| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bundespolizei Trojaner Windows VistaWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
25.09.2012, 22:48
| #1 |
 |  Bundespolizei Trojaner Windows Vista Hier der neueste Log: Code:
ATTFilter OTL logfile created on: 25.09.2012 23:25:54 - Run 2 OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\Sarah\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 84,62% Memory free 6,19 Gb Paging File | 5,92 Gb Available in Paging File | 95,72% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 440,37 Gb Total Space | 302,90 Gb Free Space | 68,78% Space Free | Partition Type: NTFS Drive D: | 25,38 Gb Total Space | 12,12 Gb Free Space | 47,78% Space Free | Partition Type: FAT32 Computer Name: SARAH-PC | User Name: Sarah | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Sarah\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files\WinRAR\RarExt.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_5891ae0.dll () SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (UI Assistant Service) -- C:\Program Files\1&1 Surf-Stick\AssistantServices.exe () SRV - (getPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (resetWinService) -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe () SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () ========== Driver Services (SafeList) ========== DRV - (uxddrv) -- G:\uxddrv86.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (MBB Incorporated) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.) DRV - (geyekrxncpvdiq) -- C:\Windows\System32\drivers\geyekrrieetjvm.sys () DRV - (WINIO) -- C:\Windows\System32\WinIo.sys () DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (SNP2STD) -- C:\Windows\System32\drivers\snp2sxp.sys () DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDC IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-494165459-3435025325-3623417751-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKU\S-1-5-21-494165459-3435025325-3623417751-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-494165459-3435025325-3623417751-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-494165459-3435025325-3623417751-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-494165459-3435025325-3623417751-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-494165459-3435025325-3623417751-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-494165459-3435025325-3623417751-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-494165459-3435025325-3623417751-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-494165459-3435025325-3623417751-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-494165459-3435025325-3623417751-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found IE - HKU\S-1-5-21-494165459-3435025325-3623417751-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-494165459-3435025325-3623417751-1000\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = hxxp://www.bing.com/search?FORM=DCFTDF&PC=DCFM&q={searchTerms}&src=IE-SearchBox IE - HKU\S-1-5-21-494165459-3435025325-3623417751-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-494165459-3435025325-3623417751-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDC IE - HKU\S-1-5-21-494165459-3435025325-3623417751-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-494165459-3435025325-3623417751-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2 FF - prefs.js..extensions.enabledItems: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}:2.0 FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1289 FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?fr=panda&type=PCAFSI1190&p=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Sarah\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Sarah\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.26 18:37:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.13 21:08:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.13 21:07:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.13 21:08:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.13 21:07:59 | 000,000,000 | ---D | M] [2009.07.20 12:54:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions [2012.09.25 15:28:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\hjt4u3bf.default\extensions [2010.07.30 15:42:03 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\hjt4u3bf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.01.02 01:47:59 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\hjt4u3bf.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009.09.18 16:29:04 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\hjt4u3bf.default\extensions\moveplayer@movenetworks.com [2010.03.15 20:44:04 | 000,001,840 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\bing.xml [2012.09.23 15:12:04 | 000,000,950 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-1.xml [2011.03.24 22:00:59 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-10.xml [2011.05.05 08:41:29 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-11.xml [2011.06.30 15:53:50 | 000,000,950 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-12.xml [2011.08.24 18:22:55 | 000,000,950 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-13.xml [2011.10.13 19:42:37 | 000,000,950 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-14.xml [2011.11.09 19:06:18 | 000,000,950 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-15.xml [2011.11.26 13:11:08 | 000,000,950 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-16.xml [2012.01.13 19:19:06 | 000,000,950 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-17.xml [2012.01.22 12:52:00 | 000,000,950 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-18.xml [2010.06.26 11:44:43 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-2.xml [2010.07.24 20:58:13 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-3.xml [2010.09.09 14:04:59 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-4.xml [2010.09.20 08:51:21 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-5.xml [2010.10.28 15:24:07 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-6.xml [2010.11.12 16:37:23 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-7.xml [2010.12.12 12:30:35 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-8.xml [2011.02.24 18:03:27 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-9.xml [2010.03.26 14:51:05 | 000,000,955 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin.xml [2012.09.13 21:07:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.09.13 21:07:55 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.09.13 21:07:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.09.13 21:08:06 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.05.26 18:36:35 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 17:53:34 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java(TM) Platform SE 6 U12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java(TM) Platform SE 6 U12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: getPlusPlus for Adobe 16260 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: MSN\u00AE Toolbar (Enabled) = C:\Program Files\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll CHR - plugin: Musicnotes (Enabled) = C:\Program Files\Musicnotes\npmusicn.dll CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files\Musicnotes\npsibelius.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Sarah\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Default = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn\1.1\ CHR - Extension: avast! WebRep = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - No CLSID value found. O3 - HKU\S-1-5-21-494165459-3435025325-3623417751-1000\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found. O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix) O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe File not found O4 - HKLM..\Run: [tsnp2std] C:\Windows\tsnp2std.exe (SONIX) O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe () O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UIExec] C:\Program Files\1&1 Surf-Stick\UIExec.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [MSxmlHpr] RUNDLL32.EXE C:\Windows\TEMP\msxm192z.dll,w File not found O4 - HKU\S-1-5-18..\Run: [MSxmlHpr] RUNDLL32.EXE C:\Windows\TEMP\msxm192z.dll,w File not found O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-494165459-3435025325-3623417751-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-494165459-3435025325-3623417751-1000..\Run: [Akamai NetSession Interface] C:\Users\Sarah\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-494165459-3435025325-3623417751-1000..\Run: [Facebook Update] C:\Users\Sarah\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-494165459-3435025325-3623417751-1000..\Run: [gwvwfwtwgvvvxey] C:\ProgramData\gwvwfwtw.exe () O4 - HKU\S-1-5-21-494165459-3435025325-3623417751-1000..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21A42317-615A-44E7-9C55-EA9E3D1644BF}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ] O32 - AutoRun File - [2009.07.04 12:00:54 | 000,000,076 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ] O33 - MountPoints2\{dca509cf-2beb-11df-9de9-001f1618750a}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MUSIK_2.vbs O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig - StartUpReg: EA Core - hkey= - key= - File not found MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) MsConfig - StartUpReg: WinampAgent - hkey= - key= - File not found MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {22F41282-BC11-573D-F187-17F2ACC8EA6D} - Java (Sun) ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {77DDA123-9D43-CAEB-9909-279A32DC54C6} - Java (Sun) ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll () CREATERESTOREPOINT System Restore Service not available. ========== Files/Folders - Created Within 30 Days ========== [2012.09.25 23:22:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe [2012.09.24 13:56:33 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.09.23 15:43:40 | 003,927,560 | ---- | C] (Piriform Ltd) -- C:\Users\Sarah\Desktop\ccsetup322.exe [2012.09.23 15:42:51 | 208,773,504 | ---- | C] (Emsisoft GmbH ) -- C:\Users\Sarah\Desktop\EmsisoftAntiMalwareSetup.exe [2012.09.23 15:34:34 | 004,755,721 | ---- | C] (Swearware) -- C:\Users\Sarah\Desktop\ComboFix.exe [2012.09.23 12:45:28 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Malwarebytes [2012.09.23 12:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.23 12:45:16 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.23 12:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.09.17 18:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\vtlwnbxqgoouocj [2012.09.16 16:39:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.09.16 16:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.09.16 16:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012.09.16 16:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012.09.16 16:27:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.09.13 21:07:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.09.11 20:07:23 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Avira [2012.09.11 20:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.09.11 20:01:12 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.09.11 20:01:12 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.09.11 20:01:12 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012.09.11 20:01:12 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.09.11 20:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.09.11 20:01:11 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.09.11 12:08:51 | 000,000,000 | R--D | C] -- C:\Users\Sarah\Desktop\Die Sims [2012.09.11 11:09:52 | 000,000,000 | ---D | C] -- C:\UserData [2012.09.11 11:04:58 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbser6k.sys [2012.09.11 11:04:58 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbnmea.sys [2012.09.11 11:04:58 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys [2012.09.11 11:04:58 | 000,009,216 | ---- | C] (MBB Incorporated) -- C:\Windows\System32\drivers\massfilter.sys [2012.09.11 11:04:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\SupportAppCB [2012.09.11 11:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1 Surf-Stick [2012.09.11 11:04:13 | 000,000,000 | ---D | C] -- C:\Program Files\1&1 Surf-Stick [2012.09.01 14:07:45 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Skype [2012.09.01 14:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.01 14:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.09.01 14:07:23 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2012.09.01 14:07:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype ========== Files - Modified Within 30 Days ========== [2012.09.25 23:22:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe [2012.09.25 23:18:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.25 15:32:19 | 000,096,781 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.09.25 15:30:27 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.25 15:30:27 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.24 22:52:06 | 000,001,857 | ---- | M] () -- C:\Users\Sarah\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.09.24 22:52:06 | 000,001,786 | ---- | M] () -- C:\Users\Sarah\Desktop\Avira DE-Cleaner.lnk [2012.09.24 14:00:51 | 000,001,356 | ---- | M] () -- C:\Users\Sarah\AppData\Local\d3d9caps.dat [2012.09.23 17:30:55 | 000,002,339 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.09.23 15:43:57 | 208,773,504 | ---- | M] (Emsisoft GmbH ) -- C:\Users\Sarah\Desktop\EmsisoftAntiMalwareSetup.exe [2012.09.23 15:43:42 | 003,927,560 | ---- | M] (Piriform Ltd) -- C:\Users\Sarah\Desktop\ccsetup322.exe [2012.09.23 15:35:02 | 004,755,721 | ---- | M] (Swearware) -- C:\Users\Sarah\Desktop\ComboFix.exe [2012.09.23 15:04:37 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.23 12:45:20 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.23 12:29:53 | 000,096,781 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.09.18 22:15:36 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-494165459-3435025325-3623417751-1000UA.job [2012.09.17 21:07:05 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-494165459-3435025325-3623417751-1000.job [2012.09.17 20:36:06 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-494165459-3435025325-3623417751-1000UA.job [2012.09.17 18:11:26 | 000,076,348 | ---- | M] () -- C:\ProgramData\abfvcizfgbxvbpr [2012.09.17 18:11:16 | 000,082,432 | ---- | M] () -- C:\ProgramData\gwvwfwtw.exe [2012.09.16 16:39:20 | 000,001,628 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.09.16 15:58:34 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-494165459-3435025325-3623417751-1000Core.job [2012.09.16 13:15:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-494165459-3435025325-3623417751-1000Core.job [2012.09.13 20:37:09 | 000,002,477 | ---- | M] () -- C:\Users\Sarah\Desktop\TubeBox! starten.lnk [2012.09.12 14:29:28 | 000,633,580 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.12 14:29:28 | 000,600,138 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.12 14:29:28 | 000,128,990 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.12 14:29:28 | 000,106,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.11 16:49:10 | 002,324,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.09.11 12:18:33 | 000,002,681 | ---- | M] () -- C:\Users\Sarah\Desktop\Microsoft Office Word 2007.lnk [2012.09.11 12:18:17 | 000,002,687 | ---- | M] () -- C:\Users\Sarah\Desktop\Microsoft Office Excel 2007.lnk [2012.09.11 12:17:45 | 000,000,000 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\wklnhst.dat [2012.09.11 12:15:55 | 000,000,374 | ---- | M] () -- C:\Users\Sarah\Desktop\Bilder.lnk [2012.09.11 11:04:30 | 000,001,543 | ---- | M] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk [2012.09.07 20:26:05 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.09.07 20:26:05 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.09.07 20:26:05 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.03 18:20:33 | 000,346,743 | ---- | M] () -- C:\Users\Sarah\Documents\image0005.jpg [2012.09.03 18:17:11 | 000,358,647 | ---- | M] () -- C:\Users\Sarah\Documents\image0004.jpg [2012.09.03 18:15:29 | 000,331,282 | ---- | M] () -- C:\Users\Sarah\Documents\image0001.jpg ========== Files Created - No Company Name ========== [2012.09.24 22:52:06 | 000,001,857 | ---- | C] () -- C:\Users\Sarah\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.09.24 22:52:06 | 000,001,786 | ---- | C] () -- C:\Users\Sarah\Desktop\Avira DE-Cleaner.lnk [2012.09.23 12:45:20 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.17 21:07:05 | 000,000,286 | ---- | C] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-494165459-3435025325-3623417751-1000.job [2012.09.17 20:52:03 | 000,000,557 | ---- | C] () -- C:\NetworkCfg.xml [2012.09.17 18:11:24 | 000,082,432 | ---- | C] () -- C:\ProgramData\gwvwfwtw.exe [2012.09.17 18:11:18 | 000,076,348 | ---- | C] () -- C:\ProgramData\abfvcizfgbxvbpr [2012.09.16 16:39:20 | 000,001,628 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.09.11 12:18:33 | 000,002,681 | ---- | C] () -- C:\Users\Sarah\Desktop\Microsoft Office Word 2007.lnk [2012.09.11 12:18:17 | 000,002,687 | ---- | C] () -- C:\Users\Sarah\Desktop\Microsoft Office Excel 2007.lnk [2012.09.11 12:17:45 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\wklnhst.dat [2012.09.11 12:15:55 | 000,000,374 | ---- | C] () -- C:\Users\Sarah\Desktop\Bilder.lnk [2012.09.11 11:04:15 | 000,001,543 | ---- | C] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk [2012.09.03 18:20:10 | 000,346,743 | ---- | C] () -- C:\Users\Sarah\Documents\image0005.jpg [2012.09.03 18:16:54 | 000,358,647 | ---- | C] () -- C:\Users\Sarah\Documents\image0004.jpg [2012.09.03 17:48:02 | 000,331,282 | ---- | C] () -- C:\Users\Sarah\Documents\image0001.jpg [2012.09.01 14:07:26 | 000,002,339 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.07.29 23:18:16 | 000,007,168 | -H-- | C] () -- C:\Users\Sarah\photothumb.db [2012.07.29 20:05:19 | 000,921,654 | ---- | C] () -- C:\Users\Sarah\hd.bmp [2012.02.01 21:59:16 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2010.03.10 05:52:28 | 000,001,356 | ---- | C] () -- C:\Users\Sarah\AppData\Local\d3d9caps.dat [2009.12.24 21:38:36 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2009.07.04 11:02:06 | 000,008,192 | ---- | C] () -- C:\Users\Sarah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.03.02 15:15:39 | 000,096,781 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.03.02 15:15:37 | 000,096,781 | ---- | C] () -- C:\ProgramData\nvModes.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2009.12.29 21:50:07 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\DAEMON Tools Lite [2012.01.22 10:34:54 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Dropbox [2010.07.30 15:42:02 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers [2010.06.16 18:44:42 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Facebook [2012.04.06 21:47:15 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\ICQ [2011.08.01 21:23:25 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Jens Lorek [2011.11.04 20:13:00 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Origin [2012.01.22 12:08:44 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Panda Security [2010.02.19 17:45:40 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\PhotoLine [2009.09.12 22:24:20 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\TubeBox ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.12.10 08:22:58 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Adobe [2012.03.01 21:22:28 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Apple Computer [2012.09.11 20:07:23 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Avira [2009.12.29 21:50:07 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\DAEMON Tools Lite [2010.04.04 23:14:55 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\DivX [2012.01.22 10:34:54 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Dropbox [2010.07.30 15:42:02 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers [2010.06.16 18:44:42 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Facebook [2012.04.06 21:47:15 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\ICQ [2009.07.04 10:50:15 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Identities [2010.04.10 15:04:35 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\InstallShield [2011.08.01 21:23:25 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Jens Lorek [2009.07.04 11:02:02 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Macromedia [2012.09.23 12:45:28 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Media Center Programs [2012.09.11 17:08:00 | 000,000,000 | --SD | M] -- C:\Users\Sarah\AppData\Roaming\Microsoft [2009.07.20 12:54:23 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Mozilla [2011.01.29 21:46:29 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Nero [2011.11.04 20:13:00 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Origin [2012.01.22 12:08:44 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Panda Security [2010.02.19 17:45:40 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\PhotoLine [2012.05.26 18:41:24 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Real [2012.05.26 18:41:27 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\RealNetworks [2009.08.12 08:35:52 | 000,000,000 | RH-D | M] -- C:\Users\Sarah\AppData\Roaming\SecuROM [2012.09.23 17:32:46 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Skype [2009.09.12 22:24:20 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\TubeBox [2009.07.16 17:48:28 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.06.16 18:44:42 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Users\Sarah\AppData\Roaming\Facebook\uninstall.exe [2011.04.16 19:22:55 | 002,832,544 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Sarah\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe [2009.09.13 19:59:28 | 000,009,662 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Installer\{0D4F1C87-FECE-4DAC-AF46-4BC51DD4BAE0}\_6FEFF9B68218417F98F549.exe [2011.08.01 21:21:43 | 000,034,494 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Installer\{15C82F5E-6EA9-44FE-A0FC-B6D08A684037}\_6FEFF9B68218417F98F549.exe [2010.07.30 15:28:53 | 000,009,662 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Installer\{20AB57C7-FED7-4394-8166-A409DEA20253}\_6FEFF9B68218417F98F549.exe [2009.11.11 19:58:47 | 000,009,662 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Installer\{2E2F9C65-38BC-4400-A27C-D65A507587D0}\_6FEFF9B68218417F98F549.exe [2009.09.04 21:42:12 | 000,009,662 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Installer\{3680AE1C-8DC4-42CE-9286-32FE5337C3F3}\_6FEFF9B68218417F98F549.exe [2009.10.10 12:26:14 | 000,009,662 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Installer\{489BBD5A-7B60-4166-A3A7-6494A78E8509}\_6FEFF9B68218417F98F549.exe [2011.02.15 23:16:23 | 000,034,494 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Installer\{62733593-6322-4C89-8B50-F714305A4DC6}\_6FEFF9B68218417F98F549.exe [2011.06.11 15:26:14 | 000,034,494 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Installer\{7223945A-F037-4AE1-92F9-BA8304F0E21A}\_6FEFF9B68218417F98F549.exe [2010.09.04 18:17:54 | 000,034,494 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Installer\{75C14F0A-EAA4-43CD-AA81-32FDB1686329}\_6FEFF9B68218417F98F549.exe [2011.01.29 19:59:47 | 000,034,494 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Installer\{8DB77BE4-629D-458D-BD68-9F36667C2177}\_6FEFF9B68218417F98F549.exe [2009.10.15 22:58:26 | 000,009,662 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Installer\{9DAC9A37-1280-4A87-BFA4-9AFF27C84955}\_6FEFF9B68218417F98F549.exe [2012.03.11 13:52:34 | 000,010,134 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Installer\{A78A5C61-2397-407E-A41F-0A0FFAD2572F}\_7F7458BFD582C00FF78826.exe [2012.03.11 13:52:34 | 000,034,494 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Installer\{A78A5C61-2397-407E-A41F-0A0FFAD2572F}\_853F67D554F05449430E7E.exe [2012.03.11 13:52:34 | 000,355,574 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Installer\{A78A5C61-2397-407E-A41F-0A0FFAD2572F}\_E460DD8AE65E9AE8A7F8F8.exe [2012.03.11 13:52:34 | 000,355,574 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Installer\{A78A5C61-2397-407E-A41F-0A0FFAD2572F}\_EF47F7F6FC8D853BE6A60C.exe [2012.03.11 13:52:34 | 000,080,992 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Installer\{A78A5C61-2397-407E-A41F-0A0FFAD2572F}\_FEB897155D11C908CCA7A9.exe [2010.03.10 19:23:16 | 000,009,662 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Installer\{D761C5D2-E727-415A-BC4E-52642CEA1A1C}\_6FEFF9B68218417F98F549.exe [2009.08.12 08:27:38 | 000,010,134 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe [2009.07.04 13:06:40 | 000,009,662 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Installer\{EA61BCD3-FA73-4F6B-A525-8BD816E7C840}\_6FEFF9B68218417F98F549.exe [2011.03.20 21:52:31 | 000,034,494 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_6FEFF9B68218417F98F549.exe [2009.09.12 22:24:06 | 000,009,662 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Installer\{F7D35046-DA8A-4305-9A75-43B418600C75}\_6FEFF9B68218417F98F549.exe [2009.12.17 17:37:52 | 000,029,344 | ---- | M] (NOS Microsystems Ltd.) -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\hjt4u3bf.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.01.14 16:19:31 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys [2009.01.14 16:19:31 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2009.01.14 16:19:31 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.05.17 22:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > [2006.11.02 15:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2006.11.02 15:01:49 | 000,032,590 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009.07.04 12:40:19 | 000,001,068 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-494165459-3435025325-3623417751-1000Core.job [2009.07.04 12:40:20 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-494165459-3435025325-3623417751-1000UA.job [2012.02.24 21:21:42 | 000,000,906 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-494165459-3435025325-3623417751-1000Core.job [2012.02.24 21:21:43 | 000,000,928 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-494165459-3435025325-3623417751-1000UA.job [2012.05.17 20:21:30 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2012.09.17 21:07:05 | 000,000,286 | ---- | C] () -- C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-494165459-3435025325-3623417751-1000.job < End of report > |
|
26.09.2012, 14:31
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Bundespolizei Trojaner Windows Vista Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
FF - user.js - File not found
DRV - (uxddrv) -- G:\uxddrv86.sys File not found
IE - HKU\S-1-5-21-494165459-3435025325-3623417751-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-494165459-3435025325-3623417751-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKU\S-1-5-21-494165459-3435025325-3623417751-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-494165459-3435025325-3623417751-1000\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = http://www.bing.com/search?FORM=DCFTDF&PC=DCFM&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-494165459-3435025325-3623417751-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
[2010.07.30 15:42:03 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\hjt4u3bf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.09.18 16:29:04 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\hjt4u3bf.default\extensions\moveplayer@movenetworks.com
[2010.03.15 20:44:04 | 000,001,840 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\bing.xml
[2012.09.23 15:12:04 | 000,000,950 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-1.xml
[2011.03.24 22:00:59 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-10.xml
[2011.05.05 08:41:29 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-11.xml
[2011.06.30 15:53:50 | 000,000,950 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-12.xml
[2011.08.24 18:22:55 | 000,000,950 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-13.xml
[2011.10.13 19:42:37 | 000,000,950 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-14.xml
[2011.11.09 19:06:18 | 000,000,950 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-15.xml
[2011.11.26 13:11:08 | 000,000,950 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-16.xml
[2012.01.13 19:19:06 | 000,000,950 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-17.xml
[2012.01.22 12:52:00 | 000,000,950 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-18.xml
[2010.06.26 11:44:43 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-2.xml
[2010.07.24 20:58:13 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-3.xml
[2010.09.09 14:04:59 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-4.xml
[2010.09.20 08:51:21 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-5.xml
[2010.10.28 15:24:07 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-6.xml
[2010.11.12 16:37:23 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-7.xml
[2010.12.12 12:30:35 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-8.xml
[2011.02.24 18:03:27 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-9.xml
[2010.03.26 14:51:05 | 000,000,955 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin.xml
[2012.09.13 21:07:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.09.13 21:07:55 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - No CLSID value found.
O3 - HKU\S-1-5-21-494165459-3435025325-3623417751-1000\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O4 - HKU\.DEFAULT..\Run: [MSxmlHpr] RUNDLL32.EXE C:\Windows\TEMP\msxm192z.dll,w File not found
O4 - HKU\S-1-5-18..\Run: [MSxmlHpr] RUNDLL32.EXE C:\Windows\TEMP\msxm192z.dll,w File not found
O4 - HKU\S-1-5-21-494165459-3435025325-3623417751-1000..\Run: [Facebook Update] C:\Users\Sarah\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-494165459-3435025325-3623417751-1000..\Run: [gwvwfwtwgvvvxey] C:\ProgramData\gwvwfwtw.exe ()
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ]
O32 - AutoRun File - [2009.07.04 12:00:54 | 000,000,076 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{dca509cf-2beb-11df-9de9-001f1618750a}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MUSIK_2.vbs
:Files
C:\Program Files\Yontoo
C:\ProgramData\Tarma Installer
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\hjt4u3bf.default\extensions\plugin@yontoo.com
C:\ProgramData\*.exe
C:\ProgramData\*.pad
C:\ProgramData\*.dat
C:\ProgramData\vtlwnbxqgoouocj
C:\Users\All Users\vtlwnbxqgoouocj
C:\ProgramData\abfvcizfgbxvbpr
C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
26.09.2012, 15:10
| #3 |
| | Bundespolizei Trojaner Windows Vista Hier wiederum das neue Log:
__________________Code:
ATTFilter All processes killed
========== OTL ==========
Service uxddrv stopped successfully!
Service uxddrv deleted successfully!
File G:\uxddrv86.sys File not found not found.
Registry value HKEY_USERS\S-1-5-21-494165459-3435025325-3623417751-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-494165459-3435025325-3623417751-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
HKEY_USERS\S-1-5-21-494165459-3435025325-3623417751-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-494165459-3435025325-3623417751-1000\Software\Microsoft\Internet Explorer\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{105E99FF-8B9A-4492-B155-06194B9056D2}\ not found.
Registry key HKEY_USERS\S-1-5-21-494165459-3435025325-3623417751-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Prefs.js: "" removed from browser.search.defaultenginename
Prefs.js: "" removed from browser.search.selectedEngine
Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems
Folder C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\hjt4u3bf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\ not found.
Folder C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\hjt4u3bf.default\extensions\moveplayer@movenetworks.com\ not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\bing.xml not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-1.xml not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-10.xml not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-11.xml not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-12.xml not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-13.xml not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-14.xml not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-15.xml not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-16.xml not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-17.xml not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-18.xml not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-2.xml not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-3.xml not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-4.xml not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-5.xml not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-6.xml not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-7.xml not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-8.xml not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-9.xml not found.
File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin.xml not found.
Folder C:\Program Files\Mozilla Firefox\extensions\ not found.
Folder C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}\ not found.
Registry value HKEY_USERS\S-1-5-21-494165459-3435025325-3623417751-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MSxmlHpr deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\MSxmlHpr not found.
Registry value HKEY_USERS\S-1-5-21-494165459-3435025325-3623417751-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully.
File C:\Users\Sarah\AppData\Local\Facebook\Update\FacebookUpdate.exe not found.
Registry value HKEY_USERS\S-1-5-21-494165459-3435025325-3623417751-1000\Software\Microsoft\Windows\CurrentVersion\Run\\gwvwfwtwgvvvxey deleted successfully.
File C:\ProgramData\gwvwfwtw.exe not found.
Starting removal of ActiveX control {D0C0F75C-683A-4390-A791-1ACFD5599AB8}
C:\Windows\Downloaded Program Files\OberonGameHost_dbg.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D0C0F75C-683A-4390-A791-1ACFD5599AB8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0C0F75C-683A-4390-A791-1ACFD5599AB8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D0C0F75C-683A-4390-A791-1ACFD5599AB8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0C0F75C-683A-4390-A791-1ACFD5599AB8}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
File D:\autoexec.bat not found.
File D:\AUTORUN.INF not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dca509cf-2beb-11df-9de9-001f1618750a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dca509cf-2beb-11df-9de9-001f1618750a}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MUSIK_2.vbs not found.
========== FILES ==========
File\Folder C:\Program Files\Yontoo not found.
File\Folder C:\ProgramData\Tarma Installer not found.
File\Folder C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\hjt4u3bf.default\extensions\plugin@yontoo.com not found.
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.pad not found.
File\Folder C:\ProgramData\*.dat not found.
File\Folder C:\ProgramData\vtlwnbxqgoouocj not found.
File\Folder C:\Users\All Users\vtlwnbxqgoouocj not found.
File\Folder C:\ProgramData\abfvcizfgbxvbpr not found.
File\Folder C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Sarah\Desktop\cmd.bat deleted successfully.
C:\Users\Sarah\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Sarah
->Temp folder emptied: 5816923302 bytes
->Temporary Internet Files folder emptied: 231244674 bytes
->Java cache emptied: 18708868 bytes
->FireFox cache emptied: 1064283348 bytes
->Google Chrome cache emptied: 414010977 bytes
->Apple Safari cache emptied: 522240 bytes
->Flash cache emptied: 2946192 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 356157270 bytes
RecycleBin emptied: 49721230 bytes
Total Files Cleaned = 7.586,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.68.0 log created on 09262012_154500
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
 Vielen Dank. Geändert von chelito (26.09.2012 um 15:16 Uhr) |
|
26.09.2012, 16:14
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner Windows Vista Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.09.2012, 17:21
| #5 |
| | Bundespolizei Trojaner Windows Vista Das TDSSKiller-Log: Code:
ATTFilter 18:19:03.0259 5816 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
18:19:03.0375 5816 ============================================================
18:19:03.0375 5816 Current date / time: 2012/09/26 18:19:03.0375
18:19:03.0375 5816 SystemInfo:
18:19:03.0375 5816
18:19:03.0375 5816 OS Version: 6.0.6002 ServicePack: 2.0
18:19:03.0375 5816 Product type: Workstation
18:19:03.0375 5816 ComputerName: SARAH-PC
18:19:03.0375 5816 UserName: Sarah
18:19:03.0375 5816 Windows directory: C:\Windows
18:19:03.0375 5816 System windows directory: C:\Windows
18:19:03.0375 5816 Processor architecture: Intel x86
18:19:03.0375 5816 Number of processors: 2
18:19:03.0375 5816 Page size: 0x1000
18:19:03.0375 5816 Boot type: Normal boot
18:19:03.0375 5816 ============================================================
18:19:05.0828 5816 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:19:05.0840 5816 ============================================================
18:19:05.0841 5816 \Device\Harddisk0\DR0:
18:19:05.0841 5816 MBR partitions:
18:19:05.0841 5816 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x370BE000
18:19:05.0841 5816 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x370BE800, BlocksNum 0x32C6800
18:19:05.0841 5816 ============================================================
18:19:05.0875 5816 C: <-> \Device\Harddisk0\DR0\Partition1
18:19:05.0901 5816 D: <-> \Device\Harddisk0\DR0\Partition2
18:19:05.0901 5816 ============================================================
18:19:05.0901 5816 Initialize success
18:19:05.0901 5816 ============================================================
18:19:33.0893 4148 ============================================================
18:19:33.0893 4148 Scan started
18:19:33.0893 4148 Mode: Manual; SigCheck; TDLFS;
18:19:33.0893 4148 ============================================================
18:19:34.0729 4148 ================ Scan system memory ========================
18:19:34.0729 4148 System memory - ok
18:19:34.0730 4148 ================ Scan services =============================
18:19:35.0103 4148 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
18:19:35.0210 4148 ACPI - ok
18:19:35.0292 4148 [ 6D7F09CD92A9FEF3A8EFCE66231FDD79 ] adfs C:\Windows\system32\drivers\adfs.sys
18:19:35.0303 4148 adfs - ok
18:19:35.0405 4148 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:19:35.0417 4148 AdobeFlashPlayerUpdateSvc - ok
18:19:35.0487 4148 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:19:35.0511 4148 adp94xx - ok
18:19:35.0547 4148 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:19:35.0566 4148 adpahci - ok
18:19:35.0607 4148 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
18:19:35.0621 4148 adpu160m - ok
18:19:35.0638 4148 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:19:35.0653 4148 adpu320 - ok
18:19:35.0702 4148 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:19:35.0842 4148 AeLookupSvc - ok
18:19:35.0907 4148 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
18:19:35.0943 4148 AFD - ok
18:19:36.0003 4148 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:19:36.0016 4148 agp440 - ok
18:19:36.0053 4148 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
18:19:36.0067 4148 aic78xx - ok
18:19:36.0264 4148 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files\common files\akamai/netsession_win_5891ae0.dll
18:19:36.0264 4148 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
18:19:36.0275 4148 Akamai ( HiddenFile.Multi.Generic ) - warning
18:19:36.0275 4148 Akamai - detected HiddenFile.Multi.Generic (1)
18:19:36.0295 4148 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
18:19:36.0405 4148 ALG - ok
18:19:36.0440 4148 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
18:19:36.0452 4148 aliide - ok
18:19:36.0491 4148 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:19:36.0505 4148 amdagp - ok
18:19:36.0522 4148 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
18:19:36.0534 4148 amdide - ok
18:19:36.0552 4148 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
18:19:36.0588 4148 AmdK7 - ok
18:19:36.0609 4148 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:19:36.0672 4148 AmdK8 - ok
18:19:36.0775 4148 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:19:36.0787 4148 AntiVirSchedulerService - ok
18:19:36.0805 4148 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:19:36.0815 4148 AntiVirService - ok
18:19:36.0889 4148 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
18:19:36.0925 4148 Appinfo - ok
18:19:37.0000 4148 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:19:37.0010 4148 Apple Mobile Device - ok
18:19:37.0056 4148 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
18:19:37.0069 4148 arc - ok
18:19:37.0108 4148 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:19:37.0121 4148 arcsas - ok
18:19:37.0160 4148 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:19:37.0199 4148 AsyncMac - ok
18:19:37.0241 4148 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
18:19:37.0253 4148 atapi - ok
18:19:37.0308 4148 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:19:37.0346 4148 AudioEndpointBuilder - ok
18:19:37.0353 4148 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:19:37.0373 4148 Audiosrv - ok
18:19:37.0438 4148 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:19:37.0452 4148 avgntflt - ok
18:19:37.0480 4148 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:19:37.0493 4148 avipbb - ok
18:19:37.0504 4148 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:19:37.0514 4148 avkmgr - ok
18:19:37.0577 4148 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
18:19:37.0616 4148 Beep - ok
18:19:37.0680 4148 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
18:19:37.0767 4148 BFE - ok
18:19:37.0835 4148 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
18:19:37.0887 4148 BITS - ok
18:19:37.0945 4148 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
18:19:37.0977 4148 blbdrive - ok
18:19:38.0098 4148 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:19:38.0114 4148 Bonjour Service - ok
18:19:38.0143 4148 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:19:38.0200 4148 bowser - ok
18:19:38.0256 4148 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
18:19:38.0293 4148 BrFiltLo - ok
18:19:38.0319 4148 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
18:19:38.0365 4148 BrFiltUp - ok
18:19:38.0402 4148 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
18:19:38.0455 4148 Browser - ok
18:19:38.0508 4148 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
18:19:38.0646 4148 Brserid - ok
18:19:38.0686 4148 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
18:19:38.0744 4148 BrSerWdm - ok
18:19:38.0767 4148 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
18:19:38.0820 4148 BrUsbMdm - ok
18:19:38.0840 4148 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
18:19:38.0897 4148 BrUsbSer - ok
18:19:38.0929 4148 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:19:38.0992 4148 BTHMODEM - ok
18:19:39.0056 4148 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:19:39.0101 4148 cdfs - ok
18:19:39.0143 4148 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:19:39.0180 4148 cdrom - ok
18:19:39.0230 4148 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
18:19:39.0264 4148 CertPropSvc - ok
18:19:39.0292 4148 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
18:19:39.0333 4148 circlass - ok
18:19:39.0363 4148 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
18:19:39.0381 4148 CLFS - ok
18:19:39.0426 4148 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:19:39.0439 4148 clr_optimization_v2.0.50727_32 - ok
18:19:39.0520 4148 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:19:39.0532 4148 clr_optimization_v4.0.30319_32 - ok
18:19:39.0587 4148 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:19:39.0637 4148 CmBatt - ok
18:19:39.0678 4148 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:19:39.0690 4148 cmdide - ok
18:19:39.0709 4148 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:19:39.0721 4148 Compbatt - ok
18:19:39.0726 4148 COMSysApp - ok
18:19:39.0732 4148 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:19:39.0744 4148 crcdisk - ok
18:19:39.0771 4148 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
18:19:39.0820 4148 Crusoe - ok
18:19:39.0884 4148 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:19:39.0911 4148 CryptSvc - ok
18:19:39.0991 4148 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:19:40.0124 4148 DcomLaunch - ok
18:19:40.0134 4148 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:19:40.0179 4148 DfsC - ok
18:19:40.0270 4148 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
18:19:40.0530 4148 DFSR - ok
18:19:40.0603 4148 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
18:19:40.0641 4148 Dhcp - ok
18:19:40.0673 4148 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
18:19:40.0686 4148 disk - ok
18:19:40.0753 4148 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:19:40.0802 4148 Dnscache - ok
18:19:40.0834 4148 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:19:40.0854 4148 dot3svc - ok
18:19:40.0913 4148 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
18:19:40.0952 4148 DPS - ok
18:19:41.0015 4148 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:19:41.0041 4148 drmkaud - ok
18:19:41.0087 4148 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:19:41.0136 4148 DXGKrnl - ok
18:19:41.0198 4148 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
18:19:41.0222 4148 E1G60 - ok
18:19:41.0300 4148 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
18:19:41.0334 4148 EapHost - ok
18:19:41.0395 4148 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
18:19:41.0411 4148 Ecache - ok
18:19:41.0441 4148 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:19:41.0469 4148 ehRecvr - ok
18:19:41.0488 4148 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
18:19:41.0512 4148 ehSched - ok
18:19:41.0524 4148 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
18:19:41.0557 4148 ehstart - ok
18:19:41.0599 4148 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:19:41.0619 4148 elxstor - ok
18:19:41.0659 4148 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
18:19:41.0776 4148 EMDMgmt - ok
18:19:41.0847 4148 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:19:41.0891 4148 ErrDev - ok
18:19:41.0951 4148 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
18:19:42.0006 4148 EventSystem - ok
18:19:42.0083 4148 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
18:19:42.0136 4148 exfat - ok
18:19:42.0164 4148 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:19:42.0195 4148 fastfat - ok
18:19:42.0270 4148 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:19:42.0319 4148 fdc - ok
18:19:42.0360 4148 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
18:19:42.0383 4148 fdPHost - ok
18:19:42.0396 4148 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
18:19:42.0445 4148 FDResPub - ok
18:19:42.0463 4148 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:19:42.0476 4148 FileInfo - ok
18:19:42.0498 4148 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:19:42.0554 4148 Filetrace - ok
18:19:42.0603 4148 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:19:42.0627 4148 FLEXnet Licensing Service - ok
18:19:42.0661 4148 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:19:42.0697 4148 flpydisk - ok
18:19:42.0752 4148 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:19:42.0769 4148 FltMgr - ok
18:19:42.0844 4148 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
18:19:42.0951 4148 FontCache - ok
18:19:43.0016 4148 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:19:43.0026 4148 FontCache3.0.0.0 - ok
18:19:43.0078 4148 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:19:43.0110 4148 Fs_Rec - ok
18:19:43.0166 4148 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:19:43.0179 4148 gagp30kx - ok
18:19:43.0243 4148 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:19:43.0252 4148 GEARAspiWDM - ok
18:19:43.0349 4148 [ 9599A713E1776B8F69300FC9008F33C1 ] getPlusHelper C:\Program Files\NOS\bin\getPlus_Helper.dll
18:19:43.0359 4148 getPlusHelper - ok
18:19:43.0434 4148 [ 6BBC45C590C7166D615670422C2D040A ] geyekrxncpvdiq C:\Windows\system32\drivers\geyekrrieetjvm.sys
18:19:43.0436 4148 geyekrxncpvdiq ( Rootkit.Win32.TDSS.tdl2 ) - infected
18:19:43.0436 4148 geyekrxncpvdiq - detected Rootkit.Win32.TDSS.tdl2 (0)
18:19:43.0489 4148 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
18:19:43.0528 4148 gpsvc - ok
18:19:43.0626 4148 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:19:43.0638 4148 gusvc - ok
18:19:43.0724 4148 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:19:43.0807 4148 HdAudAddService - ok
18:19:43.0845 4148 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:19:43.0929 4148 HDAudBus - ok
18:19:43.0973 4148 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:19:44.0036 4148 HidBth - ok
18:19:44.0060 4148 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
18:19:44.0114 4148 HidIr - ok
18:19:44.0141 4148 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
18:19:44.0202 4148 hidserv - ok
18:19:44.0227 4148 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:19:44.0260 4148 HidUsb - ok
18:19:44.0283 4148 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:19:44.0307 4148 hkmsvc - ok
18:19:44.0346 4148 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
18:19:44.0358 4148 HpCISSs - ok
18:19:44.0407 4148 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:19:44.0466 4148 HTTP - ok
18:19:44.0499 4148 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
18:19:44.0512 4148 i2omp - ok
18:19:44.0588 4148 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:19:44.0624 4148 i8042prt - ok
18:19:44.0649 4148 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
18:19:44.0665 4148 iaStorV - ok
18:19:44.0750 4148 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:19:44.0774 4148 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:19:44.0774 4148 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:19:44.0844 4148 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:19:44.0875 4148 idsvc - ok
18:19:44.0903 4148 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:19:44.0914 4148 iirsp - ok
18:19:44.0957 4148 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
18:19:44.0984 4148 IKEEXT - ok
18:19:45.0082 4148 [ 56AC584FE02E0C1D5924892562CBD572 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
18:19:45.0388 4148 IntcAzAudAddService - ok
18:19:45.0460 4148 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
18:19:45.0472 4148 intelide - ok
18:19:45.0493 4148 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:19:45.0528 4148 intelppm - ok
18:19:45.0552 4148 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:19:45.0577 4148 IPBusEnum - ok
18:19:45.0598 4148 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:19:45.0637 4148 IpFilterDriver - ok
18:19:45.0672 4148 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:19:45.0730 4148 iphlpsvc - ok
18:19:45.0735 4148 IpInIp - ok
18:19:45.0770 4148 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
18:19:45.0807 4148 IPMIDRV - ok
18:19:45.0822 4148 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
18:19:45.0865 4148 IPNAT - ok
18:19:45.0908 4148 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:19:45.0933 4148 iPod Service - ok
18:19:45.0976 4148 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:19:46.0022 4148 IRENUM - ok
18:19:46.0084 4148 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:19:46.0096 4148 isapnp - ok
18:19:46.0162 4148 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:19:46.0177 4148 iScsiPrt - ok
18:19:46.0204 4148 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
18:19:46.0215 4148 iteatapi - ok
18:19:46.0228 4148 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
18:19:46.0239 4148 iteraid - ok
18:19:46.0263 4148 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:19:46.0275 4148 kbdclass - ok
18:19:46.0297 4148 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:19:46.0339 4148 kbdhid - ok
18:19:46.0378 4148 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
18:19:46.0427 4148 KeyIso - ok
18:19:46.0458 4148 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:19:46.0480 4148 KSecDD - ok
18:19:46.0536 4148 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
18:19:46.0592 4148 KtmRm - ok
18:19:46.0634 4148 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
18:19:46.0693 4148 LanmanServer - ok
18:19:46.0763 4148 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:19:46.0822 4148 LanmanWorkstation - ok
18:19:46.0854 4148 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:19:46.0894 4148 lltdio - ok
18:19:46.0940 4148 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:19:46.0986 4148 lltdsvc - ok
18:19:47.0003 4148 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:19:47.0069 4148 lmhosts - ok
18:19:47.0099 4148 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:19:47.0112 4148 LSI_FC - ok
18:19:47.0127 4148 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:19:47.0140 4148 LSI_SAS - ok
18:19:47.0176 4148 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:19:47.0190 4148 LSI_SCSI - ok
18:19:47.0219 4148 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
18:19:47.0243 4148 luafv - ok
18:19:47.0343 4148 [ D1A79F9CF0A0960DF4DAB08BEF847F43 ] massfilter C:\Windows\system32\drivers\massfilter.sys
18:19:47.0373 4148 massfilter - ok
18:19:47.0401 4148 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:19:47.0436 4148 Mcx2Svc - ok
18:19:47.0492 4148 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
18:19:47.0505 4148 megasas - ok
18:19:47.0541 4148 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
18:19:47.0564 4148 MegaSR - ok
18:19:47.0590 4148 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
18:19:47.0633 4148 MMCSS - ok
18:19:47.0671 4148 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
18:19:47.0720 4148 Modem - ok
18:19:47.0774 4148 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:19:47.0814 4148 monitor - ok
18:19:47.0845 4148 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:19:47.0857 4148 mouclass - ok
18:19:47.0884 4148 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:19:47.0926 4148 mouhid - ok
18:19:47.0955 4148 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
18:19:47.0967 4148 MountMgr - ok
18:19:48.0004 4148 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:19:48.0015 4148 MozillaMaintenance - ok
18:19:48.0053 4148 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
18:19:48.0068 4148 mpio - ok
18:19:48.0094 4148 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:19:48.0136 4148 mpsdrv - ok
18:19:48.0180 4148 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
18:19:48.0233 4148 MpsSvc - ok
18:19:48.0253 4148 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
18:19:48.0264 4148 Mraid35x - ok
18:19:48.0294 4148 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:19:48.0326 4148 MRxDAV - ok
18:19:48.0358 4148 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:19:48.0410 4148 mrxsmb - ok
18:19:48.0430 4148 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:19:48.0469 4148 mrxsmb10 - ok
18:19:48.0501 4148 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:19:48.0515 4148 mrxsmb20 - ok
18:19:48.0538 4148 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
18:19:48.0550 4148 msahci - ok
18:19:48.0593 4148 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:19:48.0606 4148 msdsm - ok
18:19:48.0627 4148 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
18:19:48.0652 4148 MSDTC - ok
18:19:48.0662 4148 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:19:48.0698 4148 Msfs - ok
18:19:48.0736 4148 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:19:48.0748 4148 msisadrv - ok
18:19:48.0781 4148 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:19:48.0825 4148 MSiSCSI - ok
18:19:48.0829 4148 msiserver - ok
18:19:48.0893 4148 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:19:48.0935 4148 MSKSSRV - ok
18:19:48.0954 4148 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:19:48.0990 4148 MSPCLOCK - ok
18:19:49.0007 4148 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:19:49.0031 4148 MSPQM - ok
18:19:49.0060 4148 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:19:49.0076 4148 MsRPC - ok
18:19:49.0086 4148 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:19:49.0098 4148 mssmbios - ok
18:19:49.0160 4148 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:19:49.0204 4148 MSTEE - ok
18:19:49.0226 4148 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
18:19:49.0239 4148 Mup - ok
18:19:49.0266 4148 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
18:19:49.0289 4148 napagent - ok
18:19:49.0344 4148 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:19:49.0360 4148 NativeWifiP - ok
18:19:49.0430 4148 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:19:49.0454 4148 NDIS - ok
18:19:49.0475 4148 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:19:49.0517 4148 NdisTapi - ok
18:19:49.0542 4148 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:19:49.0582 4148 Ndisuio - ok
18:19:49.0611 4148 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:19:49.0656 4148 NdisWan - ok
18:19:49.0680 4148 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:19:49.0716 4148 NDProxy - ok
18:19:49.0813 4148 [ 40D7D0A208EE863BCA8D89E299216F15 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
18:19:49.0840 4148 Nero BackItUp Scheduler 3 - ok
18:19:49.0873 4148 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:19:49.0921 4148 NetBIOS - ok
18:19:49.0960 4148 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
18:19:49.0988 4148 netbt - ok
18:19:50.0011 4148 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
18:19:50.0024 4148 Netlogon - ok
18:19:50.0050 4148 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
18:19:50.0097 4148 Netman - ok
18:19:50.0133 4148 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
18:19:50.0178 4148 netprofm - ok
18:19:50.0222 4148 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:19:50.0233 4148 NetTcpPortSharing - ok
18:19:50.0408 4148 [ E559EA9138C77B5D1FDA8C558764A25F ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
18:19:50.0694 4148 NETw5v32 - ok
18:19:50.0763 4148 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:19:50.0775 4148 nfrd960 - ok
18:19:50.0820 4148 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:19:50.0866 4148 NlaSvc - ok
18:19:50.0968 4148 [ EBA1B4BF2E2375ABDADEDB649F283541 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
18:19:50.0989 4148 NMIndexingService - ok
18:19:51.0029 4148 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:19:51.0049 4148 Npfs - ok
18:19:51.0070 4148 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
18:19:51.0095 4148 nsi - ok
18:19:51.0109 4148 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:19:51.0150 4148 nsiproxy - ok
18:19:51.0205 4148 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:19:51.0289 4148 Ntfs - ok
18:19:51.0331 4148 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
18:19:51.0389 4148 ntrigdigi - ok
18:19:51.0410 4148 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
18:19:51.0439 4148 Null - ok
18:19:51.0455 4148 [ 590CAA306F9E7C303905B738EBDFE2E2 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
18:19:51.0465 4148 NVHDA - ok
18:19:51.0655 4148 [ 6838F505C0CC881F0C78D333DFDE181B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:19:51.0984 4148 nvlddmkm - ok
18:19:52.0037 4148 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:19:52.0051 4148 nvraid - ok
18:19:52.0074 4148 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:19:52.0087 4148 nvstor - ok
18:19:52.0113 4148 [ 0E2619B8E1BD3C432BCCBB2504087598 ] nvsvc C:\Windows\system32\nvvsvc.exe
18:19:52.0126 4148 nvsvc - ok
18:19:52.0147 4148 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:19:52.0161 4148 nv_agp - ok
18:19:52.0165 4148 NwlnkFlt - ok
18:19:52.0171 4148 NwlnkFwd - ok
18:19:52.0272 4148 [ E54AA592A65F317390EEE386A8821692 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:19:52.0293 4148 odserv - ok
18:19:52.0346 4148 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:19:52.0387 4148 ohci1394 - ok
18:19:52.0461 4148 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:19:52.0473 4148 ose - ok
18:19:52.0521 4148 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
18:19:52.0584 4148 p2pimsvc - ok
18:19:52.0594 4148 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
18:19:52.0682 4148 p2psvc - ok
18:19:52.0720 4148 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
18:19:52.0761 4148 Parport - ok
18:19:52.0803 4148 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:19:52.0817 4148 partmgr - ok
18:19:52.0843 4148 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
18:19:52.0912 4148 Parvdm - ok
18:19:52.0951 4148 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
18:19:52.0976 4148 PcaSvc - ok
18:19:53.0005 4148 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
18:19:53.0023 4148 pci - ok
18:19:53.0047 4148 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
18:19:53.0060 4148 pciide - ok
18:19:53.0092 4148 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:19:53.0106 4148 pcmcia - ok
18:19:53.0157 4148 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:19:53.0225 4148 PEAUTH - ok
18:19:53.0455 4148 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
18:19:53.0564 4148 pla - ok
18:19:53.0629 4148 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
18:19:53.0649 4148 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
18:19:53.0649 4148 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
18:19:53.0678 4148 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:19:53.0724 4148 PlugPlay - ok
18:19:53.0821 4148 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
18:19:53.0885 4148 PNRPAutoReg - ok
18:19:53.0897 4148 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
18:19:53.0982 4148 PNRPsvc - ok
18:19:54.0112 4148 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:19:54.0178 4148 PolicyAgent - ok
18:19:54.0234 4148 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:19:54.0289 4148 PptpMiniport - ok
18:19:54.0312 4148 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
18:19:54.0354 4148 Processor - ok
18:19:54.0380 4148 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
18:19:54.0436 4148 ProfSvc - ok
18:19:54.0456 4148 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
18:19:54.0469 4148 ProtectedStorage - ok
18:19:54.0534 4148 [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\Windows\system32\PSIService.exe
18:19:54.0546 4148 ProtexisLicensing - ok
18:19:54.0607 4148 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
18:19:54.0701 4148 PSched - ok
18:19:55.0043 4148 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:19:55.0135 4148 ql2300 - ok
18:19:55.0145 4148 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:19:55.0181 4148 ql40xx - ok
18:19:55.0340 4148 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
18:19:55.0356 4148 QWAVE - ok
18:19:55.0373 4148 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:19:55.0386 4148 QWAVEdrv - ok
18:19:55.0632 4148 [ 70DBDAB246C18B78E2200D6401D038BE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
18:19:55.0701 4148 RapiMgr - ok
18:19:55.0707 4148 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:19:55.0730 4148 RasAcd - ok
18:19:55.0760 4148 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
18:19:55.0807 4148 RasAuto - ok
18:19:55.0831 4148 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:19:55.0868 4148 Rasl2tp - ok
18:19:55.0929 4148 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
18:19:55.0970 4148 RasMan - ok
18:19:56.0009 4148 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:19:56.0047 4148 RasPppoe - ok
18:19:56.0082 4148 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:19:56.0094 4148 RasSstp - ok
18:19:56.0158 4148 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:19:56.0208 4148 rdbss - ok
18:19:56.0246 4148 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:19:56.0294 4148 RDPCDD - ok
18:19:56.0337 4148 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
18:19:56.0366 4148 rdpdr - ok
18:19:56.0371 4148 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:19:56.0411 4148 RDPENCDD - ok
18:19:56.0503 4148 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:19:56.0562 4148 RDPWD - ok
18:19:56.0628 4148 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:19:56.0652 4148 RemoteAccess - ok
18:19:56.0703 4148 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:19:56.0723 4148 RemoteRegistry - ok
18:19:56.0758 4148 [ 0797F6AE018D3F992A1B8DF37BBF1786 ] resetWinService C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe
18:19:56.0773 4148 resetWinService ( UnsignedFile.Multi.Generic ) - warning
18:19:56.0773 4148 resetWinService - detected UnsignedFile.Multi.Generic (1)
18:19:56.0858 4148 [ 7CCAEBCAB6FC1ED0206C07E083E79207 ] RichVideo C:\Program Files\Cyberlink\Shared files\RichVideo.exe
18:19:56.0870 4148 RichVideo - ok
18:19:56.0901 4148 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
18:19:56.0960 4148 RpcLocator - ok
18:19:56.0980 4148 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
18:19:57.0007 4148 RpcSs - ok
18:19:57.0045 4148 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:19:57.0084 4148 rspndr - ok
18:19:57.0105 4148 [ 2CC77C65216A8BB4677E637120D5731D ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
18:19:57.0136 4148 RTL8169 - ok
18:19:57.0156 4148 [ 4501C8FE11DF3192FB68D0D595EA94CC ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
18:19:57.0192 4148 RTSTOR - ok
18:19:57.0212 4148 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
18:19:57.0224 4148 SamSs - ok
18:19:57.0253 4148 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:19:57.0265 4148 sbp2port - ok
18:19:57.0302 4148 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:19:57.0322 4148 SCardSvr - ok
18:19:57.0361 4148 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
18:19:57.0480 4148 Schedule - ok
18:19:57.0498 4148 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:19:57.0516 4148 SCPolicySvc - ok
18:19:57.0576 4148 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:19:57.0620 4148 SDRSVC - ok
18:19:57.0647 4148 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:19:57.0710 4148 secdrv - ok
18:19:57.0738 4148 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
18:19:57.0763 4148 seclogon - ok
18:19:57.0782 4148 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
18:19:57.0827 4148 SENS - ok
18:19:57.0852 4148 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
18:19:57.0904 4148 Serenum - ok
18:19:57.0919 4148 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
18:19:57.0962 4148 Serial - ok
18:19:57.0993 4148 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:19:58.0016 4148 sermouse - ok
18:19:58.0045 4148 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
18:19:58.0070 4148 SessionEnv - ok
18:19:58.0085 4148 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:19:58.0104 4148 sffdisk - ok
18:19:58.0131 4148 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:19:58.0171 4148 sffp_mmc - ok
18:19:58.0189 4148 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:19:58.0213 4148 sffp_sd - ok
18:19:58.0235 4148 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:19:58.0301 4148 sfloppy - ok
18:19:58.0342 4148 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:19:58.0387 4148 SharedAccess - ok
18:19:58.0422 4148 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:19:58.0488 4148 ShellHWDetection - ok
18:19:58.0517 4148 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:19:58.0530 4148 sisagp - ok
18:19:58.0544 4148 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
18:19:58.0557 4148 SiSRaid2 - ok
18:19:58.0567 4148 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:19:58.0580 4148 SiSRaid4 - ok
18:19:58.0687 4148 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
18:19:58.0877 4148 Skype C2C Service - ok
18:19:58.0907 4148 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
18:19:58.0917 4148 SkypeUpdate - ok
18:19:59.0008 4148 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
18:19:59.0188 4148 slsvc - ok
18:19:59.0252 4148 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
18:19:59.0299 4148 SLUINotify - ok
18:19:59.0342 4148 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:19:59.0381 4148 Smb - ok
18:19:59.0422 4148 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:19:59.0435 4148 SNMPTRAP - ok
18:19:59.0721 4148 [ 8C5AF605A85C5214D40542D933DA737C ] SNP2STD C:\Windows\system32\DRIVERS\snp2sxp.sys
18:20:00.0404 4148 SNP2STD - ok
18:20:00.0523 4148 [ 82E3315B1B3E76B9A9643F987ED3AE5C ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
18:20:00.0638 4148 SNP2UVC - ok
18:20:00.0708 4148 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
18:20:00.0748 4148 spldr - ok
18:20:00.0838 4148 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
18:20:00.0941 4148 Spooler - ok
18:20:01.0105 4148 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\Windows\system32\Drivers\sptd.sys
18:20:01.0105 4148 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
18:20:01.0107 4148 sptd ( LockedFile.Multi.Generic ) - warning
18:20:01.0107 4148 sptd - detected LockedFile.Multi.Generic (1)
18:20:01.0125 4148 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:20:01.0165 4148 srv - ok
18:20:01.0205 4148 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:20:01.0252 4148 srv2 - ok
18:20:01.0277 4148 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:20:01.0312 4148 srvnet - ok
18:20:01.0350 4148 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:20:01.0387 4148 SSDPSRV - ok
18:20:01.0416 4148 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
18:20:01.0425 4148 ssmdrv - ok
18:20:01.0440 4148 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:20:01.0478 4148 SstpSvc - ok
18:20:01.0524 4148 [ 306521935042FC0A6988D528643619B3 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys
18:20:01.0527 4148 StarOpen ( UnsignedFile.Multi.Generic ) - warning
18:20:01.0527 4148 StarOpen - detected UnsignedFile.Multi.Generic (1)
18:20:01.0592 4148 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
18:20:01.0645 4148 stisvc - ok
18:20:01.0677 4148 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:20:01.0689 4148 swenum - ok
18:20:01.0738 4148 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
18:20:01.0762 4148 swprv - ok
18:20:01.0784 4148 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
18:20:01.0796 4148 Symc8xx - ok
18:20:01.0807 4148 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
18:20:01.0818 4148 Sym_hi - ok
18:20:01.0840 4148 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
18:20:01.0851 4148 Sym_u3 - ok
18:20:01.0910 4148 [ A7CEC70DD3D85AC711897E02358E9793 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:20:01.0924 4148 SynTP - ok
18:20:01.0952 4148 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
18:20:02.0006 4148 SysMain - ok
18:20:02.0059 4148 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:20:02.0087 4148 TabletInputService - ok
18:20:02.0136 4148 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:20:02.0187 4148 TapiSrv - ok
18:20:02.0209 4148 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
18:20:02.0233 4148 TBS - ok
18:20:02.0272 4148 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:20:02.0355 4148 Tcpip - ok
18:20:02.0371 4148 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
18:20:02.0401 4148 Tcpip6 - ok
18:20:02.0445 4148 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:20:02.0465 4148 tcpipreg - ok
18:20:02.0494 4148 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:20:02.0537 4148 TDPIPE - ok
18:20:02.0557 4148 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:20:02.0604 4148 TDTCP - ok
18:20:02.0642 4148 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:20:02.0681 4148 tdx - ok
18:20:02.0719 4148 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:20:02.0732 4148 TermDD - ok
18:20:02.0765 4148 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
18:20:02.0793 4148 TermService - ok
18:20:02.0811 4148 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
18:20:02.0827 4148 Themes - ok
18:20:02.0835 4148 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
18:20:02.0859 4148 THREADORDER - ok
18:20:02.0888 4148 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
18:20:02.0920 4148 TrkWks - ok
18:20:02.0970 4148 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:20:02.0988 4148 TrustedInstaller - ok
18:20:03.0022 4148 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:20:03.0065 4148 tssecsrv - ok
18:20:03.0093 4148 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
18:20:03.0114 4148 tunmp - ok
18:20:03.0178 4148 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:20:03.0208 4148 tunnel - ok
18:20:03.0233 4148 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:20:03.0246 4148 uagp35 - ok
18:20:03.0278 4148 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:20:03.0323 4148 udfs - ok
18:20:03.0386 4148 [ 1BBF135FA5D385858DEC0F484D5934A5 ] UI Assistant Service C:\Program Files\1&1 Surf-Stick\AssistantServices.exe
18:20:03.0399 4148 UI Assistant Service - ok
18:20:03.0429 4148 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:20:03.0477 4148 UI0Detect - ok
18:20:03.0517 4148 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:20:03.0530 4148 uliagpkx - ok
18:20:03.0545 4148 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
18:20:03.0562 4148 uliahci - ok
18:20:03.0578 4148 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
18:20:03.0591 4148 UlSata - ok
18:20:03.0614 4148 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
18:20:03.0627 4148 ulsata2 - ok
18:20:03.0652 4148 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:20:03.0676 4148 umbus - ok
18:20:03.0705 4148 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
18:20:03.0735 4148 upnphost - ok
18:20:03.0799 4148 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
18:20:03.0829 4148 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
18:20:03.0829 4148 USBAAPL - detected UnsignedFile.Multi.Generic (1)
18:20:03.0862 4148 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:20:03.0881 4148 usbccgp - ok
18:20:03.0900 4148 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:20:03.0967 4148 usbcir - ok
18:20:04.0005 4148 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:20:04.0031 4148 usbehci - ok
18:20:04.0070 4148 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:20:04.0099 4148 usbhub - ok
18:20:04.0111 4148 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:20:04.0151 4148 usbohci - ok
18:20:04.0175 4148 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:20:04.0198 4148 usbprint - ok
18:20:04.0212 4148 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:20:04.0257 4148 USBSTOR - ok
18:20:04.0295 4148 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:20:04.0332 4148 usbuhci - ok
18:20:04.0397 4148 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:20:04.0423 4148 usbvideo - ok
18:20:04.0449 4148 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
18:20:04.0470 4148 UxSms - ok
18:20:04.0503 4148 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
18:20:04.0557 4148 vds - ok
18:20:04.0590 4148 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:20:04.0625 4148 vga - ok
18:20:04.0634 4148 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
18:20:04.0658 4148 VgaSave - ok
18:20:04.0678 4148 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:20:04.0691 4148 viaagp - ok
18:20:04.0706 4148 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
18:20:04.0730 4148 ViaC7 - ok
18:20:04.0747 4148 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
18:20:04.0760 4148 viaide - ok
18:20:04.0780 4148 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:20:04.0793 4148 volmgr - ok
18:20:04.0828 4148 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:20:04.0847 4148 volmgrx - ok
18:20:04.0882 4148 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:20:04.0900 4148 volsnap - ok
18:20:04.0926 4148 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:20:04.0940 4148 vsmraid - ok
18:20:04.0974 4148 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
18:20:05.0040 4148 VSS - ok
18:20:05.0086 4148 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
18:20:05.0110 4148 W32Time - ok
18:20:05.0126 4148 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:20:05.0187 4148 WacomPen - ok
18:20:05.0210 4148 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
18:20:05.0239 4148 Wanarp - ok
18:20:05.0243 4148 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:20:05.0263 4148 Wanarpv6 - ok
18:20:05.0290 4148 [ 779F9C90D3FE9C70B6FFD8EF035F3E83 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
18:20:05.0353 4148 WcesComm - ok
18:20:05.0396 4148 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:20:05.0419 4148 wcncsvc - ok
18:20:05.0459 4148 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:20:05.0507 4148 WcsPlugInService - ok
18:20:05.0537 4148 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
18:20:05.0549 4148 Wd - ok
18:20:05.0576 4148 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:20:05.0600 4148 Wdf01000 - ok
18:20:05.0610 4148 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:20:05.0660 4148 WdiServiceHost - ok
18:20:05.0664 4148 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:20:05.0690 4148 WdiSystemHost - ok
18:20:05.0709 4148 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
18:20:05.0749 4148 WebClient - ok
18:20:05.0781 4148 [ 905214925A88311FCE52F66153DE7610 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:20:05.0806 4148 Wecsvc - ok
18:20:05.0816 4148 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:20:05.0836 4148 wercplsupport - ok
18:20:05.0871 4148 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
18:20:05.0897 4148 WerSvc - ok
18:20:05.0942 4148 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:20:05.0957 4148 WinDefend - ok
18:20:05.0963 4148 WinHttpAutoProxySvc - ok
18:20:06.0015 4148 WINIO - ok
18:20:06.0069 4148 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:20:06.0089 4148 Winmgmt - ok
18:20:06.0272 4148 [ 01874D4689C212460FBABF0ECD7CB7F7 ] WinRM C:\Windows\system32\WsmSvc.dll
18:20:06.0491 4148 WinRM - ok
18:20:06.0568 4148 [ 676F4B665BDD8053EAA53AC1695B8074 ] winusb C:\Windows\system32\DRIVERS\winusb.sys
18:20:06.0587 4148 winusb - ok
18:20:06.0629 4148 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:20:06.0735 4148 Wlansvc - ok
18:20:06.0829 4148 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:20:07.0008 4148 wlidsvc - ok
18:20:07.0057 4148 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:20:07.0097 4148 WmiAcpi - ok
18:20:07.0137 4148 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:20:07.0170 4148 wmiApSrv - ok
18:20:07.0240 4148 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:20:07.0323 4148 WMPNetworkSvc - ok
18:20:07.0374 4148 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:20:07.0427 4148 WPCSvc - ok
18:20:07.0493 4148 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:20:07.0515 4148 WPDBusEnum - ok
18:20:07.0543 4148 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
18:20:07.0580 4148 WpdUsb - ok
18:20:07.0702 4148 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:20:07.0728 4148 WPFFontCache_v0400 - ok
18:20:07.0762 4148 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:20:07.0792 4148 ws2ifsl - ok
18:20:07.0822 4148 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
18:20:07.0862 4148 wscsvc - ok
18:20:07.0866 4148 WSearch - ok
18:20:07.0942 4148 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
18:20:08.0210 4148 wuauserv - ok
18:20:08.0270 4148 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:20:08.0294 4148 WUDFRd - ok
18:20:08.0324 4148 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:20:08.0358 4148 wudfsvc - ok
18:20:08.0427 4148 [ 32396B4D2BF707D81C20E5E9022A2055 ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
18:20:08.0478 4148 ZTEusbmdm6k - ok
18:20:08.0493 4148 [ 32396B4D2BF707D81C20E5E9022A2055 ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
18:20:08.0506 4148 ZTEusbnmea - ok
18:20:08.0522 4148 [ 32396B4D2BF707D81C20E5E9022A2055 ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
18:20:08.0534 4148 ZTEusbser6k - ok
18:20:08.0539 4148 ================ Scan global ===============================
18:20:08.0562 4148 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
18:20:08.0592 4148 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
18:20:08.0603 4148 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
18:20:08.0634 4148 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
18:20:08.0638 4148 [Global] - ok
18:20:08.0638 4148 ================ Scan MBR ==================================
18:20:08.0655 4148 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:20:09.0066 4148 \Device\Harddisk0\DR0 - ok
18:20:09.0066 4148 ================ Scan VBR ==================================
18:20:09.0069 4148 [ 13E8234390A200E399F4F5AB8CC0F413 ] \Device\Harddisk0\DR0\Partition1
18:20:09.0071 4148 \Device\Harddisk0\DR0\Partition1 - ok
18:20:09.0105 4148 [ 62062CEECDE3D67CE29D79C3EE23A1B7 ] \Device\Harddisk0\DR0\Partition2
18:20:09.0106 4148 \Device\Harddisk0\DR0\Partition2 - ok
18:20:09.0106 4148 ============================================================
18:20:09.0106 4148 Scan finished
18:20:09.0106 4148 ============================================================
18:20:09.0123 4188 Detected object count: 8
18:20:09.0123 4188 Actual detected object count: 8
18:20:21.0327 4188 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
18:20:21.0328 4188 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
18:20:21.0330 4188 geyekrxncpvdiq ( Rootkit.Win32.TDSS.tdl2 ) - skipped by user
18:20:21.0330 4188 geyekrxncpvdiq ( Rootkit.Win32.TDSS.tdl2 ) - User select action: Skip
18:20:21.0332 4188 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:21.0332 4188 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:20:21.0333 4188 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:21.0333 4188 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:20:21.0335 4188 resetWinService ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:21.0335 4188 resetWinService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:20:21.0337 4188 sptd ( LockedFile.Multi.Generic ) - skipped by user
18:20:21.0337 4188 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
18:20:21.0339 4188 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:21.0339 4188 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:20:21.0341 4188 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
18:20:21.0341 4188 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
27.09.2012, 11:45
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner Windows VistaCode:
ATTFilter geyekrxncpvdiq ( Rootkit.Win32.TDSS.tdl2 ) - skipped by user
Um das zu tun musst du den TDSS-Killer neu starten und einen neuen Scan machen. Wenn du danach die Ergebnisse siehst, stellst du bitte diesen Eintrag auf CURE bzw. DELETE (je nachdem was dir angeboten wird, alle anderen bitte auf SKIP lassen! ) und klickst dann unten rechts auf continue Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten.
__________________ --> Bundespolizei Trojaner Windows Vista |
|
27.09.2012, 16:19
| #7 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner Windows Vista Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.09.2012, 13:16
| #8 |
| | Bundespolizei Trojaner Windows Vista Hier ist das Combo-Fix-Log: Code:
ATTFilter ComboFix 12-09-27.03 - Sarah 28.09.2012 13:50:45.1.2 - x86
ausgeführt von:: c:\users\Sarah\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sarah\4.0
c:\windows\system32\WinIo.sys
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WINIO
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-28 bis 2012-09-28 ))))))))))))))))))))))))))))))
.
.
2012-09-28 11:59 . 2012-09-28 12:03 -------- d-----w- c:\users\Sarah\AppData\Local\temp
2012-09-27 11:04 . 2012-09-27 11:04 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-26 13:35 . 2012-09-26 13:35 -------- d-----w- C:\_OTL
2012-09-24 11:56 . 2012-09-24 11:56 -------- d-----w- c:\program files\ESET
2012-09-23 10:45 . 2012-09-23 10:45 -------- d-----w- c:\users\Sarah\AppData\Roaming\Malwarebytes
2012-09-23 10:45 . 2012-09-23 10:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-23 10:45 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-16 14:38 . 2012-08-21 11:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-16 14:35 . 2012-09-16 14:35 -------- d-----w- c:\program files\iPod
2012-09-16 14:28 . 2012-09-16 14:28 -------- d-----w- c:\program files\Bonjour
2012-09-11 18:07 . 2012-09-11 18:07 -------- d-----w- c:\users\Sarah\AppData\Roaming\Avira
2012-09-11 18:01 . 2012-09-07 18:26 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-09-11 18:01 . 2012-09-07 18:26 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-09-11 18:01 . 2012-09-07 18:26 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-09-11 18:01 . 2012-09-11 18:01 -------- d-----w- c:\program files\Avira
2012-09-11 09:09 . 2012-09-11 09:09 -------- d-----w- C:\UserData
2012-09-11 09:04 . 2011-03-26 08:37 9216 ----a-w- c:\windows\system32\drivers\massfilter.sys
2012-09-11 09:04 . 2011-03-26 08:37 107776 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2012-09-11 09:04 . 2011-03-26 08:37 107776 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2012-09-11 09:04 . 2011-03-26 08:37 107776 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2012-09-11 09:04 . 2012-09-11 09:04 -------- d-----w- c:\windows\system32\SupportAppCB
2012-09-11 09:04 . 2012-09-11 09:07 -------- d-----w- c:\program files\1&1 Surf-Stick
2012-09-07 10:11 . 2012-08-23 07:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{A78328D0-B058-4540-94EE-EFBFECD19493}\mpengine.dll ERROR(0x00000005)
2012-09-01 12:07 . 2012-09-23 15:32 -------- d-----w- c:\users\Sarah\AppData\Roaming\Skype
2012-09-01 12:07 . 2012-09-01 12:07 -------- d-----w- c:\program files\Common Files\Skype
2012-09-01 12:07 . 2012-09-01 12:08 -------- d-----r- c:\program files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-26 15:04 . 2012-05-17 18:21 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-26 15:04 . 2012-05-17 18:21 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-23 07:15 . 2009-02-19 05:31 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll ERROR(0x00000005)
2012-08-21 11:01 . 2012-08-21 11:01 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-07-04 14:02 . 2012-08-21 11:07 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-09-13 19:08 . 2012-09-13 19:07 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Akamai NetSession Interface"="c:\users\Sarah\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2008-08-28 233472]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-10 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-10 92704]
"PDVD8LanguageShortcut"="c:\program files\HomeCinema\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-27 1434920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-10-31 1833504]
"tsnp2std"="c:\windows\tsnp2std.exe" [2007-01-05 258048]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"UIExec"="c:\program files\1&1 Surf-Stick\UIExec.exe" [2012-01-17 153424]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-09-07 348664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\62668516.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-27 19:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-07-04 10:40 133104 ----atw- c:\users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 21:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-05-26 16:36 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 15:04]
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-494165459-3435025325-3623417751-1000Core.job
- c:\users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-04 10:40]
.
2012-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-494165459-3435025325-3623417751-1000UA.job
- c:\users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-04 10:40]
.
2012-09-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-494165459-3435025325-3623417751-1000.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\hjt4u3bf.default\
FF - prefs.js: browser.search.selectedEngine -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-Free Studio_is1 - c:\program files\DVDVideoSoft\Free Studio\unins000.exe
AddRemove-Free YouTube Download_is1 - c:\program files\DVDVideoSoft\Free YouTube Download\unins000.exe
AddRemove-Free YouTube to iPod Converter_is1 - c:\program files\DVDVideoSoft\Free YouTube to iPod Converter\unins000.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
AddRemove-FLV Player - c:\program files\FLVPlayer\Uninstall\Uninstall.exe
AddRemove-FoxTab PDF Creator - c:\program files\FoxTabPDFConverter\Uninstall\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-28 14:03
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_5891ae0.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-494165459-3435025325-3623417751-1000\Software\SecuROM\License information*]
"datasecu"=hex:9f,ba,a3,dd,a5,0b,18,2e,29,2f,32,7b,59,45,12,0d,f6,40,a9,2b,1a,
78,09,7e,8a,b6,8b,59,b3,d9,bf,44,a4,c4,9a,dd,65,4e,74,f4,3c,75,8e,80,32,ef,\
"rkeysecu"=hex:4e,30,2c,80,1d,2b,43,62,3e,b6,1c,af,15,31,e2,ed
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PSIService.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\program files\1&1 Surf-Stick\AssistantServices.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-28 14:11:41 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-09-28 12:11
.
Vor Suchlauf: 17 Verzeichnis(se), 330.241.970.176 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 329.705.132.032 Bytes frei
.
- - End Of File - - 9376ECB69B0E673EAC80061A69EC6D88
|
|
28.09.2012, 14:50
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner Windows Vista Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.09.2012, 15:05
| #10 |
| | Bundespolizei Trojaner Windows Vista Hier die Logs: GMER: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-30 15:18:37
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545050B9A300 rev.PB4OC60G
Running: cnwin3ev.exe; Driver: C:\Users\Sarah\AppData\Local\Temp\kwloypow.sys
---- System - GMER 1.0.15 ----
SSDT 90DBA92E ZwCreateSection
SSDT 90DBA938 ZwRequestWaitReplyPort
SSDT 90DBA933 ZwSetContextThread
SSDT 90DBA93D ZwSetSecurityObject
SSDT 90DBA942 ZwSystemDebugControl
SSDT 90DBA8CF ZwTerminateProcess
INT 0x51 ? 875A1BF8
INT 0x61 ? 90400050
INT 0x71 ? 904002D0
INT 0x72 ? 875A1BF8
INT 0x82 ? 90400CD0
INT 0x92 ? 8578BBF8
INT 0x92 ? 8578BBF8
INT 0x92 ? 8578BBF8
INT 0x92 ? 8578BBF8
INT 0x92 ? 875A1BF8
INT 0x92 ? 875A1BF8
INT 0x92 ? 875A1BF8
INT 0x92 ? 8578BBF8
INT 0xA2 ? 904007D0
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 82EE58D8 4 Bytes [2E, A9, DB, 90]
.text ntkrnlpa.exe!KeSetEvent + 539 82EE5BFC 4 Bytes [38, A9, DB, 90]
.text ntkrnlpa.exe!KeSetEvent + 56D 82EE5C30 4 Bytes [33, A9, DB, 90]
.text ntkrnlpa.exe!KeSetEvent + 5D1 82EE5C94 4 Bytes [3D, A9, DB, 90]
.text ntkrnlpa.exe!KeSetEvent + 619 82EE5CDC 4 Bytes [42, A9, DB, 90]
.text ...
? System32\Drivers\spzl.sys Das System kann den angegebenen Pfad nicht finden. !
PAGE ataport.SYS!DllUnload 8AE8AB2E 5 Bytes JMP 8578B1D8
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F40C320, 0x3EEAF7, 0xE8000020]
.text USBPORT.SYS!DllUnload 8B34341B 5 Bytes JMP 875A11D8
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[5604] ntdll.dll!LdrLoadDll 77DA9378 5 Bytes JMP 653D0C00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5604] kernel32.dll!HeapSetInformation + 26 773BA8C0 7 Bytes JMP 653D3FAC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5604] kernel32.dll!LockResource + C 773D6B0B 7 Bytes JMP 65607B29 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5604] kernel32.dll!VirtualAllocEx + 54 773DAF70 7 Bytes JMP 65607B4C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5604] GDI32.dll!SetStretchBltMode + 256 77F8745C 7 Bytes JMP 65607AAA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068B6D6] \SystemRoot\System32\Drivers\spzl.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068B042] \SystemRoot\System32\Drivers\spzl.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068B800] \SystemRoot\System32\Drivers\spzl.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068B0C0] \SystemRoot\System32\Drivers\spzl.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068B13E] \SystemRoot\System32\Drivers\spzl.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8069AB90] \SystemRoot\System32\Drivers\spzl.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 861201F8
Device \FileSystem\fastfat \FatCdrom 9052B1F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC8 0xA4 0x01 0xCD ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC8 0xA4 0x01 0xCD ...
---- EOF - GMER 1.0.15 ----
OSAM: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 14:15:02 on 30.09.2012 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 15.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskUserS-1-5-21-494165459-3435025325-3623417751-1000Core.job" - "Google Inc." - C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-494165459-3435025325-3623417751-1000UA.job" - "Google Inc." - C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe "RealUpgradeScheduledTaskS-1-5-21-494165459-3435025325-3623417751-1000.job" - "RealNetworks, Inc." - C:\Program Files\Real\RealUpgrade\realupgrade.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\MLCFG32.CPL "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "adfs" (adfs) - "Adobe Systems, Inc." - C:\Windows\system32\drivers\adfs.sys "Apple Mobile USB Driver" (USBAAPL) - "Apple, Inc." - C:\Windows\System32\Drivers\usbaapl.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "kwloypow" (kwloypow) - ? - C:\Users\Sarah\AppData\Local\Temp\kwloypow.sys (Hidden registry entry, rootkit activity | File not found) "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONFILTER.DLL {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_12" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} "Java Plug-in 1.6.0_12" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_12" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_12.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (HTTP value) {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Akamai NetSession Interface" - "Akamai Technologies, Inc." - "C:\Users\Sarah\AppData\Local\Akamai\netsession_win.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "PDVD8LanguageShortcut" - ? - "C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe" "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "tsnp2std" - "SONIX" - C:\Windows\tsnp2std.exe "tsnp2uvc" - ? - C:\Windows\tsnp2uvc.exe "UCam_Menu" - "CyberLink Corp." - "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" "UIExec" - ? - "C:\Program Files\1&1 Surf-Stick\UIExec.exe" (File found, but it contains no detailed information) [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "Adobe Drive CS4 Network" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll "Redmon" - ? - C:\Windows\system32\redmonnt.dll (File found, but it contains no detailed information) "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Program Files\NOS\bin\getPlus_Helper.dll "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Akamai NetSession Interface" (Akamai) - "Akamai Technologies, Inc." - c:\program files\common files\akamai\netsession_win_5891ae0.dll "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\Cyberlink\Shared files\RichVideo.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe "Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe "ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe "Reset Reader" (resetWinService) - ? - C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe (File found, but it contains no detailed information) "Skype C2C Service" (Skype C2C Service) - "Skype Technologies S.A." - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe "UI Assistant Service" (UI Assistant Service) - ? - C:\Program Files\1&1 Surf-Stick\AssistantServices.exe (File found, but it contains no detailed information) "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-30 15:21:39
-----------------------------
15:21:39.590 OS Version: Windows 6.0.6002 Service Pack 2
15:21:39.590 Number of processors: 2 586 0x170A
15:21:39.590 ComputerName: SARAH-PC UserName: Sarah
15:21:42.002 Initialize success
15:23:08.271 AVAST engine defs: 12093000
15:31:29.363 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:31:29.496 Disk 0 Vendor: Hitachi_HTS545050B9A300 PB4OC60G Size: 476940MB BusType: 3
15:31:29.767 Disk 0 MBR read successfully
15:31:29.819 Disk 0 MBR scan
15:31:29.824 Disk 0 Windows VISTA default MBR code
15:31:29.904 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 450940 MB offset 2048
15:31:30.052 Disk 0 Partition 2 00 0C FAT32 LBA MSWIN4.1 25997 MB offset 923527168
15:31:30.208 Disk 0 scanning sectors +976769024
15:31:30.672 Disk 0 scanning C:\Windows\system32\drivers
15:33:04.558 Service scanning
15:33:28.327 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
15:33:35.801 Modules scanning
15:34:20.600 Disk 0 trace - called modules:
15:34:20.956 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8578f1f8]<<
15:34:20.960 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863d3620]
15:34:20.964 3 CLASSPNP.SYS[8b59e8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8616fb98]
15:34:20.968 \Driver\atapi[0x86194a60] -> IRP_MJ_CREATE -> 0x8578f1f8
15:34:22.679 AVAST engine scan C:\Windows
15:37:18.376 AVAST engine scan C:\Windows\system32
15:42:41.718 AVAST engine scan C:\Windows\system32\drivers
15:43:08.409 AVAST engine scan C:\Users\Sarah
16:03:27.335 Disk 0 MBR has been saved successfully to "C:\Users\Sarah\Desktop\MBR.dat"
16:03:27.342 The log file has been saved successfully to "C:\Users\Sarah\Desktop\aswMBR.txt"
|
|
01.10.2012, 12:47
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner Windows Vista Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Bundespolizei Trojaner Windows Vista |
| administrator, anti-malware, autostart, babylon toolbar, benötige, bericht, bösartige, conduit, dateien, dealply, durchgeführt, erfolgreich, explorer, gelöscht, iminent toolbar, install.exe, limited.com/facebook, malwarebytes, minute, origin, picasa, plug-in, quarantäne, registrierung, scan, search the web, service, service pack 2, speicher, trojan.agent, trojaner, tubebox, usb 2.0, version, vista, wajam, windows, windows vista, wscript.exe, yontoo |
Hybrid-Darstellung
