Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Bei Windowsstart --> Website nicht gefunden (https://www.trojaner-board.de/126203-windowsstart-website-gefunden.html)

KoksOor 27.10.2012 18:18
Bei Windowsstart --> Website nicht gefunden
 
Hallo ich habe mir kürzlich einen Virus eingefangen und zwar stürzte mein PC ab. Als ich diesen dann Neustartete kam ein Vollbildfenster indem Stand Website konnte nicht gefunden werden. Also hab ich als erstes meine Kaspersky Rescue Disk drüber laufen lassen. Als diese nichts gefunden hatte hab ich Windows abgesichert gestartet und ein paar Sachen aus meinem Autostart genommen. Seitdem ist das Problem nicht mehr vorhanden aber der Virus vermutlich ja noch irgendwo vorhanden also habe ich einen vollständigen Scan mit meinem Avast antivir free gemacht und dieses hat ein paar Sachen gefunden die ich in den Container habe.(siehe Screenshot) Ich wäre froh wenn mir jemand helfen kann meinen PC zu reinigen weil seitdem Virus trau ich mich nicht mehr in mein Online Banking =(.
Danke schonmal im vorraus =)
Hier noch meine Logfiles
Zitat:
OTL logfile created on: 27.10.2012 17:51:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tim\Desktop\Trojaner Board
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 56,70% Memory free
8,00 Gb Paging File | 6,14 Gb Available in Paging File | 76,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 17,80 Gb Free Space | 18,23% Space Free | Partition Type: NTFS
Drive D: | 833,85 Gb Total Space | 446,62 Gb Free Space | 53,56% Space Free | Partition Type: NTFS
Drive H: | 931,51 Gb Total Space | 10,24 Gb Free Space | 1,10% Space Free | Partition Type: NTFS

Computer Name: ANNA | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.10.27 17:43:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\Trojaner Board\OTL.exe
PRC - [2012.09.03 09:13:08 | 000,188,760 | ---- | M] () -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012.09.02 17:06:14 | 000,874,896 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2012.08.31 16:02:02 | 007,553,448 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2012.08.31 16:02:02 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.08.31 15:55:18 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.06.13 16:53:48 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Tim\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.04.05 22:32:32 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.03.23 16:55:34 | 000,191,440 | ---- | M] (QIP.ru) -- C:\Users\Tim\AppData\Roaming\QipGuard\QipGuard.exe
PRC - [2012.03.23 16:55:34 | 000,191,440 | ---- | M] (QIP.ru) -- C:\Program Files (x86)\QipGuard\QipGuard.exe
PRC - [2012.01.09 10:56:26 | 000,884,120 | ---- | M] () -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe
PRC - [2011.11.03 20:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.09.15 13:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.08.03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.08.03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.05.10 14:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe
PRC - [2011.05.10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011.04.04 14:56:00 | 000,556,072 | ---- | M] (ROCCAT GmbH) -- C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe
PRC - [2011.01.05 11:08:58 | 000,315,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
PRC - [2010.11.22 23:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe
PRC - [2010.11.20 14:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010.10.12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
PRC - [2010.07.22 19:02:52 | 005,344,776 | ---- | M] (ASRock) -- C:\Program Files (x86)\ASRock Utility\OCTuner\ASROC.exe
PRC - [2010.06.18 12:54:54 | 002,181,744 | ---- | M] (Gainward Co.) -- C:\Program Files (x86)\EXPERTool\TBPANEL.exe
PRC - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010.01.22 13:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe


========== Modules (No Company Name) ==========

MOD - [2012.10.08 22:31:07 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012.03.23 16:55:32 | 000,185,808 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\QipGuard\chrome.dll
MOD - [2012.03.16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2012.03.16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2012.02.20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.06.22 13:50:52 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\hiddriver.dll
MOD - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007.09.02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
MOD - [1998.10.31 11:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\EXPERTool\TBManage.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012.09.13 15:26:50 | 001,259,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (WebOptimizer)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.10.08 22:31:07 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.03 11:45:14 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.09.03 09:13:08 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - [2012.08.31 16:02:02 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.05 22:32:32 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.03.23 16:55:34 | 000,191,440 | ---- | M] (QIP.ru) [Auto | Running] -- C:\Program Files (x86)\QipGuard\QipGuard.exe -- (QipGuard)
SRV - [2012.01.09 10:56:26 | 000,884,120 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe -- (WO_LiveService)
SRV - [2011.11.03 20:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.09.15 13:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.08.03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.08.03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.07.01 11:46:40 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2011.05.10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.03.01 19:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011.01.21 17:22:30 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2011.01.21 17:20:26 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.11.22 23:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2010.10.28 12:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.10.20 12:22:24 | 000,630,272 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.24 22:16:12 | 000,544,768 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\DfsdkS64.exe -- (DfSdkS)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.13 02:08:04 | 000,024,168 | ---- | M] (The Within Network, LLC) [Auto | Running] -- C:\Windows\UnsignedThemesSvc.exe -- (UnsignedThemes)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.08.15 06:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.09.19 10:02:08 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.09.19 10:02:06 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.06.27 19:44:09 | 000,025,216 | ---- | M] (Dev47Apps) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\droidcam.sys -- (DroidCam)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.07.01 11:46:40 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011.06.08 17:31:30 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.06.08 17:31:30 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.05.10 14:04:08 | 000,600,920 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011.05.10 14:04:07 | 000,287,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011.05.10 14:02:41 | 000,053,592 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011.05.10 13:59:59 | 000,031,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011.05.10 13:59:48 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011.05.10 13:59:37 | 000,022,360 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011.05.10 11:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.10 17:02:22 | 000,031,808 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV:64bit: - [2011.02.08 17:55:21 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2011.01.15 19:52:47 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2010.11.20 15:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 15:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 13:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.15 19:42:34 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.08.24 19:29:54 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2010.08.24 19:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010.07.12 20:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.06.25 17:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.04.27 04:25:14 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdm.sys -- (ss_mdm)
DRV:64bit: - [2010.04.27 04:25:14 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bus.sys -- (ss_bus)
DRV:64bit: - [2010.04.27 04:25:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV:64bit: - [2010.04.19 21:29:18 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2010.03.04 15:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.02.26 15:33:40 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2010.02.26 15:33:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010.02.26 15:33:22 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2010.02.26 15:33:22 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2010.02.26 15:21:22 | 000,173,056 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2010.02.26 15:21:20 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2010.01.22 13:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.01.22 13:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.11.24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.24 03:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.11.02 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.10.19 15:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.09.16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009.09.11 21:49:18 | 000,076,552 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2009.09.11 21:49:08 | 000,015,880 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2009.09.11 21:48:58 | 000,036,872 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
DRV:64bit: - [2009.09.11 21:48:46 | 000,041,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009.09.11 21:48:36 | 000,026,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.13 02:09:20 | 000,030,568 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\uxpatch.sys -- (uxpatch)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2008.11.04 14:12:08 | 000,023,096 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MTiCtwl.sys -- (Magic Tune)
DRV:64bit: - [2008.08.28 13:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.06.27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2011.03.08 06:01:06 | 000,012,824 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerProcessMonitor64.sys -- (LiveTunerPM)
DRV - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.08.14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2007.03.16 11:11:20 | 000,015,648 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\TBPanelx64.sys -- (Cardex)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Tim\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = hxxp://search.qip.ru/search?query={searchTerms}&from=IE
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKCU\..\SearchScopes\{AE5C0651-C0E2-4161-86E2-F61F7C6910E7}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6OyI8KkmS8&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "QIP Search"
FF - prefs.js..browser.startup.homepage: "hxxp://qip.ru"
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1
FF - prefs.js..extensions.enabledItems: ffxtlbr@incredibar.com:1.5.0
FF - prefs.js..extensions.enabledItems: {336D0C35-8A85-403a-B9D2-65C292C39087}:2.0.0.485
FF - prefs.js..keyword.URL: "hxxp://search.qip.ru/search?from=FF&query="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.09.14 16:22:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.04.05 03:01:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.04.05 03:01:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.09.14 16:22:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.28 09:37:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.16 13:40:47 | 000,000,000 | ---D | M]

[2011.01.10 20:07:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\mozilla\Extensions
[2012.09.23 03:42:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\1vgag5xr.default\extensions
[2011.05.23 22:17:37 | 000,000,000 | ---D | M] (QipAuthorizer) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\1vgag5xr.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
[2012.07.16 20:57:35 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\1vgag5xr.default\extensions\ffxtlbr@incredibar.com
[2011.01.15 19:52:37 | 000,002,059 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\mozilla\firefox\profiles\1vgag5xr.default\searchplugins\daemon-search.xml
[2012.07.16 20:57:03 | 000,002,203 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\mozilla\firefox\profiles\1vgag5xr.default\searchplugins\MyStart Search.xml
[2012.08.26 18:05:26 | 000,002,062 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\mozilla\firefox\profiles\1vgag5xr.default\searchplugins\qip-search.xml
[2011.12.30 19:31:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.04.05 03:01:03 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011.04.05 03:01:03 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2012.09.14 16:22:10 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
[2012.01.15 17:43:23 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.15 17:43:23 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.15 17:43:23 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.15 17:43:23 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.15 17:43:23 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2011.04.20 23:31:30 | 000,002,294 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 74.208.10.249 gs.apple.com
O1 - Hosts: 127.0.0.1 www.nero.com
O1 - Hosts: 127.0.0.1 www.nero.com/rus/index.html
O1 - Hosts: 127.0.0.1 www.nero.com/rus/support.html
O1 - Hosts: 127.0.0.1 www.nero.com/rus/store-upgrade-center.html
O1 - Hosts: 127.0.0.1 www.nero.com/rus/store-volume-licensing.html
O1 - Hosts: 127.0.0.1 www.nero.com/eng/index.html
O1 - Hosts: 127.0.0.1 www.nero.com/enu/support-nero8.html
O1 - Hosts: 127.0.0.1 my.nero.com
O1 - Hosts: 127.0.0.1 secure.nero.com/us/secure.asp
O1 - Hosts: 22 more lines...
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Tim\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [RoccatKone+] C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH)
O4 - HKCU..\Run: [ASRockIES] File not found
O4 - HKCU..\Run: [ASRockOCTuner] File not found
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHVE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus Office BX635FWD" File not found
O4 - HKCU..\Run: [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co.)
O4 - HKCU..\Run: [QIP Internet Guardian] C:\Users\Tim\AppData\Roaming\QipGuard\QipGuard.exe (QIP.ru)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [zASRockInstantBoot] File not found
O4:64bit: - HKLM..\RunOnceEx: [TITLE] Installiere Addons File not found
O4 - Startup: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Tim\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29FA18EE-467A-44B0-B299-B058FE7FCC05}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36C0209B-FB36-4409-AF32-664D2398D5F8}: DhcpNameServer = 10.129.32.1 10.74.83.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9AF4E54-C11F-4517-BDC5-C06C97BB7A6A}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B58319BC-6948-41A8-811A-37260978BC53}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8DFC98F-B86F-43E0-9560-8684CA73D560}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D17D7B94-A785-41E0-BBA2-3C28385DF007}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.14 10:00:22 | 000,008,192 | ---- | M] (Microsoft) - H:\AutoOff.exe -- [ NTFS ]
O32 - AutoRun File - [2010.02.10 05:55:03 | 009,965,568 | ---- | M] () - H:\autorun.dat -- [ NTFS ]
O32 - AutoRun File - [2011.01.06 15:40:39 | 000,000,000 | ---- | M] () - H:\AUTORUN.FCB -- [ NTFS ]
O32 - AutoRun File - [2011.11.16 19:40:07 | 000,000,100 | ---- | M] () - H:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2010.01.20 12:02:34 | 000,000,065 | ---- | M] () - H:\autorun.unf -- [ NTFS ]
O33 - MountPoints2\{4696dfde-f0e2-11df-92b7-00252261a925}\Shell - "" = AutoRun
O33 - MountPoints2\{4696dfde-f0e2-11df-92b7-00252261a925}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{67c7dea4-20a4-11e0-8500-00252261a925}\Shell - "" = AutoRun
O33 - MountPoints2\{67c7dea4-20a4-11e0-8500-00252261a925}\Shell\AutoRun\command - "" = G:\hmh-dishonored.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.10.27 17:42:43 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\Trojaner Board
[2012.10.22 18:15:51 | 000,000,000 | -HSD | C] -- C:\found.000
[2012.10.22 18:09:10 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.10.22 16:03:32 | 000,000,000 | ---D | C] -- C:\ProgramData\gckaplcpqavuotx
[2012.10.13 19:17:33 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\rar31076
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Users\Tim\Documents\*.tmp files -> C:\Users\Tim\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.10.27 17:47:53 | 000,010,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.27 17:47:53 | 000,010,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.27 17:40:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.27 17:39:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2012.10.27 17:39:24 | 000,000,020 | ---- | M] () -- C:\Users\Tim\defogger_reenable
[2012.10.27 17:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.27 17:29:35 | 000,918,818 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.27 17:29:35 | 000,713,350 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.27 17:29:35 | 000,155,096 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.27 17:29:35 | 000,044,228 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.27 17:29:35 | 000,020,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.26 06:33:40 | 000,272,351 | ---- | M] () -- C:\Users\Tim\Desktop\20121023160202-0460cc6a.jpg
[2012.10.23 20:08:56 | 000,000,033 | ---- | M] () -- C:\ProgramData\droidcam-settings
[2012.10.23 19:41:25 | 000,000,995 | ---- | M] () -- C:\Users\Tim\Desktop\Dishonored.lnk
[2012.10.22 21:57:16 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.10.22 18:22:36 | 000,000,766 | ---- | M] () -- C:\Users\Tim\Documents\registry.reg
[2012.10.22 16:03:31 | 000,076,352 | ---- | M] () -- C:\ProgramData\hqstmsukmpmbngn
[2012.10.16 15:55:31 | 729,696,256 | ---- | M] () -- C:\Users\Tim\Desktop\ubuntu-10.10-netbook-i386.iso
[2012.10.12 21:11:32 | 001,377,959 | ---- | M] () -- C:\Users\Tim\Documents\Tami brief.pdf
[2012.10.04 16:33:27 | 000,391,149 | ---- | M] () -- C:\Users\Tim\Desktop\Q3.pdf
[2012.09.30 15:30:19 | 000,718,350 | ---- | M] () -- C:\Users\Tim\Desktop\2012-09-30 15.29.00.jpg
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Users\Tim\Documents\*.tmp files -> C:\Users\Tim\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.10.27 17:39:24 | 000,000,020 | ---- | C] () -- C:\Users\Tim\defogger_reenable
[2012.10.26 06:33:40 | 000,272,351 | ---- | C] () -- C:\Users\Tim\Desktop\20121023160202-0460cc6a.jpg
[2012.10.23 19:41:25 | 000,000,995 | ---- | C] () -- C:\Users\Tim\Desktop\Dishonored.lnk
[2012.10.22 21:57:16 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.10.22 21:57:16 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.10.22 18:22:36 | 000,000,766 | ---- | C] () -- C:\Users\Tim\Documents\registry.reg
[2012.10.22 16:03:26 | 000,076,352 | ---- | C] () -- C:\ProgramData\hqstmsukmpmbngn
[2012.10.16 15:54:10 | 729,696,256 | ---- | C] () -- C:\Users\Tim\Desktop\ubuntu-10.10-netbook-i386.iso
[2012.10.12 21:09:49 | 001,377,959 | ---- | C] () -- C:\Users\Tim\Documents\Tami brief.pdf
[2012.10.04 16:33:27 | 000,391,149 | ---- | C] () -- C:\Users\Tim\Desktop\Q3.pdf
[2012.09.30 15:30:11 | 000,718,350 | ---- | C] () -- C:\Users\Tim\Desktop\2012-09-30 15.29.00.jpg
[2012.06.27 19:45:15 | 000,000,033 | ---- | C] () -- C:\ProgramData\droidcam-settings
[2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.05.09 21:57:20 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012.03.26 21:00:44 | 000,041,151 | ---- | C] () -- C:\Users\Tim\ESt2011_Krzyzanowski_Tim_Aaron.elfo
[2011.12.27 11:35:38 | 000,000,534 | ---- | C] () -- C:\Windows\eReg.dat
[2011.12.19 20:13:52 | 000,003,584 | ---- | C] () -- C:\Users\Tim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.11 21:08:22 | 000,035,270 | ---- | C] () -- C:\Users\Tim\.TransferManager.db
[2011.11.12 16:09:00 | 000,001,231 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\Roaming - Verknüpfung.lnk
[2011.10.01 19:51:49 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.10.01 19:51:46 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.10.01 16:36:28 | 000,028,160 | ---- | C] () -- C:\Users\Tim\syslinux.exe
[2011.10.01 16:36:28 | 000,000,237 | ---- | C] () -- C:\Users\Tim\syslinux.cfg
[2011.10.01 16:36:27 | 000,237,849 | ---- | C] () -- C:\Users\Tim\grub.exe
[2011.08.04 16:07:12 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.08.03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.04.21 22:16:45 | 000,000,306 | ---- | C] () -- C:\Windows\game.ini
[2011.04.21 11:21:13 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll
[2011.04.20 23:27:13 | 000,000,000 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\.NANotifyHere
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.02 07:57:40 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.03.02 07:57:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.03.02 07:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.03.02 07:57:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.02.28 22:47:22 | 000,007,650 | ---- | C] () -- C:\Users\Tim\AppData\Local\Resmon.ResmonCfg
[2011.02.25 17:41:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.01.28 22:21:47 | 000,001,075 | ---- | C] () -- C:\Users\Tim\Dokumente - Verknüpfung.lnk
[2011.01.16 15:24:58 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2011.01.15 22:14:23 | 000,142,156 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.01.10 20:07:41 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.11.30 19:44:09 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010.11.15 18:32:32 | 000,899,520 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.11.15 18:27:22 | 000,394,752 | ---- | C] () -- C:\Windows\SysWow64\cygwinb19.dll
[2010.11.15 18:27:22 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\libpng13.dll
[2010.11.15 18:27:22 | 000,052,836 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2010.11.15 18:27:21 | 000,709,719 | ---- | C] () -- C:\Windows\unins002.exe
[2010.11.15 18:27:21 | 000,004,172 | ---- | C] () -- C:\Windows\unins002.dat
[2010.11.15 18:26:58 | 000,709,719 | ---- | C] () -- C:\Windows\unins001.exe
[2010.11.15 18:26:58 | 000,007,953 | ---- | C] () -- C:\Windows\unins001.dat
[2010.11.15 18:26:42 | 000,709,724 | ---- | C] () -- C:\Windows\unins000.exe
[2010.11.15 18:26:42 | 000,010,275 | ---- | C] () -- C:\Windows\unins000.dat

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011.01.13 02:45:16 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Armagetron
[2010.12.19 17:42:37 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\DAEMON Tools Lite
[2011.06.24 18:05:04 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Day 1 Studios
[2011.12.30 07:15:26 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\DC++
[2012.10.27 17:41:09 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Dropbox
[2012.03.26 20:39:51 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\elsterformular
[2012.05.12 19:34:55 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Epson
[2012.06.03 02:48:33 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\FileZilla
[2012.01.19 08:12:17 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\HTC
[2011.12.30 22:51:44 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.07.07 14:19:37 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\ICQ
[2011.03.21 00:36:09 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Leadertech
[2011.02.01 19:45:41 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\NCH Swift Sound
[2011.01.24 19:09:56 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Nokia
[2011.01.13 22:47:59 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Notepad++
[2012.03.27 17:58:36 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Opera
[2011.11.12 18:38:42 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Origin
[2011.01.10 21:14:09 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\PC Suite
[2012.08.26 18:05:26 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\QIP
[2012.08.26 18:05:24 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\QipGuard
[2011.10.18 19:21:39 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Quake3
[2012.06.12 18:35:21 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Samsung
[2012.07.16 20:37:59 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\SendSpace
[2011.01.24 18:02:24 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\TeamViewer
[2012.06.22 19:42:16 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Temp
[2011.08.07 19:46:22 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\TS3Client
[2011.02.25 19:22:27 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Tunngle
[2011.12.29 19:30:59 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Ubisoft

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 374 bytes -> C:\Users\Tim\Desktop\2012-09-30 15.29.00.jpg:com.dropbox.attributes

< End of report >

kira 27.10.2012 22:27
Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)
Hilfeleistung - geplante Vorgehensweise:
  • Problemsuche
  • Problembeseitigung/Systembereinigung
  • Verwendete Programme deinstallieren/entfernen
  • Thema abschließen: Tipps zur Computersicherheit
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malwarevon hier herunter
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

2.
kann ich nicht zuordnen, um was handelt es sich dabei ?:
Code:
C:\ProgramData\hqstmsukmpmbngn
3.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • Download den CCleaner herunter
  • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
  • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira

KoksOor 03.11.2012 18:00
1.
Code:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.01.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tim :: ANNA [Administrator]

01.11.2012 18:37:05
mbam-log-2012-11-01 (18-37-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 703502
Laufzeit: 1 Stunde(n), 47 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Users\Tim\Desktop\Key\Key-Generator\keygen.exe (Riskware.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\InstallShield\_isdel.exe (Trojan.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\winsxs\wow64_microsoft-windows-i..llshield-wow64-main_31bf3856ad364e35_6.1.7600.16385_none_ca61f601a4548b8e\_isdel.exe (Trojan.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Games\DiRT 3\paul.dll (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Games\DiRT 3\SKIDROW.dll (Trojan.Downloader.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
2. Keine Ahnung aber die Datei existiert seit dem 22.10 seitdem ich auch den Virus hatte also hab ich sie mal gescannt hat nix ergeben aber ich hab sie trotzdem einmal gelöscht

3.
Code:
7-Zip 4.65 (x64 edition)        Igor Pavlov        15.11.2010        3,98MB        4.65.00.0
Acrobat.com        Adobe Systems Incorporated        21.01.2011                1.1.377
Adobe AIR        Adobe Systems Incorporated        23.06.2012                3.2.0.2070
Adobe Anchor Service x64 CS4                15.11.2010               
Adobe CMaps x64 CS4                15.11.2010               
Adobe Creative Suite 4 Master Collection        Adobe Systems Incorporated        21.01.2011        7,86GB        4.0
Adobe CSI CS4 x64                15.11.2010               
Adobe Drive CS4 x64                15.11.2010               
Adobe Flash Player 11 ActiveX        Adobe Systems Incorporated        08.10.2012        6,00MB        11.4.402.287
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        08.10.2012        6,00MB        11.4.402.287
Adobe Fonts All x64                15.11.2010               
Adobe InDesign CS4 Icon Handler x64                15.11.2010               
Adobe Linguistics CS4 x64                15.11.2010               
Adobe Media Player        Adobe Systems Incorporated        21.01.2011                1.1
Adobe PDF Library Files x64 CS4                15.11.2010               
Adobe Photoshop CS4 (64 Bit)                15.11.2010               
Adobe Reader X (10.1.4) - Deutsch        Adobe Systems Incorporated        16.08.2012        169MB        10.1.4
Adobe Shockwave Player 11.5        Adobe Systems, Inc.        15.11.2010                11.5.7.609
Adobe Type Support x64 CS4                15.11.2010               
Adobe WinSoft Linguistics Plugin x64                15.11.2010               
Allgemeine Runtime Files (x86)        Sereby Corporation        15.11.2010                1.0.2.0
Apple Application Support        Apple Inc.        30.07.2012        61,0MB        2.1.9
Apple Mobile Device Support        Apple Inc.        30.07.2012        24,5MB        5.2.0.6
Apple Software Update        Apple Inc.        23.03.2012        2,38MB        2.1.3.127
Ashampoo WinOptimizer 8 v.8.14        Ashampoo GmbH & Co. KG        10.02.2012        72,5MB        8.1.4
ASRock IES v2.0.91                15.11.2010        9,79MB       
ASRock InstantBoot v1.24                15.11.2010               
ASRock OC Tuner v2.4.4                15.11.2010               
Assassins Creed Revelations                24.11.2011                1.0.0
ATI Catalyst Install Manager        ATI Technologies, Inc.        15.11.2010        22,1MB        3.0.762.0
avast! Free Antivirus        AVAST Software        08.06.2011                6.0.1125.0
Benutzerhandbuch EPSON BX635FWD Series                09.05.2012               
Call of Duty: Black Ops        Treyarch        04.12.2010               
Call of Duty: Black Ops - Multiplayer        Treyarch        11.05.2011               
Call of Duty: Modern Warfare 3 - Dedicated Server        Infinity Ward - Sledgehammer Games        12.12.2011               
Call of Duty: Modern Warfare 3 - Multiplayer        Infinity Ward - Sledgehammer Games        10.11.2011               
CCleaner        Piriform        24.10.2012                3.24
Counter-Strike: Global Offensive                23.08.2012               
Counter-Strike: Source        Valve        01.01.2011               
DAEMON Tools Lite        DT Soft Ltd        15.01.2011                4.40.1.0127
DC++ 0.782        Jacek Sieka        26.12.2011                0.782
Debugging Tools for Windows (x64)        Microsoft Corporation        15.11.2010        39,8MB        6.12.2.633
Dell Driver Download Manager        Dell Inc        29.11.2011                3.0.0.0
DirectX 9.0c Extra Files (x86, x64)        Sereby Corporation        15.11.2010        209MB        1.10.02.0
DirectX for Managed Code        Sereby Corporation        15.11.2010                1.0.0.0
DiRT 3        Codemasters        25.05.2011                1.0.0000.130
DiRT2        Codemasters        09.12.2010                1.00.0000
Dishonored                23.10.2012               
DivX-Setup        DivX, LLC        05.04.2011                2.4.1.4
Download Navigator        SEIKO EPSON CORPORATION        09.05.2012        717KB        1.1.0
Dropbox        Dropbox, Inc.        29.06.2012                1.4.7
Dual-Core Optimizer        AMD        11.05.2011        86,0KB        1.1.4.0169
ElsterFormular        Landesfinanzdirektion Thüringen        26.03.2012        160MB        13.1.1.8531
EPSON BX635FWD Series Printer Uninstall        SEIKO EPSON Corporation        09.05.2012               
Epson Connect Printer Setup        SEIKO EPSON CORPORATION        09.05.2012        8,27MB        1.0.2
Epson Easy Photo Print 2        SEIKO EPSON CORPORATION        09.05.2012                2.3.0.0
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)        SEIKO EPSON CORPORATION2        09.05.2012                1.00.0000
Epson Event Manager        SEIKO EPSON CORPORATION        09.05.2012        40,5MB        2.50.0001
Epson FAX Utility        SEIKO EPSON CORPORATION        09.05.2012                1.20.00
Epson PC-FAX Driver                09.05.2012               
EPSON Scan        Seiko Epson Corporation        09.05.2012               
EpsonNet Print        SEIKO EPSON CORPORATION        09.05.2012                2.4j
ESN Sonar        ESN Social Software AB        10.02.2012                0.70.0
Evernote v. 4.5.7        Evernote Corp.        24.06.2012        126MB        4.5.7.7146
EXPERTool 7.10        Gainward Co., Ltd        15.11.2010        11,1MB       
FileZilla Client 3.2.7.1                09.08.2011                3.2.7.1
FlatOut2        Ihr Firmenname        23.04.2011        2,87GB        1.00.0000
Futuremark SystemInfo        Futuremark Corporation        17.03.2011                4.0.0.0
Grand Theft Auto IV        Rockstar Games        12.05.2012                1.00.0000
Grand Theft Auto: Episodes From Liberty City        Rockstar Games        28.02.2011                1.1.0.0
HTC BMP USB Driver        HTC        30.12.2011        284KB        1.0.5375
HTC Driver Installer        HTC Corporation        23.06.2012        2,16MB        3.0.0.021
HTC Sync        HTC Corporation        23.06.2012        46,9MB        3.2.20
ICQ7.2        ICQ        01.12.2010                7.2
Incredibar Toolbar  on IE                16.07.2012               
iTunes        Apple Inc.        30.07.2012        182MB        10.6.3.25
Java(TM) 6 Update 20        Sun Microsystems, Inc.        15.11.2010        97,2MB        6.0.200
Java(TM) 6 Update 20 (64-bit)        Sun Microsystems, Inc.        15.11.2010        90,5MB        6.0.200
JDownloader        AppWork UG (haftungsbeschränkt)        14.01.2011               
LightScribe System Software        LightScribe        20.04.2011        22,5MB        1.18.6.1
Logitech Gaming Software 5.08        Logitech        22.06.2011        39,2MB        5.08.146
Logitech Gaming Software 8.20        Logitech Inc.        11.05.2012        76,6MB        8.20.74
Logitech SetPoint 6.20        Logitech        20.03.2011        39,0MB        6.20.64
LOGO!Soft Comfort V7.0 (Demo)        Siemens AG        10.05.2012                7.0.0.0
Malwarebytes Anti-Malware Version 1.65.1.1000        Malwarebytes Corporation        01.11.2012        19,4MB        1.65.1.1000
Max Payne 3        Rockstar Games        25.08.2012                1.0.0.0
Microsoft .NET Framework 1.1        Microsoft        18.01.2011        34,8MB        1.1.4322
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        12.06.2012        38,8MB        4.0.30320
Microsoft .NET Framework 4 Extended        Microsoft Corporation        12.06.2012        51,9MB        4.0.30320
Microsoft Diagnostics and Recovery Toolset 6.5        Microsoft Corporation        15.11.2010        7,10MB        6.05.0000
Microsoft Games for Windows - LIVE Redistributable        Microsoft Corporation        15.05.2011        31,3MB        3.5.88.0
Microsoft Games for Windows Marketplace        Microsoft Corporation        15.05.2011        6,03MB        3.5.50.0
Microsoft Office Enterprise 2007        Microsoft Corporation        25.02.2012                12.0.6612.1000
Microsoft Office File Validation Add-In        Microsoft Corporation        26.06.2012        7,95MB        14.0.5130.5003
Microsoft Office Live Add-in 1.5        Microsoft Corporation        24.06.2012        508KB        2.0.4024.1
Microsoft Silverlight        Microsoft Corporation        18.05.2012        50,6MB        5.1.10411.0
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        15.06.2011        300KB        8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64)        Microsoft Corporation        15.11.2010        620KB        8.0.61000
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570        Microsoft Corporation        01.06.2011        790KB        9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        01.06.2011        598KB        9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022        Microsoft Corporation        27.12.2011        910KB        9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17        Microsoft Corporation        20.03.2011        251KB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148        Microsoft Corporation        15.11.2010        788KB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        16.06.2011        788KB        9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022        Microsoft Corporation        07.04.2012        1,69MB        9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729        Microsoft Corporation        04.04.2011        234KB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        16.11.2010        240KB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        15.11.2010        596KB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        16.06.2011        600KB        9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319        Microsoft Corporation        10.09.2011        13,7MB        10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319        Microsoft Corporation        10.09.2011        11,0MB        10.0.30319
Microsoft Visual J# 2.0 Redistributable Package        Microsoft Corporation        15.11.2010               
Mozilla Firefox (3.6.25)        Mozilla        15.01.2012                3.6.25 (de)
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        11.01.2011        1,27MB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        11.01.2011        1,33MB        4.20.9876.0
MSXML 4.0 SP3 Parser        Microsoft Corporation        30.12.2011        1,47MB        4.30.2100.0
MSXML 4.0 SP3 Parser (KB2721691)        Microsoft Corporation        11.07.2012        1,53MB        4.30.2114.0
MSXML 4.0 SP3 Parser (KB973685)        Microsoft Corporation        01.01.2012        1,53MB        4.30.2107.0
NEC Electronics USB 3.0 Host Controller Driver        NEC Electronics Corporation        15.11.2010        993KB        1.0.19.0
Nero 10 ClipartPack        Nero AG        20.04.2011        26,5MB        10.2.10000.11.0
Nero 10 Menu TemplatePack 1        Nero AG        20.04.2011        59,7MB        10.2.10000.0.0
Nero 10 Menu TemplatePack 2        Nero AG        20.04.2011        182MB        10.2.10000.0.0
Nero 10 Menu TemplatePack 3        Nero AG        20.04.2011        241MB        10.2.10100.1.0
Nero 10 Movie ThemePack 1        Nero AG        20.04.2011        51,2MB        10.2.10000.11.0
Nero 10 Movie ThemePack 2        Nero AG        20.04.2011        313MB        10.2.10100.1.0
Nero 10 Movie ThemePack 3        Nero AG        20.04.2011        167MB        10.2.10100.1.0
Nero 10 Movie ThemePack 4        Nero AG        20.04.2011        100MB        10.2.10100.1.0
Nero 10 PiP EffectPack 1        Nero AG        20.04.2011        73,9MB        10.2.10000.0.0
Nero 10 Sample ImagePack        Nero AG        20.04.2011        5,85MB        10.2.10000.11.0
Nero 10 Sample Videos        Nero AG        20.04.2011        42,0MB        10.2.10000.11.0
Nero 10 Video TransitionPack 1        Nero AG        20.04.2011        32,6MB        10.2.10000.0.0
Nero BackItUp 10        Nero AG        20.04.2011        109MB        5.6.11000.11.100
Nero Burning ROM 10        Nero AG        20.04.2011        167MB        10.2.11000.12.100
Nero BurnRights 10        Nero AG        20.04.2011        6,14MB        4.2.10300.0.102
Nero CoverDesigner 10        Nero AG        20.04.2011        77,4MB        5.2.10700.7.100
Nero DiscSpeed 10        Nero AG        20.04.2011        7,21MB        6.2.10300.1.100
Nero Express 10        Nero AG        20.04.2011        164MB        10.2.11100.12.100
Nero InfoTool 10        Nero AG        20.04.2011        8,06MB        7.2.10300.5.100
Nero MediaHub 10        Nero AG        20.04.2011        179MB        1.2.12300.27.100
Nero Multimedia Suite 10 Platinum HD        Nero AG        20.04.2011        2,61GB        10.5.10900
Nero Recode 10        Nero AG        20.04.2011        92,2MB        4.8.10400.3.100
Nero RescueAgent 10        Nero AG        20.04.2011        6,53MB        3.2.10600.7.100
Nero SoundTrax 10        Nero AG        20.04.2011        95,0MB        4.8.10200.1.100
Nero StartSmart 10        Nero AG        20.04.2011        142MB        10.2.11100.10.100
Nero Update        Nero AG        20.04.2011        1,43MB        1.0.0018
Nero Vision 10        Nero AG        20.04.2011        223MB        7.2.14700.9.100
Nero WaveEditor 10        Nero AG        20.04.2011        76,4MB        5.8.10400.2.100
Netzwerkhandbuch EPSON BX635FWD Series                09.05.2012               
Nokia Connectivity Cable Driver        Nokia        10.01.2011        3,69MB        7.1.31.0
Notepad++                13.01.2011                5.8.6
NVIDIA 3D Vision Controller-Treiber 280.19        NVIDIA Corporation        01.10.2011                280.19
NVIDIA 3D Vision Treiber 280.26        NVIDIA Corporation        01.10.2011                280.26
NVIDIA Grafiktreiber 280.26        NVIDIA Corporation        01.10.2011                280.26
NVIDIA HD-Audiotreiber 1.2.23.3        NVIDIA Corporation        01.10.2011                1.2.23.3
NVIDIA PhysX-Systemsoftware 9.10.0514        NVIDIA Corporation        14.04.2011                9.10.0514
NVIDIA Update 1.4.28        NVIDIA Corporation        01.10.2011                1.4.28
OpenVPN 2.2.1                12.11.2011                2.2.1
Opera 12.02        Opera Software ASA        02.09.2012                12.02.1578
Origin        Electronic Arts, Inc.        12.11.2011                8.3.7.3619
PC Connectivity Solution        Nokia        10.01.2011        19,7MB        10.42.0.0
PDF24 Creator 2.9.1        PDF24.org        04.02.2011        33,8MB       
Photoshop Camera Raw_x64                15.11.2010               
PokerStars.net        PokerStars.net        10.02.2012               
Postal.3 version 1.0                02.09.2012                1.0
PunkBuster Services        Even Balance, Inc.        01.10.2011                0.991
QIP 2012 4.0.7221                26.08.2012                4.0.7221
QIP Infium 9040 Jeak-Edition        jeak.de        15.11.2010        21,2MB        2.0.9040
QIP Internet Guardian                26.08.2012        683KB       
QuickTime        Apple Inc.        28.04.2012        73,2MB        7.71.80.42
Realtek Ethernet Controller Driver For Windows 7        Realtek        15.11.2010                7.17.304.2010
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        15.11.2010                6.0.1.6167
ROCCAT Kone[+] Mouse Driver        Roccat GmbH        21.04.2011        13,0MB       
RocketDock 1.3.5        Punk Software        01.08.2011               
Rockstar Games Social Club        Rockstar Games        25.08.2012                1.0.9.5
Samsung Kies        Samsung Electronics Co., Ltd.        12.06.2012        209MB        2.3.2.12054_18
Samsung Mobile phone USB driver Drive Software                05.06.2011               
Samsung PC Studio 3 USB Driver Installer        Samsung Electronics Co., Ltd.        07.06.2011                3.2.0.70701
SAMSUNG USB Driver for Mobile Phones        SAMSUNG Electronics Co., Ltd.        12.06.2012        42,9MB        1.5.5.0
Skype™ 5.10        Skype Technologies S.A.        15.08.2012        19,4MB        5.10.116
Sleeping Dogs                06.09.2012               
Steam        Valve Corporation        04.12.2010        34,3MB        1.0.0.0
Steamless Left4Dead2 Pack        Steamless        10.01.2011                1.0
Team Fortress 2        Valve        02.07.2011               
TeamSpeak 2 RC2        Dominating Bytes Design        22.04.2011                2.0.32.60
TeamSpeak 3 Client        TeamSpeak Systems GmbH        22.04.2011               
TeamViewer 6        TeamViewer GmbH        13.11.2011                6.0.11656
TeamViewer 7        TeamViewer        22.10.2012                7.0.14563
The Elder Scrolls V: Skyrim        RAF        15.04.2012                1.1.21.0
The Sims 3 Ultimate Bundle        Electronic Arts        18.08.2011                1.0
Tunngle beta        Tunngle.net GmbH        25.02.2011               
Ubisoft Game Launcher        UBISOFT        21.08.2011                1.0.0.0
UxStyle Core Beta        The Within Network, LLC        15.11.2010        38,0KB        0.2.1.1
VLC media player 2.0.0        VideoLAN        21.02.2012                2.0.0
Web Assistant 2.0.0.485        IncrediBar        14.09.2012        2,04MB        2.0.0.485
Web Optimizer                27.09.2012                2.0.0.2
Windows Live ID Sign-in Assistant        Microsoft Corporation        15.05.2011        10,0MB        6.500.3165.0
Windows Media Player Firefox Plugin        Microsoft Corp        01.02.2011        296KB        1.0.0.8
Windows XP Mode        Microsoft Corporation        15.11.2010        1,13GB        1.3.7600.16422
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)        Nokia        10.01.2011                08/22/2008 7.0.0.0
WinRAR                15.11.2010               
XFastUsb                08.02.2011
Ich hoff mal ihr könnt mir helfen =) danke schonmal =)

kira 03.11.2012 22:10
Das Installieren von "nicht legal erworbene Software" ist eine ziemlich sichere Methode, ein Rechner zu infizieren:
Zitat:
C:\Users\Tim\Desktop\Key\Key-Generator\keygen.exe (Riskware.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Games\DiRT 3\paul.dll (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Einen durch Keygen [Key Generator/Keymaker] verseuchten PC und eventuell gespeicherte externe Daten auf SB Sticks, ext.Platte etc,, sollte formatiert und neu aufgesetzt werden, weil ja durch gecrackte oder mit Viren verseuchte Software wie auch immer, ein Angreifer erfolgreich in dein System eingedrungen ist:-> *Technische Kompromittierung*
Denn die angebotenen Programme und Dateien enthalten jede erdenkliche Art von Malware/Schadprogramm wie z.B. Backdoors, Rootkits etc, die dann den PC unter Kontrolle nehmen und die Administratorrolle übernehmen können
Weil dieses `selbstzerrstörerischem Verhalten `illegal` ist bzw verstößt gegen das Gesetz, Weil dieses `selbstzerrstörerischem Verhalten `illegal` ist bzw verstößt gegen das Gesetz, Hilfe unsererseits ist gar nicht möglich. Aus diesem Grund sehen wir uns gezwungen den Thread zu schließen:-> Ich möchte dich darauf hinweisen, dass wir bei Verwendung von Keygens & Cracks keine Beihilfe leisten wollen! :-> Forumregel:- Cracks, Keygens und andere illegale Software
Also Du kannst Dir viel Ärger und unnötige Zeitverschwendung ersparen, indem du dein System und auch die externe potenziell verseuchte Platte, USB-Stick etc formatiers und Windows (ohne Cracks & Keygens) neu installierst! Aber wenigstens hast Du dann nach einer Neuinstallation wieder ein sauberes System und hoffentlich hast Du was draus gelernt und in Zukunft lässt die Finger von...

Zitat:
Sinn & Zweck der Sache - Viren Trojaner Würmer:
Ein Wurm, der fast als "guter Wurm" bezeichnet werden kann, zieht durch
das Netz und verbeitet sich über die File-Sharing Netzwerke BearShare, KaZaA
eMule & Co
Der Wurm besitzt unzählige verschiedene Namen bekannter Cracks oder
Keygeneratoren zur illegalen Benutzung von kommerzieller Software. Wer gezielt
nach solchen Dateien sucht, könnte also durchaus auch auf eine Wurmkopie
treffen.
http://www.world-of-smilies.com/wos_...eschlossen.gif


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:21 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131