49946C3B-AD92-4FDA-858E-16D0CD604277}: DhcpNameServer = 192.168.5.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64772372-55CF-409F-8706-2A36E2D4D2E6}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.05.27 10:19:29 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014.01.19 19:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2014.01.19 19:23:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager [2014.01.19 19:23:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager [2014.01.19 18:57:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Display Fusion Cache0 [2014.01.19 16:22:28 | 000,000,000 | ---D | C] -- C:\Windows\BisonCam [2014.01.19 16:20:15 | 000,742,312 | ---- | C] (Bison Electronics. Inc. ) -- C:\Windows\SysNative\drivers\BisonCam.sys [2014.01.19 16:20:15 | 000,226,304 | ---- | C] (Bison Inc.) -- C:\Windows\SysNative\BisonR64.dll [2014.01.19 16:20:15 | 000,180,224 | ---- | C] (Bison Inc.) -- C:\Windows\SysWow64\BisonRem.dll [2014.01.19 16:20:15 | 000,180,224 | ---- | C] (Bison Inc.) -- C:\Windows\SysNative\BisonRem.dll [2014.01.17 15:43:19 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2014.01.17 15:42:49 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2014.01.17 15:42:49 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2014.01.17 15:42:49 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2014.01.17 12:39:57 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\City Interactive [2014.01.17 12:37:37 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll [2014.01.17 12:37:37 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll [2014.01.17 12:37:37 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll [2014.01.17 12:37:37 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll [2014.01.17 12:37:30 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll [2014.01.17 12:37:30 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll [2014.01.17 12:37:27 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll [2014.01.17 12:37:27 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll [2014.01.17 12:37:25 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll [2014.01.17 12:37:25 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll [2014.01.17 12:37:23 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll [2014.01.17 12:37:23 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll [2014.01.17 12:37:19 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll [2014.01.17 12:37:19 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll [2014.01.17 12:37:19 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll [2014.01.17 12:37:19 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll [2014.01.17 12:37:14 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll [2014.01.17 12:37:14 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll [2014.01.17 12:36:53 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll [2014.01.17 12:36:53 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll [2014.01.17 12:36:53 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll [2014.01.17 12:36:53 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll [2014.01.17 12:36:47 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll [2014.01.17 12:36:47 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll [2014.01.17 12:36:42 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll [2014.01.17 12:36:42 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll [2014.01.17 12:36:42 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll [2014.01.17 12:36:42 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll [2014.01.17 12:36:40 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll [2014.01.17 12:36:40 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll [2014.01.17 12:36:39 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll [2014.01.17 12:36:39 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll [2014.01.17 12:36:34 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll [2014.01.17 12:36:34 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll [2014.01.17 12:36:34 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll [2014.01.17 12:36:34 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll [2014.01.17 12:36:22 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll [2014.01.17 12:36:22 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll [2014.01.17 12:36:14 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll [2014.01.17 12:36:14 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll [2014.01.17 12:36:06 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll [2014.01.17 12:36:06 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll [2014.01.17 12:35:59 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll [2014.01.17 12:35:59 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll [2014.01.17 12:35:55 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll [2014.01.17 12:35:55 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll [2014.01.17 12:35:55 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll [2014.01.17 12:35:55 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll [2014.01.17 12:35:51 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll [2014.01.17 12:35:51 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll [2014.01.17 12:35:49 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll [2014.01.17 12:35:49 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll [2014.01.17 12:35:44 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll [2014.01.17 12:35:44 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll [2014.01.17 12:35:44 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll [2014.01.17 12:35:44 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll [2014.01.17 12:35:37 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll [2014.01.17 12:35:37 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll [2014.01.17 12:35:35 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll [2014.01.17 12:35:35 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll [2014.01.17 12:35:30 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll [2014.01.17 12:35:30 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll [2014.01.17 12:35:27 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll [2014.01.17 12:35:27 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll [2014.01.17 12:35:20 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll [2014.01.17 12:35:20 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll [2014.01.17 12:35:13 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll [2014.01.17 12:35:13 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll [2014.01.17 12:35:13 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll [2014.01.17 12:35:13 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll [2014.01.17 12:34:56 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll [2014.01.17 12:34:56 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll [2014.01.17 12:34:56 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll [2014.01.17 12:34:56 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll [2014.01.17 12:34:50 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll [2014.01.17 12:34:50 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll [2014.01.17 12:34:48 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll [2014.01.17 12:34:48 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll [2014.01.17 12:34:43 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll [2014.01.17 12:34:43 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll [2014.01.17 12:34:41 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll [2014.01.17 12:34:41 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll [2014.01.17 12:34:40 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll [2014.01.17 12:34:40 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll [2014.01.17 12:34:36 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll [2014.01.17 12:34:36 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll [2014.01.17 12:34:33 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll [2014.01.17 12:34:33 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll [2014.01.17 12:34:31 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll [2014.01.17 12:34:31 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll [2014.01.17 12:34:29 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll [2014.01.17 12:34:29 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll [2014.01.17 12:34:23 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll [2014.01.17 12:34:23 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll [2014.01.17 12:34:19 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll [2014.01.17 12:34:19 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll [2014.01.17 12:34:19 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll [2014.01.17 12:34:19 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll [2014.01.17 12:34:07 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll [2014.01.17 12:34:07 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll [2014.01.17 12:34:01 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll [2014.01.17 12:34:01 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll [2014.01.17 12:33:59 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll [2014.01.17 12:33:59 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll [2014.01.17 12:33:55 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll [2014.01.17 12:33:55 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll [2014.01.17 12:33:52 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll [2014.01.17 12:33:52 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll [2014.01.17 12:33:48 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll [2014.01.17 12:33:48 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll [2014.01.17 12:33:34 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll [2014.01.17 12:33:34 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll [2014.01.17 12:33:32 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll [2014.01.17 12:33:32 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll [2014.01.17 12:33:32 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll [2014.01.17 12:33:32 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll [2014.01.17 12:33:29 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll [2014.01.17 12:33:29 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll [2014.01.17 12:33:26 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll [2014.01.17 12:33:26 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll [2014.01.17 12:33:23 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll [2014.01.17 12:33:23 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll [2014.01.17 12:33:21 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll [2014.01.17 12:33:21 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll [2014.01.17 12:33:17 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll [2014.01.17 12:33:17 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll [2014.01.17 12:33:14 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll [2014.01.17 12:33:14 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll [2014.01.17 12:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive [2014.01.17 10:56:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\City Interactive [2014.01.15 02:28:17 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys [2014.01.15 02:28:17 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys [2014.01.15 02:28:02 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2014.01.14 23:39:10 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys [2014.01.14 23:06:03 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2014.01.14 22:46:44 | 000,000,000 | ---D | C] -- C:\ComboFix [2014.01.10 13:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2014.01.10 13:30:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2014.01.09 12:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan [2014.01.09 12:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations [2014.01.09 12:26:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations [2014.01.02 10:30:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2014.01.02 10:23:53 | 000,000,000 | ---D | C] -- C:\Users\Rico\AppData\Roaming\HpUpdate [2014.01.02 10:23:44 | 000,741,480 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPM5C12.dll [2014.01.02 10:23:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2014.01.02 10:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2014.01.02 10:17:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP [2014.01.02 10:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2014.01.02 10:12:54 | 000,000,000 | ---D | C] -- C:\Users\Rico\AppData\Local\HP [2013.12.28 10:23:38 | 000,079,672 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys [2013.12.27 10:05:16 | 000,000,000 | ---D | C] -- C:\Users\Rico\Desktop\NPL.15.0.02200 [2013.12.25 13:42:58 | 000,839,168 | ---- | C] (LaCourgette) -- C:\Users\Rico\Desktop\XVM_Updater.exe [2013.12.24 14:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hex-Editor MX [2013.12.24 14:11:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hex-Editor MX [2013.12.23 13:31:23 | 000,000,000 | ---D | C] -- C:\Users\Rico\.android [2013.12.23 13:31:16 | 000,000,000 | ---D | C] -- C:\Users\Rico\AppData\Local\cache [2013.12.23 13:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint [2013.12.23 13:01:29 | 000,000,000 | ---D | C] -- C:\Users\Rico\AppData\Roaming\DigitalSites [2013.12.21 21:05:57 | 000,000,000 | ---D | C] -- C:\Users\Rico\Desktop\logfiles [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014.01.19 19:05:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014.01.19 19:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014.01.19 19:04:59 | 000,003,619 | ---- | M] () -- C:\Windows\KernelMessage [2014.01.19 19:00:51 | 000,009,392 | ---- | M] () -- C:\Users\Rico\Documents\cc_20140119_190047.reg [2014.01.19 18:47:04 | 000,021,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014.01.19 18:47:04 | 000,021,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014.01.19 12:05:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014.01.19 10:45:54 | 000,002,528 | ---- | M] () -- C:\Users\Rico\Documents\cc_20140119_104549.reg [2014.01.19 09:37:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014.01.18 23:09:17 | 000,001,922 | ---- | M] () -- C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk [2014.01.18 23:09:12 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2014.01.18 23:08:03 | 3219,988,480 | -HS- | M] () -- C:\hiberfil.sys [2014.01.17 12:29:42 | 000,002,132 | ---- | M] () -- C:\Users\Rico\Desktop\Wolfschanze II.lnk [2014.01.17 11:19:35 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\1&1 Control-Center.lnk [2014.01.17 11:19:35 | 000,002,085 | ---- | M] () -- C:\Users\Public\Desktop\1&1 Webmailer.lnk [2014.01.17 11:19:35 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\1&1 EasyLogin.lnk [2014.01.16 16:38:28 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2014.01.16 16:38:28 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2014.01.16 11:14:16 | 001,629,372 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014.01.16 11:14:16 | 000,703,214 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2014.01.16 11:14:16 | 000,657,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014.01.16 11:14:16 | 000,150,822 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2014.01.16 11:14:16 | 000,123,218 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014.01.15 13:29:25 | 000,002,251 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2014.01.15 03:21:14 | 000,494,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014.01.15 00:06:08 | 000,199,113 | ---- | M] () -- C:\Users\Rico\AppData\Local\census.cache [2014.01.15 00:05:57 | 000,124,978 | ---- | M] () -- C:\Users\Rico\AppData\Local\ars.cache [2014.01.14 23:35:11 | 000,000,036 | ---- | M] () -- C:\Users\Rico\AppData\Local\housecall.guid.cache [2014.01.14 23:06:00 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2014.01.14 22:36:33 | 000,016,405 | ---- | M] () -- C:\Users\Rico\Documents\hijackthis14.01 [2014.01.12 09:39:54 | 000,001,000 | ---- | M] () -- C:\Users\Rico\Documents\MailShield.der [2014.01.10 13:39:00 | 000,000,196 | ---- | M] () -- C:\Users\Rico\Documents\cc_20140110_133857.reg [2014.01.10 13:38:37 | 000,012,518 | ---- | M] () -- C:\Users\Rico\Documents\cc_20140110_133827.reg [2014.01.10 13:37:58 | 000,175,518 | ---- | M] () -- C:\Users\Rico\Documents\cc_20140110_133744.reg [2014.01.10 13:31:08 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2014.01.10 13:08:58 | 000,001,637 | ---- | M] () -- C:\Users\Public\Desktop\World of Tanks.lnk [2014.01.09 12:26:54 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk [2014.01.08 22:23:49 | 000,439,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswndisflt.sys [2014.01.07 15:10:42 | 000,226,431 | ---- | M] () -- C:\Users\Rico\Documents\kontoauszug 07.01.14 [2014.01.03 13:04:50 | 000,125,751 | ---- | M] () -- C:\Users\Rico\Documents\Kfz Steuern versicherung.xps [2014.01.03 13:04:01 | 000,133,668 | ---- | M] () -- C:\Users\Rico\Documents\Fahrkosten 2.xps [2014.01.03 13:03:32 | 000,129,810 | ---- | M] () -- C:\Users\Rico\Documents\Fahrkosten2012.xps [2014.01.02 10:23:41 | 000,002,152 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet 6700.lnk [2014.01.02 10:14:24 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini [2013.12.28 10:25:36 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk [2013.12.28 10:25:36 | 000,001,972 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk [2013.12.28 10:24:15 | 000,079,672 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys [2013.12.28 10:23:20 | 001,034,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2013.12.28 10:23:20 | 000,207,904 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2013.12.28 10:23:19 | 000,422,216 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2013.12.28 10:23:19 | 000,078,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2013.12.28 10:23:18 | 000,334,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2013.12.28 10:23:15 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2013.12.24 14:12:18 | 000,001,959 | ---- | M] () -- C:\Users\Rico\Desktop\Hex-Editor MX.lnk [2013.12.24 13:32:10 | 000,001,133 | ---- | M] () -- C:\Users\Rico\Desktop\JRT (1) - Verknüpfung.lnk [2013.12.24 04:46:24 | 000,839,168 | ---- | M] (LaCourgette) -- C:\Users\Rico\Desktop\XVM_Updater.exe [2013.12.21 21:04:30 | 000,000,000 | ---- | M] () -- C:\Users\Rico\defogger_reenable [2013.12.21 21:03:25 | 000,001,200 | ---- | M] () -- C:\Users\Rico\Desktop\gmer_2.1.19163 - Verknüpfung.lnk [2013.12.21 21:03:18 | 000,001,126 | ---- | M] () -- C:\Users\Rico\Desktop\FRST64 -.lnk [2013.12.21 21:03:06 | 000,000,747 | ---- | M] () -- C:\Users\Rico\Desktop\Defogger - Verknüpfung.lnk [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2014.01.19 19:00:49 | 000,009,392 | ---- | C] () -- C:\Users\Rico\Documents\cc_20140119_190047.reg [2014.01.19 16:22:53 | 000,003,619 | ---- | C] () -- C:\Windows\KernelMessage [2014.01.19 16:20:15 | 000,180,224 | ---- | C] () -- C:\Windows\System\StillDrv.dll [2014.01.19 16:20:15 | 000,172,032 | ---- | C] () -- C:\Windows\System\BisonCam.dll [2014.01.19 16:20:15 | 000,135,168 | ---- | C] () -- C:\Windows\System\BisonVfw.dll [2014.01.19 16:20:15 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini [2014.01.19 16:20:15 | 000,013,448 | ---- | C] () -- C:\Windows\M2000Twn.src [2014.01.19 16:20:15 | 000,002,264 | ---- | C] () -- C:\Windows\System\S20H0220.csr [2014.01.19 16:20:15 | 000,002,264 | ---- | C] () -- C:\Windows\System\S20F0220.csr [2014.01.19 10:45:52 | 000,002,528 | ---- | C] () -- C:\Users\Rico\Documents\cc_20140119_104549.reg [2014.01.17 12:29:42 | 000,002,132 | ---- | C] () -- C:\Users\Rico\Desktop\Wolfschanze II.lnk [2014.01.17 11:19:35 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\1&1 Webmailer.lnk [2014.01.15 00:06:08 | 000,199,113 | ---- | C] () -- C:\Users\Rico\AppData\Local\census.cache [2014.01.15 00:05:57 | 000,124,978 | ---- | C] () -- C:\Users\Rico\AppData\Local\ars.cache [2014.01.14 23:35:11 | 000,000,036 | ---- | C] () -- C:\Users\Rico\AppData\Local\housecall.guid.cache [2014.01.14 22:36:33 | 000,016,405 | ---- | C] () -- C:\Users\Rico\Documents\hijackthis14.01 [2014.01.10 13:38:59 | 000,000,196 | ---- | C] () -- C:\Users\Rico\Documents\cc_20140110_133857.reg [2014.01.10 13:38:35 | 000,012,518 | ---- | C] () -- C:\Users\Rico\Documents\cc_20140110_133827.reg [2014.01.10 13:37:48 | 000,175,518 | ---- | C] () -- C:\Users\Rico\Documents\cc_20140110_133744.reg [2014.01.10 13:31:08 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2014.01.09 12:26:54 | 000,001,995 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk [2014.01.07 15:10:40 | 000,226,431 | ---- | C] () -- C:\Users\Rico\Documents\kontoauszug 07.01.14 [2014.01.03 13:04:49 | 000,125,751 | ---- | C] () -- C:\Users\Rico\Documents\Kfz Steuern versicherung.xps [2014.01.03 13:04:01 | 000,133,668 | ---- | C] () -- C:\Users\Rico\Documents\Fahrkosten 2.xps [2014.01.03 13:03:32 | 000,129,810 | ---- | C] () -- C:\Users\Rico\Documents\Fahrkosten2012.xps [2014.01.02 10:38:14 | 000,001,922 | ---- | C] () -- C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk [2014.01.02 10:24:30 | 000,000,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk [2014.01.02 10:23:41 | 000,002,152 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 6700.lnk [2014.01.02 10:14:24 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2013.12.24 14:12:18 | 000,001,959 | ---- | C] () -- C:\Users\Rico\Desktop\Hex-Editor MX.lnk [2013.12.24 13:32:10 | 000,001,133 | ---- | C] () -- C:\Users\Rico\Desktop\JRT (1) - Verknüpfung.lnk [2013.12.23 13:18:53 | 000,696,832 | ---- | C] () -- C:\Windows\SysNative\xvidcore.dll [2013.12.23 13:18:53 | 000,255,488 | ---- | C] () -- C:\Windows\SysNative\xvidvfw.dll [2013.12.23 13:18:51 | 000,173,568 | ---- | C] () -- C:\Windows\SysNative\xvid.ax [2013.12.23 13:18:43 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax [2013.12.23 13:18:38 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2013.12.23 13:18:37 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2013.12.21 21:04:30 | 000,000,000 | ---- | C] () -- C:\Users\Rico\defogger_reenable [2013.12.21 21:03:25 | 000,001,200 | ---- | C] () -- C:\Users\Rico\Desktop\gmer_2.1.19163 - Verknüpfung.lnk [2013.12.21 21:03:18 | 000,001,126 | ---- | C] () -- C:\Users\Rico\Desktop\FRST64 -.lnk [2013.12.21 21:03:06 | 000,000,747 | ---- | C] () -- C:\Users\Rico\Desktop\Defogger - Verknüpfung.lnk [2013.12.12 17:03:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013.11.27 23:02:58 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI [2013.10.18 13:35:39 | 000,011,491 | ---- | C] () -- C:\Windows\Studio7.ini [2013.10.18 13:34:29 | 000,196,096 | ---- | C] () -- C:\Windows\SysWow64\MACD32.DLL [2013.10.18 13:34:29 | 000,138,752 | ---- | C] () -- C:\Windows\SysWow64\MASE32.DLL [2013.10.18 13:34:29 | 000,136,192 | ---- | C] () -- C:\Windows\SysWow64\Mamc32d.dll [2013.10.18 13:34:29 | 000,136,192 | ---- | C] () -- C:\Windows\SysWow64\MAMC32.DLL [2013.10.18 13:34:29 | 000,057,856 | ---- | C] () -- C:\Windows\SysWow64\MASD32.DLL [2013.10.18 13:34:29 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\MA32.DLL [2013.10.13 18:59:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.10.13 18:59:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.10.13 18:59:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.10.13 18:59:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.10.13 18:59:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.08.19 18:17:16 | 000,483,328 | ---- | C] () -- C:\Windows\ssndii.exe [2013.07.27 12:07:13 | 000,000,036 | ---- | C] () -- C:\Windows\iltwain.ini [2013.07.27 12:06:48 | 000,009,391 | ---- | C] () -- C:\Windows\SysWow64\dymourl.ini [2013.07.27 12:06:21 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\DYMOCFG.DLL [2013.07.27 12:06:21 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\lmmonres.dll [2013.07.19 10:41:49 | 000,007,629 | ---- | C] () -- C:\Users\Rico\AppData\Local\Resmon.ResmonCfg [2013.05.28 18:32:52 | 000,000,216 | ---- | C] () -- C:\Windows\ulead32.ini [2013.05.25 10:03:59 | 001,603,652 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.04.18 18:07:00 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2013.04.18 18:06:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2013.04.18 18:06:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2013.04.18 18:06:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2013.04.18 18:06:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2013.03.21 15:29:42 | 000,207,928 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll [2013.03.21 15:29:42 | 000,138,808 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll [2013.03.21 15:29:42 | 000,074,808 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll [2013.03.21 15:29:40 | 000,319,032 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.06.08 13:10:54 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\7road [2013.12.04 03:30:32 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\AVAST Software [2013.05.25 11:35:49 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\CDXReader [2013.12.23 13:01:29 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\DigitalSites [2013.08.12 21:00:08 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\GHISLER [2013.06.07 22:02:07 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\ImgBurn [2013.05.27 11:26:43 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Keseling [2013.12.23 13:16:39 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\LavFilters [2013.11.24 20:34:42 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Lexware [2013.06.13 14:49:52 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\multilizer [2013.05.25 09:35:49 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\mypcdrivers [2014.01.19 19:27:33 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\NetSpeedMonitor [2013.11.03 20:48:44 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Opera Software [2013.06.14 13:44:19 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Samsung [2013.12.31 13:47:01 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\TeamViewer [2013.05.26 15:53:38 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Thunderbird [2014.01.19 10:45:10 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\TS3Client [2013.12.04 12:35:37 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Ulead Systems [2013.05.31 14:30:33 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Wargaming.net ========== Purity Check ========== < End of report > Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.18.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 Rico :: RICO-PC [limitiert] 18.01.2014 20:43:42 mbam-log-2014-01-18 (20-43-42).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 227492 Laufzeit: 27 Minute(n), Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) defrogger log Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:42 on 18/01/2014 (Rico)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
__________________ Windows 10 pro 64 bit Opera 55.0 Vivaldi,FF.Thunderbird ESET IS |
|
22.01.2014, 13:53
| #2 |
| /// TB-Ausbilder   | email gehackt überprüft durch BSI-sicherheitstest Hallo,
__________________ja bei dir läuft solche Malware!  Warnung: InfostealerAus deinen Logs ist ersichtlich, dass du Malware eingefangen hast, die es speziell auf deine sensitiven Daten (Benutzernamen, Passwörter, Onlinebankingzugangsdaten, etc.) abgesehen hat. Man kann nicht genau wissen, was alles mitgeloggt wurde, aber sicherheitshalber würd ich alle auf diesem Rechner eingegebenen Daten und Passwörter als bekannt voraussetzen. Ich würde dir daher raten, zum Schluss oder von einem sauberen Rechner aus sämtliche Zugangsdaten, welche an diesem Rechner verwendet wurden, zu ändern. Schritt 1 Scan mit Combofix
Schritt 2 Starte noch einmal FRST.
__________________ |
|
22.01.2014, 17:13
| #3 |
| | email gehackt überprüft durch BSI-sicherheitstest so combofix ist durch ohne fehlermeldung rechner neu gestartet automatisch und log erstellt.
__________________FRST gestartet und Logs erstellt. ach ja hab den großteil bzw die wichtigsten PW für email und anderes schon geändert mit Galaxy Tab (android)
__________________ |
|
22.01.2014, 17:18
| #4 |
| /// TB-Ausbilder | email gehackt überprüft durch BSI-sicherheitstest Ok, weiter: Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKCU\...\Run: [Display Cache] - C:\ProgramData\Display Fusion Cache0\wtnwkloct.exe [348160 2014-01-18] (The Privoxy team - www.privoxy.org)
2014-01-19 18:57 - 2014-01-22 17:01 - 00000000 __SHD C:\ProgramData\Display Fusion Cache0
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 ESET Online Scanner
Schritt 4 Starte noch einmal FRST.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
23.01.2014, 13:56
| #5 |
| | email gehackt überprüft durch BSI-sicherheitstest so alles durchgeführt: fixlog.txt Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-01-2014
Ran by Rico at 2014-01-22 17:27:39 Run:1
Running from C:\Users\Rico\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKCU\...\Run: [Display Cache] - C:\ProgramData\Display Fusion Cache0\wtnwkloct.exe [348160 2014-01-18] (The Privoxy team - www.privoxy.org)
2014-01-19 18:57 - 2014-01-22 17:01 - 00000000 __SHD C:\ProgramData\Display Fusion Cache0
*****************
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Display Cache => Value not found.
C:\ProgramData\Display Fusion Cache0 => Moved successfully.
==== End of Fixlog ====
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.22.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 Rico :: RICO-PC [Administrator] 22.01.2014 17:29:53 mbam-log-2014-01-22 (17-29-53).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 228921 Laufzeit: 6 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ffe707fda465ce4581de7f3ffdd0d850
# engine=16754
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-22 08:17:52
# local_time=2014-01-22 09:17:52 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=772 16777213 83 82 1928030 4454481 0 0
# compatibility_mode=5893 16776574 100 94 267600 142051722 0 0
# scanned=243678
# found=1
# cleaned=0
# scan_time=12611
sh=4C62472AEF98C838C50309FA494B9AA6A8BE0997 ft=1 fh=31981823818e7d00 vn="Win32/AdWare.1ClickDownload.AQ application" ac=I fn="C:\Users\Rico\AppData\Roaming\Opera Software\Opera Stable\File System\000\t\00\00000000"
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-01-2014 02
Ran by Rico (administrator) on RICO-PC on 22-01-2014 21:27:31
Running from C:\Users\Rico\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
() C:\Program Files (x86)\Opera\18.0.1284.68\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SMSERIAL] - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1702400 2009-10-26] (Motorola Inc.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM-x32\...\Run: [Ulead AutoDetector] - C:\Program Files (x86)\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe [45056 2003-03-24] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1493288 2012-01-13] (Nero AG)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM-x32\...\Run: [RealTray] - C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe [26112 2013-10-18] (RealNetworks, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-28] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKCU\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [35768 2013-12-09] (Overwolf)
HKCU\...\Run: [Speech Recognition] - C:\Windows\Speech\Common\sapisvr.exe [44544 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [HP Officejet 6700 (NET)] - C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
Startup: C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.1und1.de/links/home
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x26B14F2E752CCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - DefaultScope {E50F5235-42F7-4645-A154-1273E9B07D79} URL = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}
SearchScopes: HKCU - {0E43910A-5DD5-4ED8-AE84-3F9F57E1BDCC} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughDev3&Lan=de&q={searchTerms}&gu=4a2cdd017bde441686a3bd96090f9767&tu=11J3y00Be1B0Ca0&sku=&tstsId=&ver=&&r=502
SearchScopes: HKCU - {5F33918C-4091-439E-B1F9-657D6F60E62F} URL = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
SearchScopes: HKCU - {612DD442-8392-467E-99AE-68F0376E1CA9} URL = hxxp://go.web.de/suchbox/google?q={searchTerms}
SearchScopes: HKCU - {E50F5235-42F7-4645-A154-1273E9B07D79} URL = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}
SearchScopes: HKCU - {E7359880-4F31-44D2-B6B6-D806AC158565} URL = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - PROMT - {892E81F6-EC63-4d13-8422-835A7A05D6EB} - C:\Program Files (x86)\PRMT8\PRMTIE\prmtie.dll (PROMT Ltd.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.5.2
Tcpip\..\Interfaces\{64772372-55CF-409F-8706-2A36E2D4D2E6}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FireFox:
========
FF ProfilePath: C:\Users\Rico\AppData\Roaming\Mozilla\Firefox\Profiles\3w7xw9pt.default
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @dymo.com/DymoLabelFramework - C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @nielsen/FirefoxTracker - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Video Downloader professional - C:\Users\Rico\AppData\Roaming\Mozilla\Firefox\Profiles\3w7xw9pt.default\Extensions\ffext_basicvideoext@startpage24.xpi [2013-06-11]
FF Extension: PlusWinks - C:\Users\Rico\AppData\Roaming\Mozilla\Firefox\Profiles\3w7xw9pt.default\Extensions\pluswinks@PlusWinks.xpi [2013-06-08]
FF Extension: Session Manager - C:\Users\Rico\AppData\Roaming\Mozilla\Firefox\Profiles\3w7xw9pt.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2013-05-28]
FF Extension: {4ffdbce8-e472-482b-9e41-f464737776a5} - C:\Users\Rico\AppData\Roaming\Mozilla\Firefox\Profiles\3w7xw9pt.default\Extensions\{4ffdbce8-e472-482b-9e41-f464737776a5}.xpi [2013-11-03]
FF Extension: ReloadEvery - C:\Users\Rico\AppData\Roaming\Mozilla\Firefox\Profiles\3w7xw9pt.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2013-06-21]
FF Extension: ImTranslator - C:\Users\Rico\AppData\Roaming\Mozilla\Firefox\Profiles\3w7xw9pt.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2013-06-01]
FF Extension: Adblock Plus - C:\Users\Rico\AppData\Roaming\Mozilla\Firefox\Profiles\3w7xw9pt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-14]
FF Extension: Tab Mix Plus - C:\Users\Rico\AppData\Roaming\Mozilla\Firefox\Profiles\3w7xw9pt.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-05-28]
FF Extension: Greasemonkey - C:\Users\Rico\AppData\Roaming\Mozilla\Firefox\Profiles\3w7xw9pt.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-05-28]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-25]
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi
Chrome:
=======
CHR HomePage: hxxp://www.google.de/
CHR Extension: (Session Manager) - C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2013-12-21]
CHR Extension: (Tampermonkey) - C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2013-12-21]
CHR Extension: (avast! Online Security) - C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-20]
CHR Extension: (Google Wallet) - C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-10]
CHR HKLM-x32\...\Chrome\Extension: [bebnnlollpcjnfpkafhoclljaojgnfok] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx [2013-10-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-12-02]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4153784 2013-11-08] (Emsisoft GmbH)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-28] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2013-12-28] (AVAST Software)
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] ()
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2013-03-05] (Sanford, L.P.)
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-06-01] (Microsoft Corporation)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2013-11-21] (Futuremark)
R2 Lexware_Datenbank_Plus; C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [83248 2011-06-29] (iAnywhere Solutions, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [96184 2013-12-09] (Overwolf)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [70960 2013-09-05] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-05] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [17384 2013-03-28] (Emsisoft GmbH)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2013-12-02] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2013-12-28] (AVAST Software)
R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [439648 2014-01-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2013-12-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2013-12-28] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2013-12-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-28] ()
R3 cam; C:\Windows\System32\Drivers\BisonCam.sys [742312 2007-09-07] (Bison Electronics. Inc. )
S3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-09-30] (Emsisoft GmbH)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [47104 2007-01-08] (Windows (R) Codename Longhorn DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MirayVirtualDisk; C:\Windows\System32\DRIVERS\mvd.sys [108624 2013-02-15] (Miray)
R3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-14] (Microsoft Corporation)
R0 Si3531; C:\Windows\System32\DRIVERS\Si3531.sys [333864 2009-02-09] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22568 2009-02-09] (Silicon Image, Inc.)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [16936 2009-02-09] (Silicon Image, Inc.)
R3 smserial; C:\Windows\System32\DRIVERS\smserial.sys [1202688 2009-10-26] (Motorola Inc.)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2010-07-15] (Jungo)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\cbfx\catchme.sys [x]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [x]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-22 17:45 - 2014-01-22 17:45 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-22 17:43 - 2014-01-22 17:43 - 00347816 _____ (Microsoft Corporation) C:\Users\Rico\Downloads\MicrosoftFixit.Devices.RNP.31313582261217743.2.1.Run.exe
2014-01-22 17:40 - 2014-01-22 17:40 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Rico\Downloads\mbar-1.07.0.1008.exe
2014-01-22 17:28 - 2014-01-22 17:28 - 02347384 _____ (ESET) C:\Users\Rico\Downloads\esetsmartinstaller_enu.exe
2014-01-22 17:24 - 2014-01-22 17:27 - 00000241 _____ C:\Users\Rico\Desktop\Fixlist.txt
2014-01-22 17:04 - 2014-01-22 17:04 - 00034437 _____ C:\ComboFix.txt
2014-01-22 16:59 - 2014-01-22 16:59 - 00000782 _____ C:\Windows\PFRO.log
2014-01-22 16:38 - 2014-01-22 16:39 - 05173757 ____R (Swearware) C:\Users\Rico\Downloads\cbfx.exe
2014-01-22 16:34 - 2014-01-22 16:35 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Rico\Downloads\mbar-1.07.0.1008 (2).exe
2014-01-22 14:22 - 2014-01-22 15:57 - 00001204 _____ C:\Users\Rico\Downloads\Password Generator Settings.xml
2014-01-22 14:12 - 2014-01-22 14:16 - 00487424 _____ (murb) C:\Users\Rico\Downloads\PasswordGenerator_2.exe
2014-01-21 12:49 - 2014-01-21 12:49 - 00001047 _____ C:\Users\Public\Desktop\MyLanViewer.lnk
2014-01-21 12:49 - 2014-01-21 12:49 - 00000000 ____D C:\Program Files (x86)\MyLanViewer
2014-01-21 12:45 - 2014-01-21 12:48 - 07914706 _____ C:\Users\Rico\Downloads\LAN.rar
2014-01-20 22:01 - 2014-01-20 22:01 - 00001192 _____ C:\Users\Public\Desktop\3DMark.lnk
2014-01-20 21:59 - 2014-01-20 21:59 - 00000000 ____D C:\Program Files\Futuremark
2014-01-20 21:59 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-01-20 21:59 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-01-20 21:59 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-01-20 21:59 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-01-20 21:59 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-01-20 21:59 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-01-20 21:59 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-01-20 21:59 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-01-20 21:59 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-01-20 21:59 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-01-20 21:59 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-01-20 21:58 - 2014-01-20 21:58 - 00000359 _____ C:\Windows\DirectX.log
2014-01-20 21:58 - 2014-01-20 21:58 - 00000000 ____D C:\Program Files (x86)\Futuremark
2014-01-20 21:58 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-01-20 21:58 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-01-20 21:58 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-01-20 21:58 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-01-20 21:56 - 2014-01-20 21:58 - 00000000 ____D C:\ProgramData\Package Cache
2014-01-20 14:40 - 2014-01-20 15:01 - 1007522262 _____ C:\Users\Rico\Downloads\3DMark-v1-2-250.zip
2014-01-19 19:28 - 2014-01-19 19:28 - 00157314 _____ C:\Users\Rico\Downloads\OTL.Txt
2014-01-19 19:28 - 2014-01-19 19:28 - 00073646 _____ C:\Users\Rico\Downloads\Extras.Txt
2014-01-19 19:23 - 2014-01-19 19:43 - 00000000 ____D C:\ProgramData\SecTaskMan
2014-01-19 19:23 - 2014-01-19 19:23 - 02365840 _____ C:\Users\Rico\Downloads\SecurityTaskManager_Setup.exe
2014-01-19 19:23 - 2014-01-19 19:23 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2014-01-19 19:15 - 2014-01-19 19:15 - 00602112 _____ (OldTimer Tools) C:\Users\Rico\Downloads\OTL.exe
2014-01-19 19:00 - 2014-01-19 19:00 - 00009392 _____ C:\Users\Rico\Documents\cc_20140119_190047.reg
2014-01-19 18:56 - 2014-01-19 18:57 - 00000000 ____D C:\Users\Rico\Downloads\private_photo_archive
2014-01-19 18:52 - 2014-01-20 05:16 - 754869373 _____ C:\Users\Rico\Downloads\FujitsuSiemes_Amilo_xa2528_Treiber_Win7x64_WinXPx86_MultiUpload.biz.7z
2014-01-19 17:20 - 2014-01-19 17:20 - 17590890 _____ C:\Users\Rico\Downloads\FTS_RealtekHighDefinitionAudio_6015413_1012925.zip
2014-01-19 16:22 - 2014-01-22 10:05 - 00004672 _____ C:\Windows\KernelMessage
2014-01-19 16:22 - 2014-01-19 16:22 - 00000000 ____D C:\Windows\BisonCam
2014-01-19 16:20 - 2014-01-19 16:20 - 00000000 ____D C:\Users\Rico\Downloads\bison_webcam_windows_7_8_mixedfeelings
2014-01-19 16:20 - 2007-09-07 00:00 - 00742312 _____ (Bison Electronics. Inc. ) C:\Windows\system32\Drivers\BisonCam.sys
2014-01-19 16:20 - 2007-09-07 00:00 - 00226304 _____ (Bison Inc.) C:\Windows\system32\BisonR64.dll
2014-01-19 16:20 - 2007-09-07 00:00 - 00180224 _____ (Bison Inc.) C:\Windows\SysWOW64\BisonRem.dll
2014-01-19 16:20 - 2007-09-07 00:00 - 00180224 _____ (Bison Inc.) C:\Windows\system32\BisonRem.dll
2014-01-19 16:20 - 2007-09-07 00:00 - 00180224 _____ () C:\Windows\system\StillDrv.dll
2014-01-19 16:20 - 2007-09-07 00:00 - 00135168 _____ () C:\Windows\system\BisonVfw.dll
2014-01-19 16:20 - 2007-09-07 00:00 - 00015190 _____ C:\Windows\M2000Twn.ini
2014-01-19 16:20 - 2007-09-07 00:00 - 00013448 _____ C:\Windows\M2000Twn.src
2014-01-19 16:20 - 2007-09-07 00:00 - 00002264 _____ C:\Windows\system\S20H0220.csr
2014-01-19 16:20 - 2007-09-07 00:00 - 00002264 _____ C:\Windows\system\S20F0220.csr
2014-01-19 16:15 - 2014-01-22 17:00 - 00000056 _____ C:\Windows\setupact.log
2014-01-19 16:15 - 2014-01-19 16:15 - 00000000 _____ C:\Windows\setuperr.log
2014-01-19 16:13 - 2014-01-19 16:13 - 01789597 _____ C:\Users\Rico\Downloads\bison_webcam_windows_7_8_mixedfeelings.zip
2014-01-19 10:45 - 2014-01-19 10:45 - 00002528 _____ C:\Users\Rico\Documents\cc_20140119_104549.reg
2014-01-17 15:43 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-17 15:42 - 2014-01-17 15:42 - 00005298 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-17 15:42 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-17 15:42 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-17 15:42 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-17 12:39 - 2014-01-17 12:39 - 00000000 ____D C:\Users\Public\Documents\City Interactive
2014-01-17 12:37 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-01-17 12:37 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2014-01-17 12:37 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2014-01-17 12:37 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-01-17 12:37 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-01-17 12:37 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2014-01-17 12:37 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-01-17 12:37 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-01-17 12:37 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2014-01-17 12:37 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2014-01-17 12:37 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2014-01-17 12:37 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2014-01-17 12:37 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-01-17 12:37 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-01-17 12:37 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-01-17 12:37 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-01-17 12:37 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-01-17 12:37 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-01-17 12:36 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-01-17 12:36 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-01-17 12:36 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-01-17 12:36 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-01-17 12:36 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-01-17 12:36 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-01-17 12:36 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-01-17 12:36 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2014-01-17 12:36 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2014-01-17 12:36 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-01-17 12:36 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-01-17 12:36 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2014-01-17 12:36 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2014-01-17 12:36 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-01-17 12:36 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2014-01-17 12:36 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2014-01-17 12:36 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-01-17 12:36 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2014-01-17 12:36 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-01-17 12:36 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2014-01-17 12:36 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-01-17 12:36 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2014-01-17 12:36 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2014-01-17 12:36 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-01-17 12:35 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-01-17 12:35 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2014-01-17 12:35 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-01-17 12:35 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2014-01-17 12:35 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-01-17 12:35 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2014-01-17 12:35 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-01-17 12:35 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2014-01-17 12:35 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-01-17 12:35 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2014-01-17 12:35 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-01-17 12:35 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2014-01-17 12:35 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2014-01-17 12:35 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2014-01-17 12:35 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-01-17 12:35 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2014-01-17 12:35 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-01-17 12:35 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2014-01-17 12:35 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2014-01-17 12:35 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2014-01-17 12:35 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2014-01-17 12:35 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2014-01-17 12:35 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-01-17 12:35 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2014-01-17 12:35 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-01-17 12:35 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2014-01-17 12:35 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2014-01-17 12:35 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2014-01-17 12:34 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2014-01-17 12:34 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2014-01-17 12:34 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-01-17 12:34 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2014-01-17 12:34 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-01-17 12:34 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2014-01-17 12:34 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2014-01-17 12:34 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2014-01-17 12:34 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-01-17 12:34 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-01-17 12:34 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-01-17 12:34 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2014-01-17 12:34 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2014-01-17 12:34 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2014-01-17 12:34 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-01-17 12:34 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2014-01-17 12:34 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-01-17 12:34 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2014-01-17 12:34 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2014-01-17 12:34 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2014-01-17 12:34 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2014-01-17 12:34 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2014-01-17 12:34 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-01-17 12:34 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2014-01-17 12:34 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2014-01-17 12:34 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2014-01-17 12:34 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2014-01-17 12:34 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2014-01-17 12:34 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2014-01-17 12:34 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2014-01-17 12:34 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2014-01-17 12:34 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2014-01-17 12:33 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2014-01-17 12:33 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2014-01-17 12:33 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2014-01-17 12:33 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2014-01-17 12:33 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2014-01-17 12:33 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2014-01-17 12:33 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2014-01-17 12:33 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2014-01-17 12:33 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2014-01-17 12:33 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2014-01-17 12:33 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2014-01-17 12:33 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2014-01-17 12:33 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2014-01-17 12:33 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2014-01-17 12:33 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2014-01-17 12:33 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2014-01-17 12:33 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2014-01-17 12:33 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2014-01-17 12:33 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2014-01-17 12:33 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2014-01-17 12:33 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2014-01-17 12:33 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2014-01-17 12:33 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2014-01-17 12:33 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2014-01-17 12:33 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2014-01-17 12:33 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2014-01-17 12:29 - 2014-01-17 12:29 - 00002132 _____ C:\Users\Rico\Desktop\Wolfschanze II.lnk
2014-01-17 11:19 - 2014-01-17 11:19 - 00002085 _____ C:\Users\Public\Desktop\1&1 Webmailer.lnk
2014-01-17 10:56 - 2014-01-17 10:56 - 00000000 ____D C:\Program Files (x86)\City Interactive
2014-01-16 12:15 - 2014-01-16 16:14 - 00003403 _____ C:\Users\Rico\LTE AVM Fritzbox anbieter.txt
2014-01-15 11:35 - 2014-01-15 11:36 - 35624160 _____ (Opera Software ASA) C:\Users\Rico\Downloads\Opera_Next_19.0.1326.26_Setup.exe
2014-01-15 02:49 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-15 02:28 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 02:28 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 02:28 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 02:28 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 02:28 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 02:28 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 02:28 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 02:28 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 00:06 - 2014-01-15 00:06 - 00199113 _____ C:\Users\Rico\AppData\Local\census.cache
2014-01-15 00:05 - 2014-01-15 00:05 - 00124978 _____ C:\Users\Rico\AppData\Local\ars.cache
2014-01-14 23:39 - 2012-06-05 08:37 - 00256904 _____ (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys
2014-01-14 23:35 - 2014-01-14 23:35 - 00000036 _____ C:\Users\Rico\AppData\Local\housecall.guid.cache
2014-01-14 23:34 - 2014-01-14 23:34 - 02002944 _____ (Trend Micro Inc.) C:\Users\Rico\Downloads\HousecallLauncher.exe
2014-01-14 23:31 - 2014-01-14 23:31 - 00532480 _____ (Trend Micro Incorporated) C:\Users\Rico\Downloads\cwshredder.exe
2014-01-14 22:36 - 2014-01-14 22:36 - 00016405 _____ C:\Users\Rico\Documents\hijackthis14.01
2014-01-14 22:35 - 2014-01-14 22:35 - 04101441 _____ C:\Users\Rico\Downloads\tdsskiller (1).zip
2014-01-14 21:50 - 2014-01-14 21:50 - 01236282 _____ C:\Users\Rico\Downloads\adwcleaner (1).exe
2014-01-10 20:35 - 2014-01-22 21:27 - 00000000 ____D C:\Users\Rico\Downloads\FRST-OlderVersion
2014-01-10 13:38 - 2014-01-10 13:39 - 00000196 _____ C:\Users\Rico\Documents\cc_20140110_133857.reg
2014-01-10 13:38 - 2014-01-10 13:38 - 00012518 _____ C:\Users\Rico\Documents\cc_20140110_133827.reg
2014-01-10 13:37 - 2014-01-10 13:37 - 00175518 _____ C:\Users\Rico\Documents\cc_20140110_133744.reg
2014-01-10 13:31 - 2014-01-10 13:31 - 00002770 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-10 13:31 - 2014-01-10 13:31 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-10 13:30 - 2014-01-10 13:31 - 00000000 ____D C:\Program Files\CCleaner
2014-01-10 13:28 - 2014-01-10 13:30 - 03571656 _____ (Piriform Ltd) C:\Users\Rico\Downloads\ccsetup409_slim.exe
2014-01-10 13:22 - 2014-01-10 13:22 - 04101441 _____ C:\Users\Rico\Downloads\tdsskiller.zip
2014-01-10 13:16 - 2014-01-10 13:17 - 00841728 _____ (LaCourgette) C:\Users\Rico\Downloads\XVM_Updater (1).exe
2014-01-10 13:05 - 2014-01-10 13:05 - 12919946 _____ (diclovit ) C:\Users\Rico\Downloads\dmp_1.9.1_setup.exe
2014-01-09 12:26 - 2014-01-09 12:26 - 00001995 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-01-09 12:26 - 2014-01-09 12:26 - 00000000 ____D C:\ProgramData\Visan
2014-01-09 12:26 - 2014-01-09 12:26 - 00000000 ____D C:\ProgramData\HP Photo Creations
2014-01-09 12:26 - 2014-01-09 12:26 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2014-01-07 15:10 - 2014-01-07 15:10 - 00226431 _____ C:\Users\Rico\Documents\kontoauszug 07.01.14
2014-01-06 19:10 - 2014-01-06 19:10 - 00392149 _____ C:\Users\Rico\Downloads\154670 (1).user.js
2014-01-03 13:04 - 2014-01-03 13:04 - 00133668 _____ C:\Users\Rico\Documents\Fahrkosten 2.xps
2014-01-03 13:04 - 2014-01-03 13:04 - 00125751 _____ C:\Users\Rico\Documents\Kfz Steuern versicherung.xps
2014-01-03 13:03 - 2014-01-03 13:03 - 00129810 _____ C:\Users\Rico\Documents\Fahrkosten2012.xps
2014-01-02 10:28 - 2014-01-02 10:28 - 00003596 _____ C:\Windows\System32\Tasks\HPCustParticipation HP Officejet 6700
2014-01-02 10:23 - 2014-01-09 12:34 - 00000000 ____D C:\Users\Rico\AppData\Roaming\HpUpdate
2014-01-02 10:23 - 2014-01-02 10:23 - 00002152 _____ C:\Users\Public\Desktop\HP Officejet 6700.lnk
2014-01-02 10:23 - 2012-10-17 04:31 - 00741480 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5C12.dll
2014-01-02 10:18 - 2014-01-02 10:18 - 00000000 ____D C:\ProgramData\HP
2014-01-02 10:17 - 2014-01-02 10:24 - 00000000 ____D C:\Program Files (x86)\HP
2014-01-02 10:14 - 2014-01-02 10:14 - 00000057 _____ C:\ProgramData\Ament.ini
2014-01-02 10:14 - 2014-01-02 10:14 - 00000000 ____D C:\Program Files\HP
2014-01-02 10:12 - 2014-01-02 12:06 - 00000000 ____D C:\Users\Rico\AppData\Local\HP
2013-12-28 10:23 - 2013-12-28 10:24 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2013-12-27 10:05 - 2013-09-19 19:54 - 00000000 ____D C:\Users\Rico\Desktop\NPL.15.0.02200
2013-12-25 15:55 - 2013-12-25 15:56 - 13276387 _____ (diclovit ) C:\Users\Rico\Downloads\dmp_1.9.0_setup (1).exe
2013-12-25 15:55 - 2013-12-25 15:55 - 13276387 _____ (diclovit ) C:\Users\Rico\Downloads\dmp_1.9.0_setup.exe
2013-12-25 13:42 - 2013-12-25 13:42 - 00572380 _____ C:\Users\Rico\Downloads\XVM_Updater.rar
2013-12-25 13:42 - 2013-12-24 04:46 - 00839168 _____ (LaCourgette) C:\Users\Rico\Desktop\XVM_Updater.exe
2013-12-25 13:41 - 2013-12-25 13:41 - 07287268 _____ C:\Users\Rico\Downloads\xvm-5.0.2-test1.zip
2013-12-24 14:12 - 2013-12-24 14:12 - 00001959 _____ C:\Users\Rico\Desktop\Hex-Editor MX.lnk
2013-12-24 14:11 - 2013-12-24 14:11 - 00000000 ____D C:\Program Files (x86)\Hex-Editor MX
2013-12-24 13:32 - 2013-12-24 13:32 - 00001133 _____ C:\Users\Rico\Desktop\JRT (1) - Verknüpfung.lnk
2013-12-24 13:31 - 2013-12-24 14:14 - 206046202 _____ C:\Users\Rico\Downloads\NPL.15.0.02200.part4.rar
2013-12-24 10:37 - 2013-12-24 11:30 - 314572800 _____ C:\Users\Rico\Downloads\NPL.15.0.02200.part3.rar
2013-12-24 09:36 - 2013-12-24 10:29 - 314572800 _____ C:\Users\Rico\Downloads\NPL.15.0.02200.part2.rar
2013-12-23 13:50 - 2013-12-23 13:50 - 01034531 _____ (Thisisu) C:\Users\Rico\Downloads\JRT (1).exe
2013-12-23 13:31 - 2013-12-23 13:31 - 00000000 ____D C:\Users\Rico\AppData\Local\cache
2013-12-23 13:31 - 2013-12-23 13:31 - 00000000 ____D C:\Users\Rico\.android
2013-12-23 13:30 - 2013-12-23 13:30 - 00000000 _____ C:\Users\Rico\daemonprocess.txt
2013-12-23 13:18 - 2011-05-30 14:42 - 00255488 _____ C:\Windows\system32\xvidvfw.dll
2013-12-23 13:18 - 2011-05-30 14:42 - 00240640 _____ C:\Windows\SysWOW64\xvidvfw.dll
2013-12-23 13:18 - 2011-05-23 10:52 - 00153088 _____ C:\Windows\SysWOW64\xvid.ax
2013-12-23 13:18 - 2011-05-23 08:49 - 00173568 _____ C:\Windows\system32\xvid.ax
2013-12-23 13:18 - 2011-05-23 08:46 - 00645632 _____ C:\Windows\SysWOW64\xvidcore.dll
2013-12-23 13:18 - 2011-05-23 08:45 - 00696832 _____ C:\Windows\system32\xvidcore.dll
2013-12-23 13:13 - 2013-12-23 13:34 - 00000000 ____D C:\ProgramData\CheckPoint
2013-12-23 13:01 - 2013-12-23 13:01 - 00003224 _____ C:\Windows\System32\Tasks\Digital Sites
2013-12-23 13:01 - 2013-12-23 13:01 - 00000000 ____D C:\Users\Rico\AppData\Roaming\DigitalSites
2013-12-23 12:37 - 2013-12-23 15:13 - 314572800 _____ C:\Users\Rico\Downloads\NPL.15.0.02200.part1.rar
==================== One Month Modified Files and Folders =======
2014-01-22 21:28 - 2013-05-25 09:13 - 00000000 ____D C:\Users\Rico\AppData\Roaming\Skype
2014-01-22 21:27 - 2014-01-10 20:35 - 00000000 ____D C:\Users\Rico\Downloads\FRST-OlderVersion
2014-01-22 21:27 - 2013-12-21 20:58 - 02077696 _____ (Farbar) C:\Users\Rico\Downloads\FRST64.exe
2014-01-22 21:27 - 2013-10-13 14:10 - 00024000 _____ C:\Users\Rico\Downloads\FRST.txt
2014-01-22 21:27 - 2013-10-10 20:46 - 00000000 ____D C:\FRST
2014-01-22 21:27 - 2013-06-05 09:09 - 00000000 ____D C:\Users\Rico\AppData\Roaming\NetSpeedMonitor
2014-01-22 21:05 - 2013-05-26 17:39 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-22 21:05 - 2013-04-01 11:14 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-22 17:51 - 2013-03-29 13:49 - 01164341 _____ C:\Windows\WindowsUpdate.log
2014-01-22 17:45 - 2014-01-22 17:45 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-22 17:43 - 2014-01-22 17:43 - 00347816 _____ (Microsoft Corporation) C:\Users\Rico\Downloads\MicrosoftFixit.Devices.RNP.31313582261217743.2.1.Run.exe
2014-01-22 17:40 - 2014-01-22 17:40 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Rico\Downloads\mbar-1.07.0.1008.exe
2014-01-22 17:39 - 2010-11-21 07:50 - 00703214 _____ C:\Windows\system32\perfh007.dat
2014-01-22 17:39 - 2010-11-21 07:50 - 00150822 _____ C:\Windows\system32\perfc007.dat
2014-01-22 17:39 - 2009-07-14 06:13 - 01629372 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-22 17:28 - 2014-01-22 17:28 - 02347384 _____ (ESET) C:\Users\Rico\Downloads\esetsmartinstaller_enu.exe
2014-01-22 17:27 - 2014-01-22 17:24 - 00000241 _____ C:\Users\Rico\Desktop\Fixlist.txt
2014-01-22 17:09 - 2013-10-10 20:57 - 00033347 _____ C:\Users\Rico\Downloads\Addition.txt
2014-01-22 17:07 - 2009-07-14 05:45 - 00021120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-22 17:07 - 2009-07-14 05:45 - 00021120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-22 17:04 - 2014-01-22 17:04 - 00034437 _____ C:\ComboFix.txt
2014-01-22 17:04 - 2013-10-13 18:59 - 00000000 ____D C:\Qoobox
2014-01-22 17:00 - 2014-01-19 16:15 - 00000056 _____ C:\Windows\setupact.log
2014-01-22 17:00 - 2013-06-09 17:30 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2014-01-22 17:00 - 2013-04-01 11:14 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-22 17:00 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-22 17:00 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-22 16:59 - 2014-01-22 16:59 - 00000782 _____ C:\Windows\PFRO.log
2014-01-22 16:58 - 2013-09-05 10:05 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2014-01-22 16:56 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system
2014-01-22 16:39 - 2014-01-22 16:38 - 05173757 ____R (Swearware) C:\Users\Rico\Downloads\cbfx.exe
2014-01-22 16:38 - 2013-10-13 18:04 - 05173757 _____ (Swearware) C:\Users\Rico\Downloads\ComboFix.exe
2014-01-22 16:35 - 2014-01-22 16:34 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Rico\Downloads\mbar-1.07.0.1008 (2).exe
2014-01-22 15:57 - 2014-01-22 14:22 - 00001204 _____ C:\Users\Rico\Downloads\Password Generator Settings.xml
2014-01-22 14:16 - 2014-01-22 14:12 - 00487424 _____ (murb) C:\Users\Rico\Downloads\PasswordGenerator_2.exe
2014-01-22 12:30 - 2013-04-01 11:13 - 00000000 ____D C:\Users\Rico\AppData\Local\Google
2014-01-22 10:06 - 2013-12-15 10:22 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-22 10:05 - 2014-01-19 16:22 - 00004672 _____ C:\Windows\KernelMessage
2014-01-21 12:49 - 2014-01-21 12:49 - 00001047 _____ C:\Users\Public\Desktop\MyLanViewer.lnk
2014-01-21 12:49 - 2014-01-21 12:49 - 00000000 ____D C:\Program Files (x86)\MyLanViewer
2014-01-21 12:48 - 2014-01-21 12:45 - 07914706 _____ C:\Users\Rico\Downloads\LAN.rar
2014-01-20 23:19 - 2013-05-26 17:39 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-20 23:19 - 2013-05-26 17:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-20 23:19 - 2013-05-26 17:39 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-20 22:01 - 2014-01-20 22:01 - 00001192 _____ C:\Users\Public\Desktop\3DMark.lnk
2014-01-20 21:59 - 2014-01-20 21:59 - 00000000 ____D C:\Program Files\Futuremark
2014-01-20 21:58 - 2014-01-20 21:58 - 00000359 _____ C:\Windows\DirectX.log
2014-01-20 21:58 - 2014-01-20 21:58 - 00000000 ____D C:\Program Files (x86)\Futuremark
2014-01-20 21:58 - 2014-01-20 21:56 - 00000000 ____D C:\ProgramData\Package Cache
2014-01-20 21:55 - 2013-12-03 13:11 - 00000000 ____D C:\Users\Rico\Downloads\3DMark_v1-2_250
2014-01-20 15:01 - 2014-01-20 14:40 - 1007522262 _____ C:\Users\Rico\Downloads\3DMark-v1-2-250.zip
2014-01-20 05:16 - 2014-01-19 18:52 - 754869373 _____ C:\Users\Rico\Downloads\FujitsuSiemes_Amilo_xa2528_Treiber_Win7x64_WinXPx86_MultiUpload.biz.7z
2014-01-19 19:43 - 2014-01-19 19:23 - 00000000 ____D C:\ProgramData\SecTaskMan
2014-01-19 19:28 - 2014-01-19 19:28 - 00157314 _____ C:\Users\Rico\Downloads\OTL.Txt
2014-01-19 19:28 - 2014-01-19 19:28 - 00073646 _____ C:\Users\Rico\Downloads\Extras.Txt
2014-01-19 19:23 - 2014-01-19 19:23 - 02365840 _____ C:\Users\Rico\Downloads\SecurityTaskManager_Setup.exe
2014-01-19 19:23 - 2014-01-19 19:23 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2014-01-19 19:15 - 2014-01-19 19:15 - 00602112 _____ (OldTimer Tools) C:\Users\Rico\Downloads\OTL.exe
2014-01-19 19:02 - 2013-12-20 10:10 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2014-01-19 19:00 - 2014-01-19 19:00 - 00009392 _____ C:\Users\Rico\Documents\cc_20140119_190047.reg
2014-01-19 18:57 - 2014-01-19 18:56 - 00000000 ____D C:\Users\Rico\Downloads\private_photo_archive
2014-01-19 18:57 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Defender
2014-01-19 18:56 - 2013-11-25 18:36 - 00031232 ___SH C:\Users\Rico\AppData\Thumbs.db
2014-01-19 17:20 - 2014-01-19 17:20 - 17590890 _____ C:\Users\Rico\Downloads\FTS_RealtekHighDefinitionAudio_6015413_1012925.zip
2014-01-19 16:25 - 2009-07-14 03:34 - 00000640 _____ C:\Windows\win.ini
2014-01-19 16:22 - 2014-01-19 16:22 - 00000000 ____D C:\Windows\BisonCam
2014-01-19 16:20 - 2014-01-19 16:20 - 00000000 ____D C:\Users\Rico\Downloads\bison_webcam_windows_7_8_mixedfeelings
2014-01-19 16:15 - 2014-01-19 16:15 - 00000000 _____ C:\Windows\setuperr.log
2014-01-19 16:13 - 2014-01-19 16:13 - 01789597 _____ C:\Users\Rico\Downloads\bison_webcam_windows_7_8_mixedfeelings.zip
2014-01-19 13:42 - 2013-08-12 19:46 - 00000000 ____D C:\Users\Rico\Desktop\stickdaten
2014-01-19 13:42 - 2013-06-04 22:15 - 00000000 ____D C:\Users\Rico\Downloads\6.x Q4_12 TrafficPattern
2014-01-19 13:42 - 2013-06-04 21:07 - 00000000 ____D C:\Users\Rico\Documents\Dokumentation für Medion Navi Mario
2014-01-19 13:38 - 2013-11-07 19:12 - 00000000 ____D C:\Users\Rico\Downloads\Phoneme
2014-01-19 13:38 - 2013-11-06 13:43 - 00000000 ____D C:\Users\Rico\Downloads\FSP
2014-01-19 13:38 - 2013-11-06 05:52 - 00000000 ____D C:\Users\Rico\Downloads\FPA
2014-01-19 13:37 - 2013-11-04 14:19 - 00000000 ____D C:\Users\Rico\Downloads\FDA
2014-01-19 10:54 - 2013-09-06 12:09 - 00000000 ____D C:\VCDS-Dt
2014-01-19 10:48 - 2013-10-13 19:37 - 00000000 ____D C:\Windows\pss
2014-01-19 10:45 - 2014-01-19 10:45 - 00002528 _____ C:\Users\Rico\Documents\cc_20140119_104549.reg
2014-01-19 10:45 - 2013-11-02 13:13 - 00000000 ____D C:\Users\Rico\AppData\Roaming\TS3Client
2014-01-19 03:20 - 2013-11-02 13:12 - 00000000 ____D C:\Users\Rico\AppData\Local\Overwolf
2014-01-18 16:42 - 2013-12-21 21:04 - 00000470 _____ C:\Users\Rico\Downloads\defogger_disable.log
2014-01-17 15:43 - 2013-12-16 21:40 - 00000000 ____D C:\ProgramData\Oracle
2014-01-17 15:42 - 2014-01-17 15:42 - 00005298 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-17 15:42 - 2013-12-16 21:42 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-17 12:39 - 2014-01-17 12:39 - 00000000 ____D C:\Users\Public\Documents\City Interactive
2014-01-17 12:29 - 2014-01-17 12:29 - 00002132 _____ C:\Users\Rico\Desktop\Wolfschanze II.lnk
2014-01-17 11:19 - 2014-01-17 11:19 - 00002085 _____ C:\Users\Public\Desktop\1&1 Webmailer.lnk
2014-01-17 11:19 - 2013-06-01 11:20 - 00002101 _____ C:\Users\Public\Desktop\1&1 Control-Center.lnk
2014-01-17 11:19 - 2013-06-01 11:20 - 00001153 _____ C:\Users\Public\Desktop\1&1 EasyLogin.lnk
2014-01-17 10:56 - 2014-01-17 10:56 - 00000000 ____D C:\Program Files (x86)\City Interactive
2014-01-16 16:14 - 2014-01-16 12:15 - 00003403 _____ C:\Users\Rico\LTE AVM Fritzbox anbieter.txt
2014-01-16 13:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-16 12:15 - 2013-03-29 13:50 - 00000000 ____D C:\Users\Rico
2014-01-15 13:29 - 2013-04-01 11:15 - 00002251 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-15 11:36 - 2014-01-15 11:35 - 35624160 _____ (Opera Software ASA) C:\Users\Rico\Downloads\Opera_Next_19.0.1326.26_Setup.exe
2014-01-15 03:21 - 2009-07-14 05:45 - 00494392 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 03:04 - 2013-07-25 15:03 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 03:00 - 2013-05-24 13:51 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 00:06 - 2014-01-15 00:06 - 00199113 _____ C:\Users\Rico\AppData\Local\census.cache
2014-01-15 00:05 - 2014-01-15 00:05 - 00124978 _____ C:\Users\Rico\AppData\Local\ars.cache
2014-01-15 00:04 - 2013-10-15 13:12 - 00000000 ____D C:\Windows\Lhsp
2014-01-14 23:35 - 2014-01-14 23:35 - 00000036 _____ C:\Users\Rico\AppData\Local\housecall.guid.cache
2014-01-14 23:34 - 2014-01-14 23:34 - 02002944 _____ (Trend Micro Inc.) C:\Users\Rico\Downloads\HousecallLauncher.exe
2014-01-14 23:31 - 2014-01-14 23:31 - 00532480 _____ (Trend Micro Incorporated) C:\Users\Rico\Downloads\cwshredder.exe
2014-01-14 23:03 - 2013-10-13 18:58 - 00000000 ____D C:\Windows\erdnt
2014-01-14 22:39 - 2013-12-19 14:21 - 00000000 ____D C:\Users\Rico\Desktop\backups
2014-01-14 22:36 - 2014-01-14 22:36 - 00016405 _____ C:\Users\Rico\Documents\hijackthis14.01
2014-01-14 22:35 - 2014-01-14 22:35 - 04101441 _____ C:\Users\Rico\Downloads\tdsskiller (1).zip
2014-01-14 21:52 - 2013-09-05 09:31 - 00000000 ____D C:\AdwCleaner
2014-01-14 21:50 - 2014-01-14 21:50 - 01236282 _____ C:\Users\Rico\Downloads\adwcleaner (1).exe
2014-01-13 01:18 - 2013-05-24 13:42 - 00000000 ____D C:\Users\Rico\AppData\Roaming\Adobe
2014-01-12 20:09 - 2013-05-31 11:21 - 00000000 ____D C:\Users\Rico\AppData\Local\Adobe
2014-01-12 09:39 - 2013-12-17 00:50 - 00001000 _____ C:\Users\Rico\Documents\MailShield.der
2014-01-10 13:39 - 2014-01-10 13:38 - 00000196 _____ C:\Users\Rico\Documents\cc_20140110_133857.reg
2014-01-10 13:38 - 2014-01-10 13:38 - 00012518 _____ C:\Users\Rico\Documents\cc_20140110_133827.reg
2014-01-10 13:37 - 2014-01-10 13:37 - 00175518 _____ C:\Users\Rico\Documents\cc_20140110_133744.reg
2014-01-10 13:35 - 2013-05-26 11:56 - 00000000 ____D C:\Windows\Minidump
2014-01-10 13:35 - 2013-03-29 13:41 - 00000000 ____D C:\Windows\Panther
2014-01-10 13:31 - 2014-01-10 13:31 - 00002770 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-10 13:31 - 2014-01-10 13:31 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-10 13:31 - 2014-01-10 13:30 - 00000000 ____D C:\Program Files\CCleaner
2014-01-10 13:30 - 2014-01-10 13:28 - 03571656 _____ (Piriform Ltd) C:\Users\Rico\Downloads\ccsetup409_slim.exe
2014-01-10 13:22 - 2014-01-10 13:22 - 04101441 _____ C:\Users\Rico\Downloads\tdsskiller.zip
2014-01-10 13:17 - 2014-01-10 13:16 - 00841728 _____ (LaCourgette) C:\Users\Rico\Downloads\XVM_Updater (1).exe
2014-01-10 13:08 - 2013-05-31 12:23 - 00001637 _____ C:\Users\Public\Desktop\World of Tanks.lnk
2014-01-10 13:05 - 2014-01-10 13:05 - 12919946 _____ (diclovit ) C:\Users\Rico\Downloads\dmp_1.9.1_setup.exe
2014-01-09 12:34 - 2014-01-02 10:23 - 00000000 ____D C:\Users\Rico\AppData\Roaming\HpUpdate
2014-01-09 12:26 - 2014-01-09 12:26 - 00001995 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-01-09 12:26 - 2014-01-09 12:26 - 00000000 ____D C:\ProgramData\Visan
2014-01-09 12:26 - 2014-01-09 12:26 - 00000000 ____D C:\ProgramData\HP Photo Creations
2014-01-09 12:26 - 2014-01-09 12:26 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2014-01-08 22:23 - 2013-05-25 17:38 - 00439648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswndisflt.sys
2014-01-07 15:10 - 2014-01-07 15:10 - 00226431 _____ C:\Users\Rico\Documents\kontoauszug 07.01.14
2014-01-06 19:10 - 2014-01-06 19:10 - 00392149 _____ C:\Users\Rico\Downloads\154670 (1).user.js
2014-01-03 13:04 - 2014-01-03 13:04 - 00133668 _____ C:\Users\Rico\Documents\Fahrkosten 2.xps
2014-01-03 13:04 - 2014-01-03 13:04 - 00125751 _____ C:\Users\Rico\Documents\Kfz Steuern versicherung.xps
2014-01-03 13:03 - 2014-01-03 13:03 - 00129810 _____ C:\Users\Rico\Documents\Fahrkosten2012.xps
2014-01-02 12:06 - 2014-01-02 10:12 - 00000000 ____D C:\Users\Rico\AppData\Local\HP
2014-01-02 10:38 - 2013-03-29 13:50 - 00000000 ___RD C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-02 10:28 - 2014-01-02 10:28 - 00003596 _____ C:\Windows\System32\Tasks\HPCustParticipation HP Officejet 6700
2014-01-02 10:24 - 2014-01-02 10:17 - 00000000 ____D C:\Program Files (x86)\HP
2014-01-02 10:23 - 2014-01-02 10:23 - 00002152 _____ C:\Users\Public\Desktop\HP Officejet 6700.lnk
2014-01-02 10:18 - 2014-01-02 10:18 - 00000000 ____D C:\ProgramData\HP
2014-01-02 10:14 - 2014-01-02 10:14 - 00000057 _____ C:\ProgramData\Ament.ini
2014-01-02 10:14 - 2014-01-02 10:14 - 00000000 ____D C:\Program Files\HP
2013-12-31 13:47 - 2013-10-13 13:10 - 00000000 ____D C:\Users\Rico\AppData\Roaming\TeamViewer
2013-12-28 10:25 - 2013-12-02 08:57 - 00002032 _____ C:\Users\Public\Desktop\avast! SafeZone.lnk
2013-12-28 10:25 - 2013-05-25 17:38 - 00001972 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk
2013-12-28 10:24 - 2013-12-28 10:23 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2013-12-28 10:23 - 2013-05-25 17:38 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-28 10:23 - 2013-05-25 17:38 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-12-28 10:23 - 2013-05-25 17:38 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-12-28 10:23 - 2013-05-25 17:38 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-12-28 10:23 - 2013-05-25 17:38 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-12-28 10:23 - 2013-05-25 17:37 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-25 15:56 - 2013-12-25 15:55 - 13276387 _____ (diclovit ) C:\Users\Rico\Downloads\dmp_1.9.0_setup (1).exe
2013-12-25 15:55 - 2013-12-25 15:55 - 13276387 _____ (diclovit ) C:\Users\Rico\Downloads\dmp_1.9.0_setup.exe
2013-12-25 13:42 - 2013-12-25 13:42 - 00572380 _____ C:\Users\Rico\Downloads\XVM_Updater.rar
2013-12-25 13:41 - 2013-12-25 13:41 - 07287268 _____ C:\Users\Rico\Downloads\xvm-5.0.2-test1.zip
2013-12-24 14:14 - 2013-12-24 13:31 - 206046202 _____ C:\Users\Rico\Downloads\NPL.15.0.02200.part4.rar
2013-12-24 14:12 - 2013-12-24 14:12 - 00001959 _____ C:\Users\Rico\Desktop\Hex-Editor MX.lnk
2013-12-24 14:11 - 2013-12-24 14:11 - 00000000 ____D C:\Program Files (x86)\Hex-Editor MX
2013-12-24 13:32 - 2013-12-24 13:32 - 00001133 _____ C:\Users\Rico\Desktop\JRT (1) - Verknüpfung.lnk
2013-12-24 11:30 - 2013-12-24 10:37 - 314572800 _____ C:\Users\Rico\Downloads\NPL.15.0.02200.part3.rar
2013-12-24 10:29 - 2013-12-24 09:36 - 314572800 _____ C:\Users\Rico\Downloads\NPL.15.0.02200.part2.rar
2013-12-24 04:46 - 2013-12-25 13:42 - 00839168 _____ (LaCourgette) C:\Users\Rico\Desktop\XVM_Updater.exe
2013-12-23 15:13 - 2013-12-23 12:37 - 314572800 _____ C:\Users\Rico\Downloads\NPL.15.0.02200.part1.rar
2013-12-23 13:50 - 2013-12-23 13:50 - 01034531 _____ (Thisisu) C:\Users\Rico\Downloads\JRT (1).exe
2013-12-23 13:36 - 2013-05-25 11:35 - 00000000 ____D C:\Program Files (x86)\DSP-worx
2013-12-23 13:34 - 2013-12-23 13:13 - 00000000 ____D C:\ProgramData\CheckPoint
2013-12-23 13:31 - 2013-12-23 13:31 - 00000000 ____D C:\Users\Rico\AppData\Local\cache
2013-12-23 13:31 - 2013-12-23 13:31 - 00000000 ____D C:\Users\Rico\.android
2013-12-23 13:30 - 2013-12-23 13:30 - 00000000 _____ C:\Users\Rico\daemonprocess.txt
2013-12-23 13:17 - 2013-05-25 11:36 - 00000000 ____D C:\Program Files (x86)\Xvid
2013-12-23 13:16 - 2013-05-25 11:35 - 00000000 ____D C:\Users\Rico\AppData\Roaming\LavFilters
2013-12-23 13:01 - 2013-12-23 13:01 - 00003224 _____ C:\Windows\System32\Tasks\Digital Sites
2013-12-23 13:01 - 2013-12-23 13:01 - 00000000 ____D C:\Users\Rico\AppData\Roaming\DigitalSites
2013-12-23 12:54 - 2013-12-13 12:44 - 00000000 ____D C:\Users\Rico\Desktop\Günter Navi alt
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-19 00:21
==================== End Of Log ============================
--- --- --- wie sieht es denn damit jetzt aus mit den Lappi ? sauber oder noch nicht? adwcl. Code:
ATTFilter # AdwCleaner v3.017 - Bericht erstellt am 23/01/2014 um 13:19:56
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Rico - RICO-PC
# Gestartet von : C:\Users\Rico\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\Rico\AppData\Roaming\Mozilla\Firefox\Profiles\3w7xw9pt.default\prefs.js ]
-\\ Google Chrome v32.0.1700.76
[ Datei : C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [3564 octets] - [05/09/2013 09:31:09]
AdwCleaner[R10].txt - [3179 octets] - [19/12/2013 14:26:49]
AdwCleaner[R11].txt - [4689 octets] - [23/12/2013 13:50:57]
AdwCleaner[R12].txt - [2349 octets] - [14/01/2014 21:50:26]
AdwCleaner[R13].txt - [2373 octets] - [23/01/2014 13:12:55]
AdwCleaner[R1].txt - [1273 octets] - [13/09/2013 11:25:40]
AdwCleaner[R2].txt - [3125 octets] - [10/10/2013 09:31:27]
AdwCleaner[R3].txt - [1334 octets] - [10/10/2013 20:06:02]
AdwCleaner[R4].txt - [1454 octets] - [10/10/2013 20:14:15]
AdwCleaner[R5].txt - [1514 octets] - [11/10/2013 15:45:53]
AdwCleaner[R6].txt - [1634 octets] - [13/10/2013 13:36:33]
AdwCleaner[R7].txt - [2442 octets] - [03/11/2013 12:51:05]
AdwCleaner[R8].txt - [9037 octets] - [08/11/2013 03:43:04]
AdwCleaner[R9].txt - [7106 octets] - [14/12/2013 01:02:34]
AdwCleaner[S0].txt - [3469 octets] - [05/09/2013 09:32:17]
AdwCleaner[S10].txt - [2413 octets] - [14/01/2014 21:52:08]
AdwCleaner[S11].txt - [1753 octets] - [23/01/2014 13:19:56]
AdwCleaner[S1].txt - [3022 octets] - [10/10/2013 09:34:53]
AdwCleaner[S2].txt - [1395 octets] - [10/10/2013 20:08:54]
AdwCleaner[S3].txt - [1575 octets] - [11/10/2013 16:11:07]
AdwCleaner[S4].txt - [1695 octets] - [13/10/2013 14:15:35]
AdwCleaner[S5].txt - [2455 octets] - [03/11/2013 13:07:22]
AdwCleaner[S6].txt - [5899 octets] - [08/11/2013 04:08:51]
AdwCleaner[S7].txt - [7143 octets] - [14/12/2013 01:10:17]
AdwCleaner[S8].txt - [3197 octets] - [19/12/2013 19:18:35]
AdwCleaner[S9].txt - [4649 octets] - [23/12/2013 13:52:09]
########## EOF - C:\AdwCleaner\AdwCleaner[S11].txt - [2354 octets] ##########
__________________ Windows 10 pro 64 bit Opera 55.0 Vivaldi,FF.Thunderbird ESET IS |
|
23.01.2014, 14:09
| #6 |
| /// TB-Ausbilder | email gehackt überprüft durch BSI-sicherheitstest Ja, sieht besser aus. Cleanup Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
>> OK << Wir sind durch, deine Logs sehen für mich im Moment sauber aus.  Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst. Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann. Epilog: Tipps, Dos & Don'ts Aktualität von System und SoftwareDas Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
Auch die installierte Software sollte immer in der aktuellsten Version vorliegen. Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
Sicherheits-SoftwareEine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt). Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt. Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
(Un-)Sicheres Verhalten im InternetNebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Allgemeine HinweiseAbschliessend noch ein paar grundsätzliche Bemerkungen:
Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. 
__________________ --> email gehackt überprüft durch BSI-sicherheitstest |
|
23.01.2014, 15:47
| #7 |
| | email gehackt überprüft durch BSI-sicherheitstest so cleanup durchgeführt , hatte auch den HijackThis und eset Onlinescanner mit gekillt macht nix wird neu installiert . werde jetzt neues Benutzerkonto machen für onlinegaming und eins fürs arbeiten(Steuererklärung, Bildbearbeitung+Bestellung) und admin für Installation. ansonsten vielen Dank , werde auch die PW jetzt für alle Foren und sonstige Konten ändern. hab ja das Programm " Passwortgenerator 2 " und schreibe aktuell alle in ein Buch mit web-adresse und Benutzername. was würdest du empfehlen einen Stick mit den PW oder ne CD ?
__________________ Windows 10 pro 64 bit Opera 55.0 Vivaldi,FF.Thunderbird ESET IS |
|
| Themen zu email gehackt überprüft durch BSI-sicherheitstest |
| adobe, autorun, avast, bonjour, desktop, e-banking, e-mail, email, emsisoft, flash player, format, hijackthis, home, monitor.exe, mozilla, netzwerk, nodrives, officejet, photoshop, realtek, registry, senden, software, spyhunter, spyhunter entfernen, win32/adware.1clickdownload.aq |
