Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: System Check Virus + Gema Trojaner eingefangen...

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.03.2012, 14:56   #1
jowizzzal
 
System Check Virus + Gema Trojaner eingefangen... - Standard

System Check Virus + Gema Trojaner eingefangen...



Hallo zusammen,

ich habe mir vor 2 Tagen den System Check Virus eingefangen + die Woche davor den Gema Trojaner (danach lief mein Laptop eigtl. noch ganz gut ) Naja spätestens seit "System Check" geht nichts mehr...ich habe die Malwarebytes Software gestern durchlaufen lassen und sage und schreibe 21 Viren entfernt...jetzt ist das komplette System Check Fenster weg aber leider sind meine ganzen Dateien noch "versteckt".

Ich wäre Euch sehr dankbar wenn sich jemand mir annimmt und weiter helfen kann!

beste Grüße

Jo

Ich hab jetzt nachdem ich einige Themen mit den gleichen Problemen durchgelesen habe zwei OTL Log files mit dem OTL (Old Timer Scanner) erstellt.

Welche wie folgt aussehen

[quote]
OTL Logfile:
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL logfile created on: 21.03.2012 15:06:45 - Run 2
OTL by OldTimer - Version 3.2.39.1     Folder = C:\Users\Jo\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,97 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 58,20% Memory free
3,93 Gb Paging File | 2,85 Gb Available in Paging File | 72,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218,20 Gb Total Space | 130,64 Gb Free Space | 59,87% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP | User Name: Jo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jo\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\3 Mobile Broadband\3Connect\BecHelperService.exe ()
PRC - C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\xammp\xampp\mysql\bin\mysqld.exe (MySQL AB)
PRC - C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
PRC - c:\Programme\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
PRC - c:\Programme\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
PRC - C:\Programme\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE ()
PRC - C:\Programme\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE (Dell Inc.)
PRC - C:\Programme\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Google\Chrome\Application\17.0.963.79\ppgooglenaclpluginchrome.dll ()
MOD - C:\Programme\Google\Chrome\Application\17.0.963.79\pdf.dll ()
MOD - C:\Programme\Google\Chrome\Application\17.0.963.79\avutil-51.dll ()
MOD - C:\Programme\Google\Chrome\Application\17.0.963.79\avformat-53.dll ()
MOD - C:\Programme\Google\Chrome\Application\17.0.963.79\avcodec-53.dll ()
MOD - C:\Programme\Google\Chrome\Application\17.0.963.79\gcswf32.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Notepad++\NppShell_01.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (BecHelperService) -- C:\Programme\3 Mobile Broadband\3Connect\BecHelperService.exe ()
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (MySQL) -- C:\xammp\xampp\mysql\bin\mysqld.exe (MySQL AB)
SRV - (Apache2.2) -- C:\xammp\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (tmproxy) -- c:\Programme\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV - (TMBMServer) -- c:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV - (TmPfw) -- c:\Programme\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
SRV - (SfCtlCom) -- c:\Programme\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV - (TOSHIBA Bluetooth Service) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (TrojanKillerDriver) -- C:\Windows\System32\drivers\gtkdrv.sys (Windows (R) Win 7 DDK provider)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mdvrmng) -- C:\Windows\System32\drivers\mdvrmng.sys ()
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (tmxpflt) -- C:\Windows\System32\drivers\tmxpflt.sys (Trend Micro Inc.)
DRV - (tmpreflt) -- C:\Windows\System32\drivers\tmpreflt.sys (Trend Micro Inc.)
DRV - (vsapint) -- C:\Windows\System32\drivers\vsapint.sys (Trend Micro Inc.)
DRV - (tmwfp) -- C:\Windows\System32\drivers\tmwfp.sys (Trend Micro Inc.)
DRV - (tmcomm) -- C:\Windows\System32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (tmlwf) -- C:\Windows\System32\drivers\tmlwf.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\Windows\System32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (tmactmon) -- C:\Windows\System32\drivers\tmactmon.sys (Trend Micro Inc.)
DRV - (tmevtmgr) -- C:\Windows\System32\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (rixdpcie) -- C:\Windows\System32\drivers\rixdpe86.sys (REDC)
DRV - (rimspci) -- C:\Windows\System32\drivers\rimspe86.sys (REDC)
DRV - (risdpcie) -- C:\Windows\System32\drivers\risdpe86.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (CtClsFlt) -- C:\Windows\System32\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV - (CtAudDrv) -- C:\Windows\System32\drivers\CtAudDrv.sys (Creative Technology Ltd.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (nmwcd) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {4031213B-2279-418F-81C5-A2F5CE04EF46}
IE - HKLM\..\SearchScopes\{4031213B-2279-418F-81C5-A2F5CE04EF46}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {4031213B-2279-418F-81C5-A2F5CE04EF46}
IE - HKCU\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKCU\..\SearchScopes\{2781380E-042A-48DC-ADCD-24554EC175A9}: "URL" = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{3C74D455-EA77-4868-AFC2-FA8D4DE18714}: "URL" = hxxp://go.web.de/tb/ie_lastminute_sp/?searchText={searchTerms}
IE - HKCU\..\SearchScopes\{79817182-B2D0-41A4-AF82-743AE2044FD5}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{A335781F-692C-42E6-ADB2-1292F66B8D62}: "URL" = hxxp://go.web.de/tb2/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{CF27C2CB-2BE3-4295-BEA2-D6BB073DD605}: "URL" = hxxp://go.web.de/tb/ie_ebay_sp/?su={searchTerms}
IE - HKCU\..\SearchScopes\{E5E01A93-5788-418C-ABD4-A269D2DC0631}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{F6F847D7-BB45-4F75-A366-F6183FA44994}: "URL" = hxxp://go.web.de/tb/ie_amazon_sp/?field-keywords={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\
CHR - Extension: Google Mail = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UfSeAgnt.exe] c:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4CA6CC16-C409-41D1-989C-CB04DD2106EB}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B00989C-9452-44BD-B6B9-D5D8BF77283C}: NameServer = 217.171.135.1 217.171.132.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b1bb0327-8dbf-11e0-9a75-b8ac6f5d75af}\Shell - "" = AutoRun
O33 - MountPoints2\{b1bb0327-8dbf-11e0-9a75-b8ac6f5d75af}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.20 16:43:29 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\Malwarebytes
[2012.03.20 16:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.20 16:43:19 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.20 16:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.20 16:43:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.20 16:19:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012.03.20 16:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2012.03.19 23:42:09 | 000,000,000 | -H-D | C] -- C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.03.19 23:34:46 | 000,000,000 | -H-D | C] -- C:\Users\Jo\Desktop\Saukrates-The_Underground_Tapes_Volume_2-Limited_Edition-EP-1999-FTD
[2012.03.19 23:16:41 | 000,000,000 | -H-D | C] -- C:\Users\Jo\Desktop\Saukrates - The Underground Tapes (1999)
[2012.03.18 18:23:54 | 000,000,000 | -H-D | C] -- C:\Users\Jo\AppData\Roaming\UAs
[2012.03.18 13:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.03.18 13:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.03.18 13:36:30 | 000,000,000 | -H-D | C] -- C:\Users\Jo\AppData\Local\Google
[2012.03.18 13:36:30 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012.03.18 13:35:09 | 003,628,016 | -H-- | C] (Piriform Ltd) -- C:\Users\Jo\Desktop\ccsetup316.exe
[2012.03.17 21:12:41 | 000,000,000 | -H-D | C] -- C:\Users\Jo\AppData\Roaming\xmldm
[2012.03.17 21:12:40 | 000,000,000 | -H-D | C] -- C:\Users\Jo\AppData\Roaming\kock
[2012.03.15 03:36:57 | 000,000,000 | -H-D | C] -- C:\Users\Jo\AppData\Roaming\gema
[2012.03.15 03:36:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\gema
[2012.03.15 03:01:04 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.03.15 03:01:03 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.03.14 14:51:54 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.03.14 14:51:53 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.03.14 14:50:18 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012.03.14 14:50:17 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012.03.14 14:50:17 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012.03.14 14:50:16 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012.03.10 21:34:49 | 000,000,000 | -H-D | C] -- C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\vGrabber
[2012.03.10 21:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\v-Grabber
[1 C:\Users\Jo\AppData\Roaming\*.tmp files -> C:\Users\Jo\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.21 14:47:01 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.21 14:16:19 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.21 14:16:19 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.21 14:09:14 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.21 14:08:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.21 14:08:47 | 1582,583,808 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.20 21:27:31 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.20 21:27:31 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.20 21:27:31 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.20 21:27:31 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.20 16:43:20 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.20 16:19:23 | 000,001,095 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.03.19 23:43:51 | 000,000,456 | -H-- | M] () -- C:\ProgramData\bWNUBzRXeGIbSm
[2012.03.19 23:42:10 | 000,000,264 | -H-- | M] () -- C:\ProgramData\~bWNUBzRXeGIbSm
[2012.03.19 23:42:10 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~bWNUBzRXeGIbSmr
[2012.03.19 23:42:09 | 000,000,655 | -H-- | M] () -- C:\Users\Jo\Desktop\System Check.lnk
[2012.03.19 23:27:07 | 041,363,404 | -H-- | M] () -- C:\Users\Jo\Desktop\Saukrates-The_Underground_Tapes_Volume_2-Limited_Edition-EP-1999-FTD.zip
[2012.03.19 22:06:28 | 152,825,420 | -H-- | M] () -- C:\Users\Jo\Desktop\TONY MATTERHORN B-DAY PARTY (PART 2) (MARCH 17th 2012) (MIAMI) CODE RED, INNOCENT, TONY MATTERHORN.mp3
[2012.03.19 16:06:48 | 000,005,624 | -H-- | M] () -- C:\Users\Jo\AppData\Roaming\BAcroIEHelpe089.dll
[2012.03.18 16:12:04 | 142,114,730 | -H-- | M] () -- C:\Users\Jo\Desktop\PLAYMAKER MEETS LUV INJECTION.zip
[2012.03.18 14:40:49 | 000,016,081 | -HS- | M] () -- C:\Users\Jo\Desktop\Folder.jpg
[2012.03.18 14:40:49 | 000,004,877 | -HS- | M] () -- C:\Users\Jo\Desktop\AlbumArtSmall.jpg
[2012.03.18 13:35:15 | 003,628,016 | -H-- | M] (Piriform Ltd) -- C:\Users\Jo\Desktop\ccsetup316.exe
[2012.03.15 15:35:05 | 067,033,172 | -H-- | M] () -- C:\Users\Jo\Desktop\Runnsound Remembers Gregory Isaacs - Cool Ruler Audiomentary-17 Tracks Dubplate Tribute.mp3
[2012.03.15 03:21:29 | 000,265,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.14 03:30:38 | 000,000,444 | -H-- | M] () -- C:\Users\Jo\Desktop\Breanne Benson Videos (242)  4tube.website
[2012.03.13 14:17:26 | 003,457,036 | -H-- | M] () -- C:\Users\Jo\Desktop\template9.zip
[2012.03.05 17:40:52 | 000,000,028 | -HS- | M] () -- C:\Users\Jo\Desktop\AlbumArt_{F2586D5B-53ED-46D6-9CFF-70BFE5EB3DA7}_Small.jpg
[2012.03.05 17:40:52 | 000,000,028 | -HS- | M] () -- C:\Users\Jo\Desktop\AlbumArt_{F2586D5B-53ED-46D6-9CFF-70BFE5EB3DA7}_Large.jpg
[2012.02.25 13:22:09 | 000,000,477 | -H-- | M] () -- C:\Users\Jo\Desktop\Download Solid Selection.rar from Sendspace.com - send big files the easy way.website
[2012.02.23 22:09:44 | 000,000,463 | -H-- | M] () -- C:\Users\Jo\Desktop\Supersonic, Recorded on 12-11-11 Mitch_YBS on USTREAM. Radio.website
[2012.02.23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[1 C:\Users\Jo\AppData\Roaming\*.tmp files -> C:\Users\Jo\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.20 16:43:20 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.20 16:19:23 | 000,001,095 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.03.19 23:42:10 | 000,000,264 | -H-- | C] () -- C:\ProgramData\~bWNUBzRXeGIbSm
[2012.03.19 23:42:10 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~bWNUBzRXeGIbSmr
[2012.03.19 23:42:09 | 000,000,655 | -H-- | C] () -- C:\Users\Jo\Desktop\System Check.lnk
[2012.03.19 23:42:05 | 000,000,456 | -H-- | C] () -- C:\ProgramData\bWNUBzRXeGIbSm
[2012.03.19 23:23:49 | 041,363,404 | -H-- | C] () -- C:\Users\Jo\Desktop\Saukrates-The_Underground_Tapes_Volume_2-Limited_Edition-EP-1999-FTD.zip
[2012.03.19 21:54:37 | 152,825,420 | -H-- | C] () -- C:\Users\Jo\Desktop\TONY MATTERHORN B-DAY PARTY (PART 2) (MARCH 17th 2012) (MIAMI) CODE RED, INNOCENT, TONY MATTERHORN.mp3
[2012.03.19 16:06:48 | 000,005,624 | -H-- | C] () -- C:\Users\Jo\AppData\Roaming\BAcroIEHelpe089.dll
[2012.03.18 16:01:09 | 142,114,730 | -H-- | C] () -- C:\Users\Jo\Desktop\PLAYMAKER MEETS LUV INJECTION.zip
[2012.03.18 13:36:35 | 000,001,090 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.18 13:36:34 | 000,001,086 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.15 15:28:50 | 067,033,172 | -H-- | C] () -- C:\Users\Jo\Desktop\Runnsound Remembers Gregory Isaacs - Cool Ruler Audiomentary-17 Tracks Dubplate Tribute.mp3
[2012.03.13 14:17:20 | 003,457,036 | -H-- | C] () -- C:\Users\Jo\Desktop\template9.zip
[2012.03.05 17:40:52 | 000,000,028 | -HS- | C] () -- C:\Users\Jo\Desktop\AlbumArt_{F2586D5B-53ED-46D6-9CFF-70BFE5EB3DA7}_Small.jpg
[2012.03.05 17:40:52 | 000,000,028 | -HS- | C] () -- C:\Users\Jo\Desktop\AlbumArt_{F2586D5B-53ED-46D6-9CFF-70BFE5EB3DA7}_Large.jpg
[2012.02.24 00:54:54 | 000,000,477 | -H-- | C] () -- C:\Users\Jo\Desktop\Download Solid Selection.rar from Sendspace.com - send big files the easy way.website
[2012.02.20 16:00:20 | 000,000,463 | -H-- | C] () -- C:\Users\Jo\Desktop\Supersonic, Recorded on 12-11-11 Mitch_YBS on USTREAM. Radio.website
[2011.06.03 10:04:49 | 000,010,240 | ---- | C] () -- C:\Windows\System32\drivers\mdvrmng.sys
[2010.11.18 15:42:34 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010.11.05 16:05:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010.08.25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.08.16 18:48:32 | 000,009,728 | -H-- | C] () -- C:\Users\Jo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.27 14:10:54 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010.03.27 13:57:33 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010.03.27 13:57:32 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2010.03.27 13:54:02 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
 
========== Files - Unicode (All) ==========
[2012.03.10 14:12:57 | 000,000,618 | -H-- | M] ()(C:\Users\Jo\Desktop\? Slow Jams Pt.2.mp3 (full) by K'Ress.website) -- C:\Users\Jo\Desktop\▶ Slow Jams Pt.2.mp3 (full) by K'Ress.website
[2012.02.17 19:24:19 | 000,000,618 | -H-- | C] ()(C:\Users\Jo\Desktop\? Slow Jams Pt.2.mp3 (full) by K'Ress.website) -- C:\Users\Jo\Desktop\▶ Slow Jams Pt.2.mp3 (full) by K'Ress.website
 
< End of report >
         
--- --- ---

--- --- ---


OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 21.03.2012 15:06:45 - Run 2
OTL by OldTimer - Version 3.2.39.1     Folder = C:\Users\Jo\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,97 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 58,20% Memory free
3,93 Gb Paging File | 2,85 Gb Available in Paging File | 72,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218,20 Gb Total Space | 130,64 Gb Free Space | 59,87% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP | User Name: Jo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 29
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54F5197C-9A19-4BCF-98A1-514C5A832D84}" = Dell Backup and Recovery Manager
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D71174A-31A3-4523-8A52-8602B6099AC2}" = ITCH
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A621B45A-D138-4A95-BE10-7CABA05EF94E}" = Trend Micro Internet Security
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Dell Webcam Central" = Dell Webcam Central
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"FileZilla Client" = FileZilla Client 3.2.7.1
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.9
"Google Chrome" = Google Chrome
"GridinSoft Trojan Killer" = Trojan Killer
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Notepad++" = Notepad++
"Opera 11.61.1250" = Opera 11.61
"TVWiz" = Intel(R) TV Wizard
"Veetle TV" = Veetle TV 0.9.18
"Visual Slideshow" = Visual Slideshow
"VLC media player" = VLC media player 1.0.5
"vShare" = vShare Plugin
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"ZTE_1.2059.0.8" = ZTE_1.2059.0.8
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.05.2011 07:30:17 | Computer Name = Laptop | Source = EventSystem | ID = 4622
Description = 
 
Error - 15.05.2011 20:46:16 | Computer Name = Laptop | Source = EventSystem | ID = 4621
Description = 
 
Error - 16.05.2011 13:16:23 | Computer Name = Laptop | Source = EventSystem | ID = 4622
Description = 
 
Error - 17.05.2011 05:41:42 | Computer Name = Laptop | Source = EventSystem | ID = 4622
Description = 
 
Error - 17.05.2011 08:44:23 | Computer Name = Laptop | Source = EventSystem | ID = 4622
Description = 
 
Error - 17.05.2011 11:10:48 | Computer Name = Laptop | Source = EventSystem | ID = 4621
Description = 
 
Error - 17.05.2011 12:02:31 | Computer Name = Laptop | Source = EventSystem | ID = 4621
Description = 
 
Error - 17.05.2011 14:14:14 | Computer Name = Laptop | Source = EventSystem | ID = 4622
Description = 
 
Error - 18.05.2011 11:34:10 | Computer Name = Laptop | Source = EventSystem | ID = 4622
Description = 
 
Error - 18.05.2011 15:30:07 | Computer Name = Laptop | Source = EventSystem | ID = 4622
Description = 
 
[ Media Center Events ]
Error - 24.04.2011 07:46:45 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 13:46:45 - Fehler beim Herstellen der Internetverbindung.  13:46:45 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.04.2011 07:46:56 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 13:46:50 - Fehler beim Herstellen der Internetverbindung.  13:46:50 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 13.05.2011 06:42:59 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 12:42:59 - Fehler beim Herstellen der Internetverbindung.  12:42:59 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 13.05.2011 06:43:11 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 12:43:04 - Fehler beim Herstellen der Internetverbindung.  12:43:04 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 13.05.2011 07:46:16 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 13:46:16 - Fehler beim Herstellen der Internetverbindung.  13:46:16 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 13.05.2011 07:46:23 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 13:46:21 - Fehler beim Herstellen der Internetverbindung.  13:46:21 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 26.10.2011 07:02:03 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 13:02:03 - Fehler beim Herstellen der Internetverbindung.  13:02:03 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 26.10.2011 07:02:16 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 13:02:08 - Fehler beim Herstellen der Internetverbindung.  13:02:08 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 20.03.2012 10:51:21 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 20.03.2012 10:51:29 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 20.03.2012 10:51:29 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 20.03.2012 10:51:29 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 20.03.2012 10:52:56 | Computer Name = Laptop | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%1.
 
Error - 20.03.2012 10:52:59 | Computer Name = Laptop | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Server" wurde mit folgendem Fehler beendet:   %%1062
 
Error - 20.03.2012 11:12:26 | Computer Name = Laptop | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%1.
 
Error - 20.03.2012 13:27:57 | Computer Name = Laptop | Source = DCOM | ID = 10010
Description = 
 
Error - 20.03.2012 13:29:23 | Computer Name = Laptop | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%1.
 
Error - 21.03.2012 09:09:10 | Computer Name = Laptop | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%1.
 
 
< End of report >
         
--- --- ---

Alt 21.03.2012, 17:58   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
System Check Virus + Gema Trojaner eingefangen... - Standard

System Check Virus + Gema Trojaner eingefangen...



Zitat:
..ich habe die Malwarebytes Software gestern durchlaufen lassen und sage und schreibe 21 Viren entfernt..
Du bist auch so einer der die Logs von Malwarebytes nicht postet!
Ohne die Logs von Malwarebytes und Co wird das hier nichts.
Alles von Malwarebytes (und evtl. anderen Scannern) muss hier gepostet werden.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 21.03.2012, 18:16   #3
jowizzzal
 
System Check Virus + Gema Trojaner eingefangen... - Standard

System Check Virus + Gema Trojaner eingefangen...



hi arne,

herzlichen dank für deine antwort

Hier sind noch meine Malwarebytes Logs:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.20.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Jo :: LAPTOP [Administrator]

Schutz: Aktiviert

20.03.2012 16:44:32
mbam-log-2012-03-20 (16-44-32).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 304181
Laufzeit: 1 Stunde(n), 15 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 4
HKCR\CLSID\{975670D0-7EFB-4fa8-90FA-3AE575B9FB77} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{975670D0-7EFB-4FA8-90FA-3AE575B9FB77} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{975670D0-7EFB-4FA8-90FA-3AE575B9FB77} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{975670D0-7EFB-4FA8-90FA-3AE575B9FB77} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|QkMNyhGuJTxqPg.exe (Rogue.FakeHDD) -> Daten: C:\ProgramData\QkMNyhGuJTxqPg.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Backdoor.Agent) -> Daten: C:\Users\Jo\AppData\Roaming\appconf32.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|gema. (Trojan.Ransom.ICL) -> Daten: C:\ProgramData\gema\gema.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|gema (Trojan.Ransom.ICL) -> Daten: C:\Users\Jo\AppData\Roaming\gema\gema.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|gema (Trojan.Ransom) -> Daten: C:\Windows\system32\gema.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 10
C:\ProgramData\QkMNyhGuJTxqPg.exe (Rogue.FakeHDD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jo\AppData\Roaming\AcroIEHelpe089.dll (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\bWNUBzRXeGIbSm.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jo\AppData\Local\Temp\7Y1v0zdoTtZ9mU.exe.tmp (Rogue.FakeHDD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jo\AppData\Local\Temp\E50C.tmp (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jo\AppData\Local\Temp\unregmp2.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jo\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Löschen bei Neustart.
C:\ProgramData\gema\gema.exe (Trojan.Ransom.ICL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jo\AppData\Roaming\gema\gema.exe (Trojan.Ransom.ICL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\gema.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Wie kann ich weiter gegen den abfuck vorgehen?

Mein laptop läuft soweit im abgesicherten Modus mit Netzbetrieb..
__________________

Alt 21.03.2012, 18:24   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
System Check Virus + Gema Trojaner eingefangen... - Standard

System Check Virus + Gema Trojaner eingefangen...



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.03.2012, 19:37   #5
jowizzzal
 
System Check Virus + Gema Trojaner eingefangen... - Standard

System Check Virus + Gema Trojaner eingefangen...



Ich konnte leider den Inet Explorer nicht als allg. Administrator ausführen.

Code:
ATTFilter
C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe	a variant of Win32/1AntiVirus application
C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000003	a variant of Win32/1AntiVirus application
C:\Users\Jo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\766dec4c-376321fc	Java/Exploit.CVE-2011-3544.T trojan
C:\Users\Jo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\6db7628d-617483b2	Java/Agent.EA trojan
C:\Users\Jo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\698f8e56-16b5e36a	Java/TrojanDownloader.OpenStream.NCO trojan
C:\Users\Jo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\e8bb03b-279364fa	multiple threats
C:\Users\Jo\AppData\Roaming\BAcroIEHelpe089.dll	Win32/Spy.Agent.NYS trojan
C:\Users\Jo\Downloads\gtk2119-setup.exe	a variant of Win32/1AntiVirus application
         
8 Funde sind es insgesamt


Alt 22.03.2012, 11:34   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
System Check Virus + Gema Trojaner eingefangen... - Standard

System Check Virus + Gema Trojaner eingefangen...



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> System Check Virus + Gema Trojaner eingefangen...

Alt 22.03.2012, 13:09   #7
jowizzzal
 
System Check Virus + Gema Trojaner eingefangen... - Standard

System Check Virus + Gema Trojaner eingefangen...



Code:
ATTFilter
OTL logfile created on: 22.03.2012 12:54:31 - Run 4
OTL by OldTimer - Version 3.2.39.1     Folder = C:\Users\Jo\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,97 Gb Total Physical Memory | 1,61 Gb Available Physical Memory | 81,98% Memory free
3,93 Gb Paging File | 3,60 Gb Available in Paging File | 91,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218,20 Gb Total Space | 130,55 Gb Free Space | 59,83% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP | User Name: Jo | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jo\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (BecHelperService) -- C:\Programme\3 Mobile Broadband\3Connect\BecHelperService.exe ()
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (MySQL) -- C:\xammp\xampp\mysql\bin\mysqld.exe (MySQL AB)
SRV - (Apache2.2) -- C:\xammp\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (tmproxy) -- c:\Programme\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV - (TMBMServer) -- c:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV - (TmPfw) -- c:\Programme\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
SRV - (SfCtlCom) -- c:\Programme\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV - (TOSHIBA Bluetooth Service) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (TrojanKillerDriver) -- C:\Windows\System32\drivers\gtkdrv.sys (Windows (R) Win 7 DDK provider)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mdvrmng) -- C:\Windows\System32\drivers\mdvrmng.sys ()
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (tmxpflt) -- C:\Windows\System32\drivers\tmxpflt.sys (Trend Micro Inc.)
DRV - (tmpreflt) -- C:\Windows\System32\drivers\tmpreflt.sys (Trend Micro Inc.)
DRV - (vsapint) -- C:\Windows\System32\drivers\vsapint.sys (Trend Micro Inc.)
DRV - (tmwfp) -- C:\Windows\System32\drivers\tmwfp.sys (Trend Micro Inc.)
DRV - (tmcomm) -- C:\Windows\System32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (tmlwf) -- C:\Windows\System32\drivers\tmlwf.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\Windows\System32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (tmactmon) -- C:\Windows\System32\drivers\tmactmon.sys (Trend Micro Inc.)
DRV - (tmevtmgr) -- C:\Windows\System32\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (rixdpcie) -- C:\Windows\System32\drivers\rixdpe86.sys (REDC)
DRV - (rimspci) -- C:\Windows\System32\drivers\rimspe86.sys (REDC)
DRV - (risdpcie) -- C:\Windows\System32\drivers\risdpe86.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (CtClsFlt) -- C:\Windows\System32\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV - (CtAudDrv) -- C:\Windows\System32\drivers\CtAudDrv.sys (Creative Technology Ltd.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (nmwcd) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {4031213B-2279-418F-81C5-A2F5CE04EF46}
IE - HKLM\..\SearchScopes\{4031213B-2279-418F-81C5-A2F5CE04EF46}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes,DefaultScope = {4031213B-2279-418F-81C5-A2F5CE04EF46}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{2781380E-042A-48DC-ADCD-24554EC175A9}: "URL" = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{3C74D455-EA77-4868-AFC2-FA8D4DE18714}: "URL" = hxxp://go.web.de/tb/ie_lastminute_sp/?searchText={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{79817182-B2D0-41A4-AF82-743AE2044FD5}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{A335781F-692C-42E6-ADB2-1292F66B8D62}: "URL" = hxxp://go.web.de/tb2/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{CF27C2CB-2BE3-4295-BEA2-D6BB073DD605}: "URL" = hxxp://go.web.de/tb/ie_ebay_sp/?su={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{E5E01A93-5788-418C-ABD4-A269D2DC0631}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{F6F847D7-BB45-4F75-A366-F6183FA44994}: "URL" = hxxp://go.web.de/tb/ie_amazon_sp/?field-keywords={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\
CHR - Extension: Google Mail = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UfSeAgnt.exe] c:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4CA6CC16-C409-41D1-989C-CB04DD2106EB}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B00989C-9452-44BD-B6B9-D5D8BF77283C}: NameServer = 217.171.135.1 217.171.132.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\S-1-5-21-8570042-888220694-3765887851-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b1bb0327-8dbf-11e0-9a75-b8ac6f5d75af}\Shell - "" = AutoRun
O33 - MountPoints2\{b1bb0327-8dbf-11e0-9a75-b8ac6f5d75af}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.20 16:43:29 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\Malwarebytes
[2012.03.20 16:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.20 16:43:19 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.20 16:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.20 16:43:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.20 16:19:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012.03.20 16:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2012.03.19 23:42:09 | 000,000,000 | -H-D | C] -- C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.03.19 23:34:46 | 000,000,000 | -H-D | C] -- C:\Users\Jo\Desktop\Saukrates-The_Underground_Tapes_Volume_2-Limited_Edition-EP-1999-FTD
[2012.03.19 23:16:41 | 000,000,000 | -H-D | C] -- C:\Users\Jo\Desktop\Saukrates - The Underground Tapes (1999)
[2012.03.18 18:23:54 | 000,000,000 | -H-D | C] -- C:\Users\Jo\AppData\Roaming\UAs
[2012.03.18 13:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.03.18 13:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.03.18 13:36:30 | 000,000,000 | -H-D | C] -- C:\Users\Jo\AppData\Local\Google
[2012.03.18 13:36:30 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012.03.18 13:35:09 | 003,628,016 | -H-- | C] (Piriform Ltd) -- C:\Users\Jo\Desktop\ccsetup316.exe
[2012.03.17 21:12:41 | 000,000,000 | -H-D | C] -- C:\Users\Jo\AppData\Roaming\xmldm
[2012.03.17 21:12:40 | 000,000,000 | -H-D | C] -- C:\Users\Jo\AppData\Roaming\kock
[2012.03.15 03:36:57 | 000,000,000 | -H-D | C] -- C:\Users\Jo\AppData\Roaming\gema
[2012.03.15 03:36:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\gema
[2012.03.10 21:34:49 | 000,000,000 | -H-D | C] -- C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\vGrabber
[2012.03.10 21:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\v-Grabber
[1 C:\Users\Jo\AppData\Roaming\*.tmp files -> C:\Users\Jo\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.22 12:42:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.22 12:42:41 | 1582,583,808 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.22 12:41:23 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.21 18:29:55 | 000,000,089 | ---- | M] () -- C:\Users\Jo\Desktop\esetsmartinstaller_enu.exe.url
[2012.03.21 18:28:36 | 000,000,067 | ---- | M] () -- C:\Users\Jo\Desktop\ESET Online Scanner.url
[2012.03.21 14:47:01 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.21 14:16:19 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.21 14:16:19 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.20 21:27:31 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.20 21:27:31 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.20 21:27:31 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.20 21:27:31 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.20 16:43:20 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.20 16:19:23 | 000,001,095 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.03.19 23:43:51 | 000,000,456 | -H-- | M] () -- C:\ProgramData\bWNUBzRXeGIbSm
[2012.03.19 23:42:10 | 000,000,264 | -H-- | M] () -- C:\ProgramData\~bWNUBzRXeGIbSm
[2012.03.19 23:42:10 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~bWNUBzRXeGIbSmr
[2012.03.19 23:42:09 | 000,000,655 | -H-- | M] () -- C:\Users\Jo\Desktop\System Check.lnk
[2012.03.19 23:27:07 | 041,363,404 | -H-- | M] () -- C:\Users\Jo\Desktop\Saukrates-The_Underground_Tapes_Volume_2-Limited_Edition-EP-1999-FTD.zip
[2012.03.19 22:06:28 | 152,825,420 | -H-- | M] () -- C:\Users\Jo\Desktop\TONY MATTERHORN B-DAY PARTY (PART 2) (MARCH 17th 2012) (MIAMI) CODE RED, INNOCENT, TONY MATTERHORN.mp3
[2012.03.19 16:06:48 | 000,005,624 | -H-- | M] () -- C:\Users\Jo\AppData\Roaming\BAcroIEHelpe089.dll
[2012.03.18 16:12:04 | 142,114,730 | -H-- | M] () -- C:\Users\Jo\Desktop\PLAYMAKER MEETS LUV INJECTION.zip
[2012.03.18 14:40:49 | 000,016,081 | -HS- | M] () -- C:\Users\Jo\Desktop\Folder.jpg
[2012.03.18 14:40:49 | 000,004,877 | -HS- | M] () -- C:\Users\Jo\Desktop\AlbumArtSmall.jpg
[2012.03.18 13:35:15 | 003,628,016 | -H-- | M] (Piriform Ltd) -- C:\Users\Jo\Desktop\ccsetup316.exe
[2012.03.15 15:35:05 | 067,033,172 | -H-- | M] () -- C:\Users\Jo\Desktop\Runnsound Remembers Gregory Isaacs - Cool Ruler Audiomentary-17 Tracks Dubplate Tribute.mp3
[2012.03.15 03:21:29 | 000,265,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.14 03:30:38 | 000,000,444 | -H-- | M] () -- C:\Users\Jo\Desktop\Breanne Benson Videos (242)  4tube.website
[2012.03.13 14:17:26 | 003,457,036 | -H-- | M] () -- C:\Users\Jo\Desktop\template9.zip
[2012.03.05 17:40:52 | 000,000,028 | -HS- | M] () -- C:\Users\Jo\Desktop\AlbumArt_{F2586D5B-53ED-46D6-9CFF-70BFE5EB3DA7}_Small.jpg
[2012.03.05 17:40:52 | 000,000,028 | -HS- | M] () -- C:\Users\Jo\Desktop\AlbumArt_{F2586D5B-53ED-46D6-9CFF-70BFE5EB3DA7}_Large.jpg
[2012.02.25 13:22:09 | 000,000,477 | -H-- | M] () -- C:\Users\Jo\Desktop\Download Solid Selection.rar from Sendspace.com - send big files the easy way.website
[2012.02.23 22:09:44 | 000,000,463 | -H-- | M] () -- C:\Users\Jo\Desktop\Supersonic, Recorded on 12-11-11 Mitch_YBS on USTREAM. Radio.website
[1 C:\Users\Jo\AppData\Roaming\*.tmp files -> C:\Users\Jo\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.21 18:29:11 | 000,000,089 | ---- | C] () -- C:\Users\Jo\Desktop\esetsmartinstaller_enu.exe.url
[2012.03.21 18:28:36 | 000,000,067 | ---- | C] () -- C:\Users\Jo\Desktop\ESET Online Scanner.url
[2012.03.20 16:43:20 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.20 16:19:23 | 000,001,095 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.03.19 23:42:10 | 000,000,264 | -H-- | C] () -- C:\ProgramData\~bWNUBzRXeGIbSm
[2012.03.19 23:42:10 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~bWNUBzRXeGIbSmr
[2012.03.19 23:42:09 | 000,000,655 | -H-- | C] () -- C:\Users\Jo\Desktop\System Check.lnk
[2012.03.19 23:42:05 | 000,000,456 | -H-- | C] () -- C:\ProgramData\bWNUBzRXeGIbSm
[2012.03.19 23:23:49 | 041,363,404 | -H-- | C] () -- C:\Users\Jo\Desktop\Saukrates-The_Underground_Tapes_Volume_2-Limited_Edition-EP-1999-FTD.zip
[2012.03.19 21:54:37 | 152,825,420 | -H-- | C] () -- C:\Users\Jo\Desktop\TONY MATTERHORN B-DAY PARTY (PART 2) (MARCH 17th 2012) (MIAMI) CODE RED, INNOCENT, TONY MATTERHORN.mp3
[2012.03.19 16:06:48 | 000,005,624 | -H-- | C] () -- C:\Users\Jo\AppData\Roaming\BAcroIEHelpe089.dll
[2012.03.18 16:01:09 | 142,114,730 | -H-- | C] () -- C:\Users\Jo\Desktop\PLAYMAKER MEETS LUV INJECTION.zip
[2012.03.18 13:36:35 | 000,001,090 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.18 13:36:34 | 000,001,086 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.15 15:28:50 | 067,033,172 | -H-- | C] () -- C:\Users\Jo\Desktop\Runnsound Remembers Gregory Isaacs - Cool Ruler Audiomentary-17 Tracks Dubplate Tribute.mp3
[2012.03.13 14:17:20 | 003,457,036 | -H-- | C] () -- C:\Users\Jo\Desktop\template9.zip
[2012.03.05 17:40:52 | 000,000,028 | -HS- | C] () -- C:\Users\Jo\Desktop\AlbumArt_{F2586D5B-53ED-46D6-9CFF-70BFE5EB3DA7}_Small.jpg
[2012.03.05 17:40:52 | 000,000,028 | -HS- | C] () -- C:\Users\Jo\Desktop\AlbumArt_{F2586D5B-53ED-46D6-9CFF-70BFE5EB3DA7}_Large.jpg
[2012.02.24 00:54:54 | 000,000,477 | -H-- | C] () -- C:\Users\Jo\Desktop\Download Solid Selection.rar from Sendspace.com - send big files the easy way.website
[2011.06.03 10:04:49 | 000,010,240 | ---- | C] () -- C:\Windows\System32\drivers\mdvrmng.sys
[2010.11.18 15:42:34 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010.11.05 16:05:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010.08.25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.08.16 18:48:32 | 000,009,728 | -H-- | C] () -- C:\Users\Jo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.27 14:10:54 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010.03.27 13:57:33 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010.03.27 13:57:32 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2010.03.27 13:54:02 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
 
========== LOP Check ==========
 
[2012.01.22 17:57:45 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\1&1 Mail & Media GmbH
[2011.06.03 10:15:03 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\Birdstep Technology
[2012.03.18 13:47:35 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\FileZilla
[2010.11.18 15:42:35 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\FreeAudioPack
[2012.03.20 18:26:43 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\gema
[2011.10.12 14:00:09 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\IrfanView
[2012.03.17 21:12:40 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\kock
[2010.09.09 20:12:04 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\Notepad++
[2010.05.26 11:50:34 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\Opera
[2012.03.18 20:11:48 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\UAs
[2010.11.15 10:50:26 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\Windows Live Writer
[2012.03.18 20:12:25 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\xmldm
[2012.03.01 12:08:16 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.01.22 17:57:45 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\1&1 Mail & Media GmbH
[2010.06.13 09:56:45 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\Adobe
[2012.02.07 15:45:38 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\Apple Computer
[2011.06.03 10:15:03 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\Birdstep Technology
[2010.08.15 19:04:37 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\Creative
[2010.05.23 13:29:37 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\CyberLink
[2012.01.16 23:05:39 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\dvdcss
[2012.03.18 13:47:35 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\FileZilla
[2010.11.18 15:42:35 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\FreeAudioPack
[2012.03.20 18:26:43 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\gema
[2010.05.11 08:45:15 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\Identities
[2010.06.26 13:55:59 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\InstallShield
[2011.10.12 14:00:09 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\IrfanView
[2012.03.17 21:12:40 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\kock
[2010.05.19 08:21:41 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\Macromedia
[2012.03.20 16:43:29 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Malwarebytes
[2009.07.14 09:56:41 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\Media Center Programs
[2010.10.28 20:58:52 | 000,000,000 | --SD | M] -- C:\Users\Jo\AppData\Roaming\Microsoft
[2010.09.09 20:12:04 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\Notepad++
[2010.05.26 11:50:34 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\Opera
[2010.08.15 19:55:01 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\Reallusion
[2012.03.18 13:47:35 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\Skype
[2012.01.13 16:08:35 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\skypePM
[2010.06.26 14:08:17 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\Sony Corporation
[2012.03.18 20:11:48 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\UAs
[2012.02.10 16:42:38 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\vlc
[2010.11.15 10:50:26 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\Windows Live Writer
[2010.05.23 12:07:04 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\WinRAR
[2012.03.18 20:12:25 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\xmldm
 
< %APPDATA%\*.exe /s >
[2010.06.26 13:57:07 | 000,010,134 | RH-- | M] () -- C:\Users\Jo\AppData\Roaming\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe
[2012.02.08 17:51:47 | 000,010,134 | RH-- | M] () -- C:\Users\Jo\AppData\Roaming\Microsoft\Installer\{8D71174A-31A3-4523-8A52-8602B6099AC2}\ARPPRODUCTICON.exe
[2012.02.08 17:51:47 | 000,065,536 | RH-- | M] (InstallShield Software Corp.) -- C:\Users\Jo\AppData\Roaming\Microsoft\Installer\{8D71174A-31A3-4523-8A52-8602B6099AC2}\ItchShortcut_3AACE619E70942C5B73003B60EB9E2F1.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_dda2ecda9bf2e50d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2009.12.19 23:00:00 | 000,037,520 | -H-- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xammp\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Files - Unicode (All) ==========
[2012.03.10 14:12:57 | 000,000,618 | -H-- | M] ()(C:\Users\Jo\Desktop\? Slow Jams Pt.2.mp3 (full) by K'Ress.website) -- C:\Users\Jo\Desktop\▶ Slow Jams Pt.2.mp3 (full) by K'Ress.website
[2012.02.17 19:24:19 | 000,000,618 | -H-- | C] ()(C:\Users\Jo\Desktop\? Slow Jams Pt.2.mp3 (full) by K'Ress.website) -- C:\Users\Jo\Desktop\▶ Slow Jams Pt.2.mp3 (full) by K'Ress.website

< End of report >
         

Alt 22.03.2012, 15:06   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
System Check Virus + Gema Trojaner eingefangen... - Standard

System Check Virus + Gema Trojaner eingefangen...



Geht der normale Modus noch nicht?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 22.03.2012, 15:43   #9
jowizzzal
 
System Check Virus + Gema Trojaner eingefangen... - Standard

System Check Virus + Gema Trojaner eingefangen...



Leider keine Veränderung! Der Computer läuft, aber leider sind meine ganzen Dateien versteckt.

Alt 22.03.2012, 16:02   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
System Check Virus + Gema Trojaner eingefangen... - Standard

System Check Virus + Gema Trojaner eingefangen...



So weit sind wir ja auch noch nicht! Die Frage war ob der normale Modus wieder startet ohne GEMA!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 22.03.2012, 16:37   #11
jowizzzal
 
System Check Virus + Gema Trojaner eingefangen... - Standard

System Check Virus + Gema Trojaner eingefangen...



Um Deine Frage zu beantworten, das Gema Fenster ist weg! Allerdings ist es bei meinem speziellen Fall so, dass ich das Fenster umgehen konnte. Allerdings seit ich den "System Check Virus" habe, ist das Gema Fenster sowieso weg, deshalb meine Antwort: keine besonderen Veränderungen seit dem Malwarebytes scan.

Alt 23.03.2012, 20:31   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
System Check Virus + Gema Trojaner eingefangen... - Standard

System Check Virus + Gema Trojaner eingefangen...



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 23.03.2012, 22:03   #13
jowizzzal
 
System Check Virus + Gema Trojaner eingefangen... - Ausrufezeichen

System Check Virus + Gema Trojaner eingefangen...



Hallo cosinus

ich habe mitlerweile hier im forum ein bisschen weiter recherchiert und bin auf "unhide" gestoßen. Jetzt ist mein Laptop wieder voll hergestellt (zumindest macht es den Anschein)...

Ein drittes OTL log wie von Dir o.g. kann ich machen.

Bitte geb mir bescheid was ich als nächstes machen soll

Alt 24.03.2012, 18:08   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
System Check Virus + Gema Trojaner eingefangen... - Standard

System Check Virus + Gema Trojaner eingefangen...



Von "voll hergestellt" kann man nun nicht gerade reden nur weil die Dateien wieder angezeigt werden!
Mach bitte endlich das neue OTL-Log, ist ja schön, dass du in anderen Strängen hier auch rein schaust aber ich hab den Eindruck das lenkt immer zu viel ab
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 24.03.2012, 18:31   #15
jowizzzal
 
System Check Virus + Gema Trojaner eingefangen... - Standard

System Check Virus + Gema Trojaner eingefangen...



hi,

hier mein aktueller OTL Log...


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 24.03.2012 18:12:08 - Run 5
OTL by OldTimer - Version 3.2.39.1     Folder = C:\Users\Jo\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,97 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 68,37% Memory free
3,93 Gb Paging File | 2,82 Gb Available in Paging File | 71,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218,20 Gb Total Space | 130,03 Gb Free Space | 59,59% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP | User Name: Jo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jo\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\3 Mobile Broadband\3Connect\BecHelperService.exe ()
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\xammp\xampp\mysql\bin\mysqld.exe (MySQL AB)
PRC - C:\xammp\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
PRC - c:\Programme\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
PRC - c:\Programme\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosHdpProc.exe (TOSHIBA CORPORATION.)
PRC - c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
PRC - C:\Programme\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE ()
PRC - C:\Programme\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE (Dell Inc.)
PRC - c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll ()
MOD - C:\Programme\Dell Webcam\Dell Webcam Central\FTrack.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (BecHelperService) -- C:\Programme\3 Mobile Broadband\3Connect\BecHelperService.exe ()
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (MySQL) -- C:\xammp\xampp\mysql\bin\mysqld.exe (MySQL AB)
SRV - (Apache2.2) -- C:\xammp\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (tmproxy) -- c:\Programme\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV - (TMBMServer) -- c:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV - (TmPfw) -- c:\Programme\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
SRV - (SfCtlCom) -- c:\Programme\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV - (TOSHIBA Bluetooth Service) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (TrojanKillerDriver) -- C:\Windows\System32\drivers\gtkdrv.sys (Windows (R) Win 7 DDK provider)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mdvrmng) -- C:\Windows\System32\drivers\mdvrmng.sys ()
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (tmxpflt) -- C:\Windows\System32\drivers\tmxpflt.sys (Trend Micro Inc.)
DRV - (tmpreflt) -- C:\Windows\System32\drivers\tmpreflt.sys (Trend Micro Inc.)
DRV - (vsapint) -- C:\Windows\System32\drivers\vsapint.sys (Trend Micro Inc.)
DRV - (tmwfp) -- C:\Windows\System32\drivers\tmwfp.sys (Trend Micro Inc.)
DRV - (tmcomm) -- C:\Windows\System32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (tmlwf) -- C:\Windows\System32\drivers\tmlwf.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\Windows\System32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (tmactmon) -- C:\Windows\System32\drivers\tmactmon.sys (Trend Micro Inc.)
DRV - (tmevtmgr) -- C:\Windows\System32\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (rixdpcie) -- C:\Windows\System32\drivers\rixdpe86.sys (REDC)
DRV - (rimspci) -- C:\Windows\System32\drivers\rimspe86.sys (REDC)
DRV - (risdpcie) -- C:\Windows\System32\drivers\risdpe86.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (CtClsFlt) -- C:\Windows\System32\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV - (CtAudDrv) -- C:\Windows\System32\drivers\CtAudDrv.sys (Creative Technology Ltd.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (nmwcd) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {4031213B-2279-418F-81C5-A2F5CE04EF46}
IE - HKLM\..\SearchScopes\{4031213B-2279-418F-81C5-A2F5CE04EF46}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes,DefaultScope = {4031213B-2279-418F-81C5-A2F5CE04EF46}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{2781380E-042A-48DC-ADCD-24554EC175A9}: "URL" = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{3C74D455-EA77-4868-AFC2-FA8D4DE18714}: "URL" = hxxp://go.web.de/tb/ie_lastminute_sp/?searchText={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{79817182-B2D0-41A4-AF82-743AE2044FD5}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{A335781F-692C-42E6-ADB2-1292F66B8D62}: "URL" = hxxp://go.web.de/tb2/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{CF27C2CB-2BE3-4295-BEA2-D6BB073DD605}: "URL" = hxxp://go.web.de/tb/ie_ebay_sp/?su={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{E5E01A93-5788-418C-ABD4-A269D2DC0631}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{F6F847D7-BB45-4F75-A366-F6183FA44994}: "URL" = hxxp://go.web.de/tb/ie_amazon_sp/?field-keywords={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\
CHR - Extension: Google Mail = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UfSeAgnt.exe] c:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.18.0.5 212.18.3.5 192.168.77.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4CA6CC16-C409-41D1-989C-CB04DD2106EB}: DhcpNameServer = 212.18.0.5 212.18.3.5 192.168.77.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B00989C-9452-44BD-B6B9-D5D8BF77283C}: NameServer = 217.171.135.1 217.171.132.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\S-1-5-21-8570042-888220694-3765887851-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b1bb0327-8dbf-11e0-9a75-b8ac6f5d75af}\Shell - "" = AutoRun
O33 - MountPoints2\{b1bb0327-8dbf-11e0-9a75-b8ac6f5d75af}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.20 16:43:29 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\Malwarebytes
[2012.03.20 16:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.20 16:43:19 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.20 16:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.20 16:43:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.20 16:19:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012.03.20 16:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2012.03.19 23:42:09 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.03.19 23:16:41 | 000,000,000 | ---D | C] -- C:\Users\Jo\Desktop\Saukrates - The Underground Tapes (1999)
[2012.03.18 18:23:54 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\UAs
[2012.03.18 13:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.03.18 13:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.03.18 13:36:30 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\Google
[2012.03.18 13:36:30 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012.03.18 13:35:09 | 003,628,016 | ---- | C] (Piriform Ltd) -- C:\Users\Jo\Desktop\ccsetup316.exe
[2012.03.17 21:12:41 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\xmldm
[2012.03.17 21:12:40 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\kock
[2012.03.15 03:36:57 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\gema
[2012.03.15 03:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\gema
[2012.03.10 21:34:49 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\vGrabber
[2012.03.10 21:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\v-Grabber
[1 C:\Users\Jo\AppData\Roaming\*.tmp files -> C:\Users\Jo\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.24 18:11:59 | 000,000,618 | ---- | M] () -- C:\Users\Jo\Desktop\Die Ordnungszahl 681 wurde in der DLL iertutil.dll nicht gefunden. Windows XP Forum.website
[2012.03.24 17:59:57 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.24 17:59:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.24 13:29:36 | 000,014,240 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.24 13:29:36 | 000,014,240 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.24 13:22:29 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.24 13:22:00 | 1582,583,808 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.23 20:36:25 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.23 20:36:25 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.23 20:36:25 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.23 20:36:25 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.21 18:29:55 | 000,000,089 | ---- | M] () -- C:\Users\Jo\Desktop\esetsmartinstaller_enu.exe.url
[2012.03.21 18:28:36 | 000,000,067 | ---- | M] () -- C:\Users\Jo\Desktop\ESET Online Scanner.url
[2012.03.20 16:43:20 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.20 16:19:23 | 000,001,095 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.03.19 23:43:51 | 000,000,456 | ---- | M] () -- C:\ProgramData\bWNUBzRXeGIbSm
[2012.03.19 23:42:10 | 000,000,264 | ---- | M] () -- C:\ProgramData\~bWNUBzRXeGIbSm
[2012.03.19 23:42:10 | 000,000,176 | ---- | M] () -- C:\ProgramData\~bWNUBzRXeGIbSmr
[2012.03.19 22:06:28 | 152,825,420 | ---- | M] () -- C:\Users\Jo\Desktop\TONY MATTERHORN B-DAY PARTY (PART 2) (MARCH 17th 2012) (MIAMI) CODE RED, INNOCENT, TONY MATTERHORN.mp3
[2012.03.19 16:06:48 | 000,005,624 | ---- | M] () -- C:\Users\Jo\AppData\Roaming\BAcroIEHelpe089.dll
[2012.03.18 16:12:04 | 142,114,730 | ---- | M] () -- C:\Users\Jo\Desktop\PLAYMAKER MEETS LUV INJECTION.zip
[2012.03.18 14:40:49 | 000,016,081 | -HS- | M] () -- C:\Users\Jo\Desktop\Folder.jpg
[2012.03.18 14:40:49 | 000,004,877 | -HS- | M] () -- C:\Users\Jo\Desktop\AlbumArtSmall.jpg
[2012.03.18 13:37:59 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.03.18 13:37:57 | 000,002,199 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.03.18 13:35:15 | 003,628,016 | ---- | M] (Piriform Ltd) -- C:\Users\Jo\Desktop\ccsetup316.exe
[2012.03.15 15:35:05 | 067,033,172 | ---- | M] () -- C:\Users\Jo\Desktop\Runnsound Remembers Gregory Isaacs - Cool Ruler Audiomentary-17 Tracks Dubplate Tribute.mp3
[2012.03.15 03:21:29 | 000,265,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.14 03:30:38 | 000,000,444 | ---- | M] () -- C:\Users\Jo\Desktop\Breanne Benson Videos (242)  4tube.website
[2012.03.08 10:34:11 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2012.03.05 17:40:52 | 000,000,028 | -HS- | M] () -- C:\Users\Jo\Desktop\AlbumArt_{F2586D5B-53ED-46D6-9CFF-70BFE5EB3DA7}_Small.jpg
[2012.03.05 17:40:52 | 000,000,028 | -HS- | M] () -- C:\Users\Jo\Desktop\AlbumArt_{F2586D5B-53ED-46D6-9CFF-70BFE5EB3DA7}_Large.jpg
[2012.02.25 13:22:09 | 000,000,477 | ---- | M] () -- C:\Users\Jo\Desktop\Download Solid Selection.rar from Sendspace.com - send big files the easy way.website
[2012.02.23 22:09:44 | 000,000,463 | ---- | M] () -- C:\Users\Jo\Desktop\Supersonic, Recorded on 12-11-11 Mitch_YBS on USTREAM. Radio.website
[1 C:\Users\Jo\AppData\Roaming\*.tmp files -> C:\Users\Jo\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.24 03:21:31 | 000,000,618 | ---- | C] () -- C:\Users\Jo\Desktop\Die Ordnungszahl 681 wurde in der DLL iertutil.dll nicht gefunden. Windows XP Forum.website
[2012.03.23 16:59:53 | 000,002,199 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.03.23 16:59:53 | 000,002,198 | ---- | C] () -- C:\Users\Public\Desktop\PMB.lnk
[2012.03.23 16:59:53 | 000,001,773 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2012.03.23 16:59:53 | 000,000,986 | ---- | C] () -- C:\Users\Public\Desktop\Visual Slideshow.lnk
[2012.03.23 16:59:52 | 000,002,482 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012.03.23 16:59:52 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012.03.23 16:59:52 | 000,001,438 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012.03.23 16:59:52 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012.03.23 16:59:52 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.03.23 16:59:52 | 000,001,322 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012.03.23 16:59:52 | 000,001,253 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012.03.23 16:59:52 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012.03.23 16:59:52 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012.03.23 16:59:52 | 000,000,963 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.03.23 16:59:51 | 000,002,022 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD DX.lnk
[2012.03.23 16:59:51 | 000,001,971 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hilfedokumentation von Dell.lnk
[2012.03.23 16:59:51 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.03.23 16:59:51 | 000,001,785 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012.03.23 16:59:51 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.03.23 16:59:51 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012.03.23 16:59:51 | 000,000,914 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[2012.03.23 16:59:50 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.03.23 16:59:50 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012.03.21 18:29:11 | 000,000,089 | ---- | C] () -- C:\Users\Jo\Desktop\esetsmartinstaller_enu.exe.url
[2012.03.21 18:28:36 | 000,000,067 | ---- | C] () -- C:\Users\Jo\Desktop\ESET Online Scanner.url
[2012.03.20 16:43:20 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.20 16:19:23 | 000,001,095 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.03.19 23:42:10 | 000,000,264 | ---- | C] () -- C:\ProgramData\~bWNUBzRXeGIbSm
[2012.03.19 23:42:10 | 000,000,176 | ---- | C] () -- C:\ProgramData\~bWNUBzRXeGIbSmr
[2012.03.19 23:42:05 | 000,000,456 | ---- | C] () -- C:\ProgramData\bWNUBzRXeGIbSm
[2012.03.19 21:54:37 | 152,825,420 | ---- | C] () -- C:\Users\Jo\Desktop\TONY MATTERHORN B-DAY PARTY (PART 2) (MARCH 17th 2012) (MIAMI) CODE RED, INNOCENT, TONY MATTERHORN.mp3
[2012.03.19 16:06:48 | 000,005,624 | ---- | C] () -- C:\Users\Jo\AppData\Roaming\BAcroIEHelpe089.dll
[2012.03.18 16:01:09 | 142,114,730 | ---- | C] () -- C:\Users\Jo\Desktop\PLAYMAKER MEETS LUV INJECTION.zip
[2012.03.18 13:36:35 | 000,001,090 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.18 13:36:34 | 000,001,086 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.15 15:28:50 | 067,033,172 | ---- | C] () -- C:\Users\Jo\Desktop\Runnsound Remembers Gregory Isaacs - Cool Ruler Audiomentary-17 Tracks Dubplate Tribute.mp3
[2012.03.05 17:40:52 | 000,000,028 | -HS- | C] () -- C:\Users\Jo\Desktop\AlbumArt_{F2586D5B-53ED-46D6-9CFF-70BFE5EB3DA7}_Small.jpg
[2012.03.05 17:40:52 | 000,000,028 | -HS- | C] () -- C:\Users\Jo\Desktop\AlbumArt_{F2586D5B-53ED-46D6-9CFF-70BFE5EB3DA7}_Large.jpg
[2012.02.24 00:54:54 | 000,000,477 | ---- | C] () -- C:\Users\Jo\Desktop\Download Solid Selection.rar from Sendspace.com - send big files the easy way.website
[2011.06.03 10:04:49 | 000,010,240 | ---- | C] () -- C:\Windows\System32\drivers\mdvrmng.sys
[2010.11.18 15:42:34 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010.11.05 16:05:09 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010.08.25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.08.16 18:48:32 | 000,009,728 | ---- | C] () -- C:\Users\Jo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.27 14:10:54 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010.03.27 13:57:33 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010.03.27 13:57:32 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2010.03.27 13:54:02 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
 
========== LOP Check ==========
 
[2012.01.22 17:57:45 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\1&1 Mail & Media GmbH
[2011.06.03 10:15:03 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Birdstep Technology
[2012.03.18 13:47:35 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\FileZilla
[2010.11.18 15:42:35 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\FreeAudioPack
[2012.03.20 18:26:43 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\gema
[2011.10.12 14:00:09 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\IrfanView
[2012.03.17 21:12:40 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\kock
[2010.09.09 20:12:04 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Notepad++
[2010.05.26 11:50:34 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Opera
[2012.03.18 20:11:48 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\UAs
[2010.11.15 10:50:26 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Windows Live Writer
[2012.03.18 20:12:25 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\xmldm
[2012.03.01 12:08:16 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.01.22 17:57:45 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\1&1 Mail & Media GmbH
[2010.06.13 09:56:45 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Adobe
[2012.02.07 15:45:38 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Apple Computer
[2011.06.03 10:15:03 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Birdstep Technology
[2010.08.15 19:04:37 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Creative
[2010.05.23 13:29:37 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\CyberLink
[2012.01.16 23:05:39 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\dvdcss
[2012.03.18 13:47:35 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\FileZilla
[2010.11.18 15:42:35 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\FreeAudioPack
[2012.03.20 18:26:43 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\gema
[2010.05.11 08:45:15 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Identities
[2010.06.26 13:55:59 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\InstallShield
[2011.10.12 14:00:09 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\IrfanView
[2012.03.17 21:12:40 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\kock
[2010.05.19 08:21:41 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Macromedia
[2012.03.20 16:43:29 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Malwarebytes
[2009.07.14 09:56:41 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Media Center Programs
[2010.10.28 20:58:52 | 000,000,000 | --SD | M] -- C:\Users\Jo\AppData\Roaming\Microsoft
[2010.09.09 20:12:04 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Notepad++
[2010.05.26 11:50:34 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Opera
[2010.08.15 19:55:01 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Reallusion
[2012.03.18 13:47:35 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Skype
[2012.01.13 16:08:35 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\skypePM
[2010.06.26 14:08:17 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Sony Corporation
[2012.03.18 20:11:48 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\UAs
[2012.02.10 16:42:38 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\vlc
[2010.11.15 10:50:26 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Windows Live Writer
[2010.05.23 12:07:04 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\WinRAR
[2012.03.18 20:12:25 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\xmldm
 
< %APPDATA%\*.exe /s >
[2010.06.26 13:57:07 | 000,010,134 | R--- | M] () -- C:\Users\Jo\AppData\Roaming\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe
[2012.02.08 17:51:47 | 000,010,134 | R--- | M] () -- C:\Users\Jo\AppData\Roaming\Microsoft\Installer\{8D71174A-31A3-4523-8A52-8602B6099AC2}\ARPPRODUCTICON.exe
[2012.02.08 17:51:47 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Jo\AppData\Roaming\Microsoft\Installer\{8D71174A-31A3-4523-8A52-8602B6099AC2}\ItchShortcut_3AACE619E70942C5B73003B60EB9E2F1.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_dda2ecda9bf2e50d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2009.12.19 23:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xammp\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Files - Unicode (All) ==========
[2012.03.10 14:12:57 | 000,000,618 | ---- | M] ()(C:\Users\Jo\Desktop\? Slow Jams Pt.2.mp3 (full) by K'Ress.website) -- C:\Users\Jo\Desktop\▶ Slow Jams Pt.2.mp3 (full) by K'Ress.website
[2012.02.17 19:24:19 | 000,000,618 | ---- | C] ()(C:\Users\Jo\Desktop\? Slow Jams Pt.2.mp3 (full) by K'Ress.website) -- C:\Users\Jo\Desktop\▶ Slow Jams Pt.2.mp3 (full) by K'Ress.website

< End of report >
         
--- --- ---

Antwort

Themen zu System Check Virus + Gema Trojaner eingefangen...
bacroiehelpe, ccsetup, check, dankbar, dateien, eingefangen, entfern, fenster, gefangen, gema trojaner, gestern, hallo zusammen, host.exe, install.exe, komplette, laptop, malwarebytes, mbamservice.exe, nichts, plug-in, searchscopes, security scan, sendspace.com, software, system, tagen, taskhost.exe, troja, trojaner, version=1.0, versteckt, viren, virus, virus eingefangen, woche, zusammen



Ähnliche Themen: System Check Virus + Gema Trojaner eingefangen...


  1. System Check Virus
    Log-Analyse und Auswertung - 06.04.2012 (27)
  2. System Check - Virus
    Plagegeister aller Art und deren Bekämpfung - 03.04.2012 (37)
  3. "System-Check Virus" eingefangen, MAM schon durchgführt, wie gehts weiter?
    Log-Analyse und Auswertung - 27.03.2012 (34)
  4. System check Virus
    Plagegeister aller Art und deren Bekämpfung - 24.03.2012 (1)
  5. System Check Virus. Nach Trojaner Entfernung immer noch geblockt!
    Plagegeister aller Art und deren Bekämpfung - 23.03.2012 (17)
  6. System Check Virus
    Log-Analyse und Auswertung - 20.03.2012 (1)
  7. GEMA Virus eingefangen
    Log-Analyse und Auswertung - 19.03.2012 (3)
  8. System Check Virus
    Log-Analyse und Auswertung - 18.03.2012 (1)
  9. Trojaner 'System check' eingefangen, Sony Vaio Systemwiederherstellung durchgeführt -> ausreichend?
    Plagegeister aller Art und deren Bekämpfung - 14.03.2012 (4)
  10. Gema Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 24.02.2012 (1)
  11. System-Check Virus eingefangen
    Log-Analyse und Auswertung - 15.02.2012 (6)
  12. System Check eingefangen, weiß nicht wie der zu entfernen ist.
    Plagegeister aller Art und deren Bekämpfung - 13.02.2012 (10)
  13. System Check Virus eingefangen und ich komme nicht weiter
    Plagegeister aller Art und deren Bekämpfung - 03.02.2012 (5)
  14. [doppelt] GEMA Virus nach XP-Security-Entfernung auf unsicherem System eingefangen.
    Mülltonne - 02.02.2012 (2)
  15. System Check Malware eingefangen, entfert, Unsicherheit ob alles entfernt wurde
    Log-Analyse und Auswertung - 25.01.2012 (2)
  16. System Check Virus
    Log-Analyse und Auswertung - 25.01.2012 (10)
  17. System Check Virus
    Log-Analyse und Auswertung - 11.01.2012 (3)

Zum Thema System Check Virus + Gema Trojaner eingefangen... - Hallo zusammen, ich habe mir vor 2 Tagen den System Check Virus eingefangen + die Woche davor den Gema Trojaner (danach lief mein Laptop eigtl. noch ganz gut ) Naja - System Check Virus + Gema Trojaner eingefangen......
Archiv
Du betrachtest: System Check Virus + Gema Trojaner eingefangen... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.