| |
| |||||||
Log-Analyse und Auswertung: Suchmaschinen wie z.B Google leiten auf falsche Seite umWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
23.10.2012, 17:07
| #1 |
| |  Suchmaschinen wie z.B Google leiten auf falsche Seite um Hallo Ich habe wohl ein bekanntes Problem mit Google und andere Suchmaschienen. Laut Forum können aber Unterschiede in der Vorgehensweise bestehen wie man das Problem lösen kann dewegen trage ich euch mein Problem zu und hoffe ihr könnt mir helfen. Das Problem ist das ich unter z.B Google auf unterschiedliche falsche Internetseiten umgleitet werde sobald ich auf ein Suchergergebnis klicke. Desweiteren kann ich auch das Windows Sicherheits center nicht mehr aktivieren. Ich muss zu geben ich bin kein Computer experte und hoffe ihr könnt mir eine Schritt für Schritt anleitung geben. Ich bin für jede Hilfe Dankbar. Habe bereits mal ein Logfile mit Hijack This erstellt. Ich hoffen das war so richtig. So hier ist Der Logfile : HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:51:56, on 21.10.2012 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Internet Explorer v9.00 (9.00.8112.16443) Boot mode: Normal Running processes: C:\windows\system32\taskhost.exe C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\windows\System32\rundll32.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\SweetIM\Messenger\SweetIM.exe C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Franson\GpsGate 2.0\GpsGateXP.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.chatzum.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL O2 - BHO: Bcool - {8AADC003-879D-74B3-4E9E-711E382629D5} - C:\ProgramData\Bcool\5071c182ca938.ocx O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O2 - BHO: TBSB09850 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\ChatZum Toolbar\tbunseF10.tmp\tbcore3.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: ChatZum Toolbar - {37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1} - C:\Program Files\ChatZum Toolbar\tbunseF10.tmp\tbcore3.dll O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Startup: GpsGate.lnk = ? O4 - Global Startup: Bluetooth.lnk = ? O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O13 - Gopher Prefix: O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///F:/Island%202011/Magix%20Island%20Film/components/A9.ocx O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///F:/Island%202011/Magix%20Island%20Film/components/wmvhdrating.ocx O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-Service.exe O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-LogRotatorService.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: Franson GpsGate 2.0 - Unknown owner - C:\Program Files\Franson\GpsGate 2.0\GpsGateService.exe O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe O23 - Service: vToolbarUpdater12.2.6 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- End of file - 8693 bytes Und Ihr der Quick Scan unter Malewarebytes (leider nichts gefunden) Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.23.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16443 Besitzer :: BESITZER-PC [Administrator] Schutz: Aktiviert 23.10.2012 18:13:50 mbam-log-2012-10-23 (18-13-50).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 206258 Laufzeit: 9 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
23.10.2012, 18:13
| #2 |
| /// Malware-holic   | Suchmaschinen wie z.B Google leiten auf falsche Seite um hi
__________________aber das suchmaschinen problem hindert dich nicht, unsere anleitung zu lesen, denn HijackThis logs wollen wir keine sehen. schaun wir mal: Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
24.10.2012, 16:02
| #3 |
| | Suchmaschinen wie z.B Google leiten auf falsche Seite um So hier die OTL .TXt
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 10/24/2012 5:51:29 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Besitzer\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16443) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014.12 Mb Total Physical Memory | 343.37 Mb Available Physical Memory | 33.86% Memory free 1.99 Gb Paging File | 1.09 Gb Available in Paging File | 54.60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100.00 Gb Total Space | 63.68 Gb Free Space | 63.68% Space Free | Partition Type: NTFS Drive D: | 117.87 Gb Total Space | 114.68 Gb Free Space | 97.30% Space Free | Partition Type: NTFS Computer Name: BESITZER-PC | User Name: Besitzer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/10/24 05:47:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Besitzer\Desktop\OTL.exe PRC - [2012/10/16 09:48:00 | 002,360,864 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe PRC - [2012/10/09 20:24:31 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/08/15 19:08:34 | 000,231,768 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe PRC - [2012/06/16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe PRC - [2012/05/31 14:33:56 | 000,385,416 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe PRC - [2012/05/29 15:50:04 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe PRC - [2011/06/27 23:15:38 | 000,540,672 | ---- | M] () -- C:\Program Files\Franson\GpsGate 2.0\GpsGateXP.exe PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/11/20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/11/20 04:17:02 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2010/04/16 17:56:44 | 002,843,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe PRC - [2010/04/16 17:56:44 | 000,828,704 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2010/04/16 17:56:44 | 000,644,384 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe ========== Modules (No Company Name) ========== MOD - [2012/10/16 09:48:00 | 002,360,864 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe MOD - [2012/10/16 09:47:12 | 002,075,680 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll MOD - [2012/07/16 14:19:32 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll MOD - [2012/04/11 17:40:06 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\System.Management.ni.dll MOD - [2012/04/11 16:05:14 | 012,432,896 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll MOD - [2012/04/11 16:04:43 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll MOD - [2012/04/11 16:03:15 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll MOD - [2012/04/11 16:02:56 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll MOD - [2012/04/11 16:02:53 | 007,963,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll MOD - [2012/04/11 16:00:53 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll MOD - [2011/06/27 23:15:38 | 000,540,672 | ---- | M] () -- C:\Program Files\Franson\GpsGate 2.0\GpsGateXP.exe MOD - [2011/06/27 23:15:04 | 000,118,784 | ---- | M] () -- C:\Windows\System32\GateApiXP.dll MOD - [2010/09/02 13:08:00 | 000,118,784 | ---- | M] () -- C:\PROGRA~1\ASUS\ASUSWE~1\30108~1.222\ASUSWS~1.DLL MOD - [2010/04/16 17:56:56 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll MOD - [2009/07/26 03:25:25 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2005/09/21 14:05:30 | 000,286,720 | ---- | M] () -- C:\Windows\System32\GpsToolsXP.dll ========== Services (SafeList) ========== SRV - [2012/10/16 09:48:00 | 002,360,864 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe -- (Browser Manager) SRV - [2012/10/09 20:24:48 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/06/16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe -- (NIS) SRV - [2012/05/31 14:33:56 | 000,385,416 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc) SRV - [2012/05/31 14:33:10 | 000,397,704 | ---- | M] (BlueStack Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc) SRV - [2011/06/27 23:15:44 | 000,258,048 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Franson\GpsGate 2.0\GpsGateService.exe -- (Franson GpsGate 2.0) SRV - [2010/04/16 17:56:44 | 000,644,384 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009/08/19 02:35:56 | 000,219,136 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\AsusService.exe -- (AsusService) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) ========== Driver Services (SafeList) ========== DRV - [2012/10/03 16:16:40 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121020.002\IDSvix86.sys -- (IDSVix86) DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/09/18 18:27:09 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121022.032\NAVEX15.SYS -- (NAVEX15) DRV - [2012/09/18 18:27:09 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121022.032\NAVENG.SYS -- (NAVENG) DRV - [2012/09/11 20:46:43 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012/09/01 00:09:14 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120928.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2012/08/13 20:59:29 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/07/30 11:24:30 | 000,132,608 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2plx86) DRV - [2012/07/06 04:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\srtsp.sys -- (SRTSP) DRV - [2012/07/06 04:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\srtspx.sys -- (SRTSPX) DRV - [2012/06/07 06:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\ccsetx86.sys -- (ccSet_NIS) DRV - [2012/05/31 14:33:40 | 000,066,952 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys -- (BstHdDrv) DRV - [2012/05/22 03:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symefa.sys -- (SymEFA) DRV - [2012/04/18 04:13:32 | 000,318,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symnets.sys -- (SymNetS) DRV - [2012/04/18 03:42:14 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\ironx86.sys -- (SymIRON) DRV - [2012/04/10 17:52:17 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2011/07/25 20:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symds.sys -- (SymDS) DRV - [2010/11/20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/04/22 05:59:09 | 000,065,576 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2010/04/19 07:43:57 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2010/03/31 03:40:20 | 000,011,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO) DRV - [2009/07/14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2009/07/14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007/03/20 15:13:38 | 000,300,544 | ---- | M] (AfaTech ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA) DRV - [2006/04/03 22:00:56 | 000,014,949 | ---- | M] (franson.biz) [Kernel | System | Running] -- C:\Windows\System32\drivers\bizVSerialNT.sys -- (bizVSerial) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.chatzum.com/ IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.chatzum.com/?q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGNI_deDE504 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/04/10 17:52:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/10/24 05:42:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension [2012/10/21 21:16:45 | 000,000,000 | ---D | M] [2012/10/06 22:37:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\extensions [2012/10/06 21:08:52 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com [2012/10/04 17:57:36 | 000,214,514 | ---- | M] () (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\firefox\profiles\extensions\TorrentHandler@TorrentHandler.com.xpi [2012/10/21 21:17:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files\Claro LTD\claro\1.8.3.10\bh\claro.dll File not found O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found. O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd) O4 - HKCU..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found O4 - Startup: C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GpsGate.lnk = C:\Program Files\Franson\GpsGate 2.0\GpsGateXP.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///F:/Island%202011/Magix%20Island%20Film/components/A9.ocx (A9Helper.A9) O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///F:/Island%202011/Magix%20Island%20Film/components/wmvhdrating.ocx (WMVHDRatingCtrl Class) O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0893CBE6-B9DB-491E-99CC-907870EC407F}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - AppInit_DLLs: (c:\progra~2\browse~1\23811~1.154\{61d8b~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{4b70abe6-8315-11e1-bca9-20cf300dadab}\Shell\AutoRun\command - "" = E:\Start.exe O33 - MountPoints2\{4b70abe6-8315-11e1-bca9-20cf300dadab}\Shell\Install\Command - "" = E:\Start.exe O33 - MountPoints2\{d67ec0a6-cffd-11e1-94af-20cf300dadab}\Shell - "" = AutoRun O33 - MountPoints2\{d67ec0a6-cffd-11e1-94af-20cf300dadab}\Shell\AutoRun\command - "" = E:\MobileBroadbandSetup.exe AUTORUN=1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS) MsConfig - StartUpReg: ASUS VIBE - hkey= - key= - C:\Program Files\ASUS\ASUS VIBE\ASUS VIBE.exe (ecm) MsConfig - StartUpReg: ASUSPRP - hkey= - key= - C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) MsConfig - StartUpReg: ASUSWebStorage - hkey= - key= - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme) MsConfig - StartUpReg: Boingo Wi-Fi - hkey= - key= - C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk () MsConfig - StartUpReg: CapsHook - hkey= - key= - File not found MsConfig - StartUpReg: Eee Docking - hkey= - key= - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe () MsConfig - StartUpReg: EeeSplendidAgent - hkey= - key= - File not found MsConfig - StartUpReg: HotkeyMon - hkey= - key= - File not found MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found MsConfig - StartUpReg: HotkeyService - hkey= - key= - File not found MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found MsConfig - StartUpReg: LiveUpdate - hkey= - key= - File not found MsConfig - StartUpReg: OOBESetup - hkey= - key= - C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe (ASUSTeK Computer Inc.) MsConfig - StartUpReg: Persistence - hkey= - key= - File not found MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) MsConfig - StartUpReg: SuperHybridEngine - hkey= - key= - File not found MsConfig - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) MsConfig - State: "startup" - 2 MsConfig - State: "services" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/10/24 05:47:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Besitzer\Desktop\OTL.exe [2012/10/22 18:05:24 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\NPE [2012/10/22 17:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/10/22 17:17:44 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2012/10/22 17:17:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/10/21 22:11:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012/10/21 22:11:14 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012/10/21 21:17:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012/10/21 21:17:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012/10/21 21:17:04 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\Babylon [2012/10/21 21:16:59 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService [2012/10/21 21:16:50 | 000,000,000 | ---D | C] -- C:\windows\System32\searchplugins [2012/10/21 21:16:50 | 000,000,000 | ---D | C] -- C:\windows\System32\Extensions [2012/10/21 21:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager [2012/10/21 20:21:54 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\Malwarebytes [2012/10/21 20:21:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/10/21 19:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012/10/21 19:57:50 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012/10/21 19:47:09 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2012/10/21 19:47:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis [2012/10/16 06:04:35 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\Desktop\Garmin Support [2012/10/10 17:20:12 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\anpo.republika.pl [2012/10/10 17:17:59 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\fltk.org [2012/10/08 20:49:33 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\Documents\GpsGateBuffer [2012/10/08 20:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Franson GpsGate 2.6 [2012/10/08 20:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\ChatZum Toolbar [2012/10/08 20:05:48 | 000,000,000 | ---D | C] -- C:\Program Files\Franson [2012/10/08 19:02:49 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\Documents\GpsGate [2012/10/08 18:59:55 | 000,000,000 | ---D | C] -- C:\windows\Downloaded Installations [2012/10/08 18:41:49 | 000,000,000 | ---D | C] -- C:\ProgramData\MySQL [2012/10/08 18:38:19 | 000,000,000 | ---D | C] -- C:\Program Files\MySQL [2012/10/08 18:36:38 | 000,000,000 | ---D | C] -- C:\Program Files\IIS Express [2012/10/08 16:20:00 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\Garmin [2012/10/08 16:19:24 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\GARMIN_Corp [2012/10/07 19:46:10 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate [2012/10/07 19:18:30 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\Tracing [2012/10/07 19:18:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM [2012/10/07 19:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM [2012/10/07 15:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip [2012/10/07 15:56:26 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\WinZip [2012/10/07 15:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip [2012/10/07 15:56:06 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip [2012/10/06 21:08:55 | 000,000,000 | ---D | C] -- C:\Program Files\TorrentHandler [2012/10/06 21:08:52 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\Mozilla [2012/10/06 21:08:09 | 000,000,000 | ---D | C] -- C:\Program Files\1ClickDownload [2012/10/06 14:39:39 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\Google [2012/10/06 14:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2012/10/06 14:37:05 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\Google [2012/10/06 14:36:25 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\Deployment [2012/10/06 14:36:25 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\Apps [2012/10/06 13:33:04 | 000,000,000 | ---D | C] -- C:\Garmin [2012/10/06 11:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cGPSmapper Routable [2012/10/06 11:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cGPSmapper Free [2012/10/05 10:23:55 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Garmin [2012/10/05 10:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2012/10/05 10:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin [2012/10/04 18:11:42 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\Documents\Mein Garmin [2012/10/04 18:11:40 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\GARMIN [2012/10/04 18:10:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin [2012/10/04 17:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\GARMIN [2012/10/04 17:50:35 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin GPS Plugin ========== Files - Modified Within 30 Days ========== [2012/10/24 05:47:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Besitzer\Desktop\OTL.exe [2012/10/24 05:47:08 | 000,001,102 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/10/24 05:46:33 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/10/24 05:46:33 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/10/24 05:40:03 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/10/24 05:39:06 | 000,000,322 | ---- | M] () -- C:\windows\tasks\GYIRLAD.job [2012/10/24 05:38:54 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/10/24 05:38:46 | 797,532,160 | -HS- | M] () -- C:\hiberfil.sys [2012/10/24 05:35:02 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/10/23 18:30:18 | 000,000,253 | ---- | M] () -- C:\Users\Besitzer\Desktop\Suchmaschinen wie z.B Google leiten auf falsche Seite um - Trojaner-Board.url [2012/10/22 17:17:49 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/10/21 23:39:29 | 000,000,138 | ---- | M] () -- C:\Users\Besitzer\Desktop\raumbezug - Interaktive Karten - OpenStreetMap - Garmin - routingfähig.url [2012/10/21 23:31:36 | 000,000,257 | ---- | M] () -- C:\Users\Besitzer\Desktop\Anzeigen von GMAPSUPP.IMG in MapSource.url [2012/10/21 19:57:54 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/10/21 19:47:09 | 000,002,039 | ---- | M] () -- C:\Users\Besitzer\Desktop\HijackThis.lnk [2012/10/16 22:27:43 | 000,696,370 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012/10/16 22:27:43 | 000,651,648 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012/10/16 22:27:43 | 000,147,634 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012/10/16 22:27:43 | 000,120,580 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012/10/16 16:26:39 | 000,010,074 | ---- | M] () -- C:\windows\System32\drivers\NIS\1309000.009\VT20121008.022 [2012/10/16 05:59:33 | 000,133,120 | ---- | M] () -- C:\Users\Besitzer\Desktop\MapSetToolKit.exe [2012/10/16 05:40:08 | 000,002,414 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2012/10/16 05:39:23 | 001,320,540 | ---- | M] () -- C:\windows\System32\drivers\NIS\1309000.009\Cat.DB [2012/10/10 17:12:57 | 000,090,112 | RHS- | M] () -- C:\windows\System32\aitagentr.dll [2012/10/09 17:25:45 | 000,000,555 | ---- | M] () -- C:\Users\Besitzer\Desktop\MobilePC.lnk [2012/10/09 06:01:25 | 000,000,892 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GpsGate.lnk [2012/10/08 20:39:45 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\Franson GpsGate 2.6.lnk [2012/10/08 20:20:39 | 000,000,023 | ---- | M] () -- C:\windows\ODBCINST.INI [2012/10/08 18:56:48 | 000,000,910 | ---- | M] () -- C:\windows\System32\InstallUtil.InstallLog [2012/10/07 19:56:31 | 000,000,102 | ---- | M] () -- C:\Users\Besitzer\Documents\1Click.cfg [2012/10/07 15:56:40 | 000,002,261 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk [2012/10/04 18:41:49 | 000,001,678 | ---- | M] () -- C:\Users\Besitzer\Desktop\MapSource.lnk [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2012/09/26 12:34:14 | 000,000,172 | ---- | M] () -- C:\windows\System32\drivers\NIS\1309000.009\isolate.ini ========== Files Created - No Company Name ========== [2012/10/23 18:30:17 | 000,000,253 | ---- | C] () -- C:\Users\Besitzer\Desktop\Suchmaschinen wie z.B Google leiten auf falsche Seite um - Trojaner-Board.url [2012/10/22 17:17:49 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/10/21 23:39:29 | 000,000,138 | ---- | C] () -- C:\Users\Besitzer\Desktop\raumbezug - Interaktive Karten - OpenStreetMap - Garmin - routingfähig.url [2012/10/21 23:31:35 | 000,000,257 | ---- | C] () -- C:\Users\Besitzer\Desktop\Anzeigen von GMAPSUPP.IMG in MapSource.url [2012/10/21 21:15:52 | 000,162,304 | ---- | C] () -- C:\windows\System32\ztvunrar36.dll [2012/10/21 21:15:52 | 000,077,312 | ---- | C] () -- C:\windows\System32\ztvunace26.dll [2012/10/21 19:57:54 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/10/21 19:47:09 | 000,002,039 | ---- | C] () -- C:\Users\Besitzer\Desktop\HijackThis.lnk [2012/10/10 17:12:57 | 000,090,112 | RHS- | C] () -- C:\windows\System32\aitagentr.dll [2012/10/10 17:12:57 | 000,000,322 | ---- | C] () -- C:\windows\tasks\GYIRLAD.job [2012/10/09 17:25:45 | 000,000,555 | ---- | C] () -- C:\Users\Besitzer\Desktop\MobilePC.lnk [2012/10/08 20:39:44 | 000,001,977 | ---- | C] () -- C:\Users\Public\Desktop\Franson GpsGate 2.6.lnk [2012/10/08 19:05:06 | 000,000,892 | ---- | C] () -- C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GpsGate.lnk [2012/10/08 18:56:31 | 000,000,910 | ---- | C] () -- C:\windows\System32\InstallUtil.InstallLog [2012/10/08 18:38:20 | 000,000,023 | ---- | C] () -- C:\windows\ODBCINST.INI [2012/10/07 17:54:26 | 000,000,102 | ---- | C] () -- C:\Users\Besitzer\Documents\1Click.cfg [2012/10/07 15:56:40 | 000,002,261 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk [2012/10/06 14:37:22 | 000,001,102 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/10/06 14:37:20 | 000,001,098 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/10/06 10:33:20 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/10/04 18:41:49 | 000,001,678 | ---- | C] () -- C:\Users\Besitzer\Desktop\MapSource.lnk [2012/04/10 17:24:54 | 000,001,769 | ---- | C] () -- C:\windows\Language_trs.ini [2011/06/27 23:15:46 | 000,163,840 | ---- | C] () -- C:\windows\System32\GpsGateComClient.dll [2011/06/27 23:15:04 | 000,118,784 | ---- | C] () -- C:\windows\System32\GateApiXP.dll [2010/05/28 07:50:35 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 10:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012/10/10 17:20:12 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\anpo.republika.pl [2010/05/28 08:06:05 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\ASUS WebStorage [2012/10/21 21:17:04 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Babylon [2012/10/10 17:17:59 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\fltk.org [2012/10/08 16:23:53 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\GARMIN ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012/04/11 12:30:17 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012/04/11 15:59:50 | 000,000,000 | -HSD | M] -- C:\Boot [2012/10/23 19:27:26 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012/10/06 14:21:32 | 000,000,000 | ---D | M] -- C:\Garmin [2010/05/28 07:38:55 | 000,000,000 | ---D | M] -- C:\Intel [2012/04/10 18:10:51 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009/07/14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012/10/22 17:17:44 | 000,000,000 | R--D | M] -- C:\Program Files [2012/10/23 19:27:29 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010/09/23 14:47:05 | 000,000,000 | -HSD | M] -- C:\Recovery [2012/10/24 05:57:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010/09/23 14:48:38 | 000,000,000 | R--D | M] -- C:\Users [2012/10/24 05:41:29 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009/07/14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009/07/14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009/07/14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009/07/14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010/11/20 04:16:54 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009/07/14 06:53:46 | 000,028,846 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT [2009/07/14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT [2012/10/06 10:33:20 | 000,000,884 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job [2012/10/06 14:37:20 | 000,001,098 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job [2012/10/06 14:37:22 | 000,001,102 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job [2012/10/10 17:12:57 | 000,000,322 | ---- | C] () -- C:\windows\Tasks\GYIRLAD.job < MD5 for: AGP440.SYS > [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010/11/20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTOR.SYS > [2009/06/05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009/06/05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2009/06/05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys [2009/06/05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1f15fc3e546800a\iaStor.sys < MD5 for: IASTORV.SYS > [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\SoftwareDistribution\Download\68a932b7d968000f163a56fce4f1c00f\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\SoftwareDistribution\Download\68a932b7d968000f163a56fce4f1c00f\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\SoftwareDistribution\Download\68a932b7d968000f163a56fce4f1c00f\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010/11/20 04:29:56 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys [2010/11/20 04:29:56 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 04:29:56 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\SoftwareDistribution\Download\68a932b7d968000f163a56fce4f1c00f\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010/11/20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010/11/20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\SoftwareDistribution\Download\68a932b7d968000f163a56fce4f1c00f\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\SoftwareDistribution\Download\68a932b7d968000f163a56fce4f1c00f\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\SoftwareDistribution\Download\68a932b7d968000f163a56fce4f1c00f\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\SoftwareDistribution\Download\68a932b7d968000f163a56fce4f1c00f\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010/11/20 04:30:08 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys [2010/11/20 04:30:08 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 04:30:08 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010/11/20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010/11/20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010/11/20 04:21:34 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010/11/20 04:21:34 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010/11/20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010/11/20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010/11/20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2012/10/10 17:12:57 | 000,090,112 | RHS- | M] () Unable to obtain MD5 -- C:\windows\system32\aitagentr.dll [2011/06/27 23:15:04 | 000,118,784 | ---- | M] () Unable to obtain MD5 -- C:\windows\system32\GateApiXP.dll [2009/07/14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\LocationApi.dll < %USERPROFILE%\*.* > [2012/10/24 06:38:44 | 002,621,440 | -HS- | M] () -- C:\Users\Besitzer\NTUSER.DAT [2012/10/24 06:38:44 | 000,262,144 | -HS- | M] () -- C:\Users\Besitzer\ntuser.dat.LOG1 [2010/09/23 14:48:43 | 000,000,000 | -HS- | M] () -- C:\Users\Besitzer\ntuser.dat.LOG2 [2010/09/23 15:03:39 | 000,065,536 | -HS- | M] () -- C:\Users\Besitzer\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010/09/23 15:03:39 | 000,524,288 | -HS- | M] () -- C:\Users\Besitzer\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010/09/23 15:03:39 | 000,524,288 | -HS- | M] () -- C:\Users\Besitzer\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2009/07/14 06:53:59 | 000,000,020 | -HS- | M] () -- C:\Users\Besitzer\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:AB689DEA @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:8DE37BC3 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:C9633DEB @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:5F64C164 < End of report > Und hier Extras.txtOTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 10/24/2012 5:51:29 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Besitzer\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16443)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1014.12 Mb Total Physical Memory | 343.37 Mb Available Physical Memory | 33.86% Memory free
1.99 Gb Paging File | 1.09 Gb Available in Paging File | 54.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 63.68 Gb Free Space | 63.68% Space Free | Partition Type: NTFS
Drive D: | 117.87 Gb Total Space | 114.68 Gb Free Space | 97.30% Space Free | Partition Type: NTFS
Computer Name: BESITZER-PC | User Name: Besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02BBDC6E-0D33-437C-B80E-178986C23513}" = lport=137 | protocol=17 | dir=in | app=system |
"{10F38308-DD8F-4666-908E-6DD1DB43566F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{2EF29DF8-05B4-4F18-8F18-D4DA7CE99308}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{301D6E9D-3917-4929-AAEC-0563A568B6BD}" = rport=139 | protocol=6 | dir=out | app=system |
"{52E15001-003F-4195-9CB7-8D2E95FF0C2C}" = lport=445 | protocol=6 | dir=in | app=system |
"{54F7F7DF-D700-421E-B1E2-A1C847E473D6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5D287EE5-447E-4482-8BE5-BB27625AC774}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{62B328F8-5381-43E0-B37E-3EFEB36EA2E1}" = rport=445 | protocol=6 | dir=out | app=system |
"{74750FF9-28BC-4230-A663-EDF0B7CADE9E}" = rport=137 | protocol=17 | dir=out | app=system |
"{7BCA7FA9-1302-4B47-B0B7-21B5798A5FB6}" = lport=138 | protocol=17 | dir=in | app=system |
"{A31BFD49-858F-49A6-B8E3-912E7BED0C26}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B95DF250-9725-4A9B-B2BD-3F49287A8C5E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BF8BE471-86C5-48AA-A71A-01FCB6F4346B}" = lport=139 | protocol=6 | dir=in | app=system |
"{C11BE6CB-1567-4420-890F-6B71F42E1C79}" = rport=138 | protocol=17 | dir=out | app=system |
"{F0B77F7F-6744-4F8A-8900-B653D8A58B58}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F5A4E98C-03D8-41DF-8300-C9DF24636CE7}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{FAADABE2-93AF-4C0C-AF16-70BE761D2480}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{050C7EE8-E3E4-47FB-9C98-9EB79B924056}" = dir=in | app=c:\users\besitzer\appdata\local\temp\ibtmpf30f532\component_552.decrpt |
"{0AD5B140-06DF-4749-B63D-053611F3389B}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{20296460-D447-44EA-85E2-1C0BBBB40035}" = dir=in | app=c:\users\besitzer\desktop\ssk_claro.exe |
"{22E2FF61-9D54-4E52-B82D-9B25E17DE437}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{2A5AED28-4E85-40B5-845B-68C191092978}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{2F81743E-2F86-495E-8573-6EB20DCB02F1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{345E1CC3-4124-4852-965C-AACD0C3E3AAE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{629CC90E-F847-4552-BC48-A86C7D12B3C2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7191A71C-467B-47AE-99F5-3DA62C2A2F87}" = dir=out | app=c:\users\besitzer\desktop\ssk_claro.exe |
"{9400D8FF-CBC3-456B-AA87-5563028C03E1}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{E2B3389D-5C09-489C-9CF4-C650AD55BC81}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E689CF71-244F-484E-BA78-6F18ABA1E37C}" = dir=out | app=c:\users\besitzer\appdata\local\temp\ibtmpf30f532\component_552.decrpt |
"{F7409BC4-5570-4E24-B65F-BC18F0155D09}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{F98E9F16-2B36-4765-BBCB-5C0A44D4205F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{D38B8112-A2B7-4860-BC7D-C396CE9CAB68}D:\garminmobilepc\que.exe" = protocol=6 | dir=in | app=d:\garminmobilepc\que.exe |
"TCP Query User{E33502BF-033B-4721-AE0D-4579BE2157AB}D:\garminmobilepc\que.exe" = protocol=6 | dir=in | app=d:\garminmobilepc\que.exe |
"UDP Query User{8C46CC05-3720-4627-9054-9A86AEF5EFD4}D:\garminmobilepc\que.exe" = protocol=17 | dir=in | app=d:\garminmobilepc\que.exe |
"UDP Query User{F5F94376-E3AB-4119-8C6F-4084A9BB3F3F}D:\garminmobilepc\que.exe" = protocol=17 | dir=in | app=d:\garminmobilepc\que.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22025051-1991-48EB-8BE8-7A3329DAE7ED}" = IIS 7.5 Express
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{300A98D6-8DA2-45FF-9314-A6861D76A535}" = syncables desktop SE
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{39B072B0-6003-4506-8A6A-28EFB3169D0F}" = Garmin City Navigator Europe NT 2013.20 Update
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter
"{516EF56A-048B-4AED-9906-1366639ACEEE}" = Garmin BaseCamp
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5C83944D-5319-4AD6-A803-C08446B27596}" = BlueStacks
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{84C2B80B-64A2-4B22-93EC-F30C3D6BF7D8}" = Boingo Wi-Fi
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5F70B4B-B4FA-439B-B86D-D357EC15E60D}" = GPS Kort Iceland 2011 NT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC083FE1-22F1-46BD-BD64-49BD59E01B6D}" = Garmin Mobile PC v5.00.70
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C07B86C3-1816-4C59-927E-0287925DFB96}" = Garmin City Navigator Europe NT 2010
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D2}" = WinZip 16.5
"{CE5936FA-1D77-4131-9ED6-4F6AF6ABC227}" = Franson GpsGate 2.6
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1" = Game Park Console
"{D802DD00-16A8-4A58-AFC9-020C2380ECDA}" = EeeSplendid
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"1ClickDownload" = 1ClickDownloader
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ASUS VIBE" = ASUS VIBE
"ASUS WebStorage" = ASUS WebStorage
"CCleaner" = CCleaner
"cGPSmapper Free_is1" = cGPSmapper Free 0100d
"cGPSmapper Routable_is1" = cGPSmapper 0100d with Routing support
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"Eee Docking_is1" = Eee Docking 3.7.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"Island-Topo_is1" = Island-Topo für MapSource
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NIS" = Norton Internet Security
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"OOBERegBackup_is1" = OOBERegBackup
"ScreenSaverPatch_is1" = ScreenSaverPatch
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tracks4Australia 1.20" = Tracks4Australia 1.20
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10/8/2012 2:17:15 PM | Computer Name = Besitzer-PC | Source = MsiInstaller | ID = 11905
Description =
Error - 10/8/2012 2:17:16 PM | Computer Name = Besitzer-PC | Source = MsiInstaller | ID = 11905
Description =
Error - 10/8/2012 2:17:17 PM | Computer Name = Besitzer-PC | Source = MsiInstaller | ID = 11905
Description =
Error - 10/8/2012 2:17:17 PM | Computer Name = Besitzer-PC | Source = MsiInstaller | ID = 11905
Description =
Error - 10/8/2012 2:17:17 PM | Computer Name = Besitzer-PC | Source = MsiInstaller | ID = 11905
Description =
Error - 10/8/2012 2:19:59 PM | Computer Name = Besitzer-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Die Anwendung oder der Dienst "MySQL" konnte nicht neu gestartet werden.
Error - 10/8/2012 4:36:31 PM | Computer Name = Besitzer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16443,
Zeitstempel: 0x4f4c2946 Name des fehlerhaften Moduls: 5071c182ca938.ocx, Version:
1.0.0.0, Zeitstempel: 0x50647da8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000834e
ID
des fehlerhaften Prozesses: 0x790 Startzeit der fehlerhaften Anwendung: 0x01cda5851a27b75b
Pfad
der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\ProgramData\Bcool\5071c182ca938.ocx Berichtskennung:
d76b74f7-1187-11e2-9a87-74f06da016cc
Error - 10/8/2012 4:36:51 PM | Computer Name = Besitzer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16443,
Zeitstempel: 0x4f4c2946 Name des fehlerhaften Moduls: 5071c182ca938.ocx, Version:
1.0.0.0, Zeitstempel: 0x50647da8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000834e
ID
des fehlerhaften Prozesses: 0xe0 Startzeit der fehlerhaften Anwendung: 0x01cda5949e227398
Pfad
der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\ProgramData\Bcool\5071c182ca938.ocx Berichtskennung:
e36ee6d9-1187-11e2-9a87-74f06da016cc
Error - 10/8/2012 4:37:03 PM | Computer Name = Besitzer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16443,
Zeitstempel: 0x4f4c2946 Name des fehlerhaften Moduls: 5071c182ca938.ocx, Version:
1.0.0.0, Zeitstempel: 0x50647da8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000834e
ID
des fehlerhaften Prozesses: 0x984 Startzeit der fehlerhaften Anwendung: 0x01cda594a7d06c15
Pfad
der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\ProgramData\Bcool\5071c182ca938.ocx Berichtskennung:
ea4b9e63-1187-11e2-9a87-74f06da016cc
Error - 10/9/2012 12:00:46 PM | Computer Name = Besitzer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MapSource.exe, Version: 6.15.4.0,
Zeitstempel: 0x49906887 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7b8f0 Ausnahmecode: 0xc06d007e Fehleroffset: 0x0000b760 ID des fehlerhaften
Prozesses: 0xf5c Startzeit der fehlerhaften Anwendung: 0x01cda6364c9f1b40 Pfad der
fehlerhaften Anwendung: C:\Program Files\Garmin\MapInstall\MapSource.exe Pfad des
fehlerhaften Moduls: C:\windows\system32\KERNELBASE.dll Berichtskennung: 7c2ebb38-122a-11e2-9997-74f06da016cc
Error - 10/9/2012 1:10:36 PM | Computer Name = Besitzer-PC | Source = VSS | ID = 8194
Description =
[ System Events ]
Error - 10/16/2012 10:04:54 AM | Computer Name = Besitzer-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 10/16/2012 1:56:22 PM | Computer Name = Besitzer-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 10/16/2012 3:59:10 PM | Computer Name = Besitzer-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 10/17/2012 10:57:40 AM | Computer Name = Besitzer-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 10/17/2012 11:44:50 PM | Computer Name = Besitzer-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Google Update-Dienst (gupdate)" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 10/17/2012 11:45:20 PM | Computer Name = Besitzer-PC | Source = DCOM | ID = 10010
Description =
Error - 10/21/2012 9:06:07 AM | Computer Name = Besitzer-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 10/21/2012 9:09:19 AM | Computer Name = Besitzer-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.178.24 registriert werden. Der Computer mit IP-Adresse 192.168.178.26
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 10/21/2012 10:56:39 AM | Computer Name = Besitzer-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 10/21/2012 12:52:25 PM | Computer Name = Besitzer-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
< End of report >
Vielen dank schon mal vorab das sie sich die Zeit nehmen mir zu helfen |
|
24.10.2012, 16:58
| #4 |
| /// Malware-holic | Suchmaschinen wie z.B Google leiten auf falsche Seite um hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
[2012/10/10 17:12:57 | 000,090,112 | RHS- | M] () -- C:\windows\System32\aitagentr.dll
[2012/10/10 17:12:57 | 000,000,322 | ---- | C] () -- C:\windows\tasks\GYIRLAD.job
:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
 danach: downloade get info: http://markusg.trojaner-board.de/GetInfo.exe doppelklicke die .exe im selben ordner wird nun eine .txt erstellt: summary-info.txt diese doppelklicken und deren inhalt posten. lade und instaliere 7zip: 7-Zip gehe dann auf start, ausführen, tippe: regedit enter dort klappe auf der linken seite alles zu. Gehe dann auf datei, exportieren, suche einen ort, den du leicht wiederfindest, und vergib einen dateinamen, den du leicht wieder erkennst. schließe den registrierungseditor nach dem speichern, navigiere zu der datei die du soeben erstellt hast, rechtsklick, 7zip menü aufklappen, zu einem archiv hinzufügen wählen. folgene einstellungen vornemen: archivtyp, 7zip kompressionsstärke: ultra kompress.verfahren: lzma2 wörterbuchgröße: 64 mb wortgröße: 273 größe solider blöcke: solide klicke nun auf ok, archiv wird erstellt. dieses lädst du bei: File-Upload.net - Ihr kostenloser File Hoster! hoch und sendest mir den download link bitte als private nachicht. Frage: hast du zum infektionszeitpunkt, bzw evtl. einen tag davor, etwas runtergeladen und instaliert bzw ausgeführt? wurdest du beim besuch einer seite aufgefordert etwas zu instalieren bzw runterzuladen? diese infos hätte ich auch gern als private nachicht.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
24.10.2012, 17:15
| #5 |
| | Suchmaschinen wie z.B Google leiten auf falsche Seite um So hier das Textdokument: All processes killed ========== OTL ========== C:\Windows\System32\aitagentr.dll moved successfully. C:\Windows\Tasks\GYIRLAD.job moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: Administrator User: All Users User: Besitzer ->Flash cache emptied: 42131 bytes User: Default ->Flash cache emptied: 321 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb [EMPTYTEMP] User: Administrator User: All Users User: Besitzer ->Temp folder emptied: 69980 bytes ->Temporary Internet Files folder emptied: 5122476 bytes ->Flash cache emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 10500 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 5.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 10242012_180620 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... |
|
24.10.2012, 17:15
| #6 |
| /// Malware-holic | Suchmaschinen wie z.B Google leiten auf falsche Seite um sehr gut, dann man weiter mit dem rest :-)
__________________ --> Suchmaschinen wie z.B Google leiten auf falsche Seite um |
|
24.10.2012, 17:21
| #7 |
| | Suchmaschinen wie z.B Google leiten auf falsche Seite um So der Upload in Den Upload Channel hat auch funktioniert |
|
24.10.2012, 17:23
| #8 |
| /// Malware-holic | Suchmaschinen wie z.B Google leiten auf falsche Seite um hi du musst jetzt nicht für jeden schritt einen post erstellen, arbeite einfach in ruhe alles durch, und poste dann
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
24.10.2012, 17:26
| #9 |
| | Suchmaschinen wie z.B Google leiten auf falsche Seite um der nächste Schritt hatt auch funktioniert hier das Textdukument: System volume information: dwHighDateTime = 0x1cb5b90,dwLowDateTime = 0x470c1883 System32: dwHighDateTime = 0x1ca042b,dwLowDateTime = 0xfb15659b dwSerialNumber = 0xdeffa0aa So ich bin soweit durch habe alles schritt für schritt gemacht und hoffe das alles soweit richtig war. Muss ich sonst noch was machen oder war das alles soweit Okay? |
|
24.10.2012, 18:43
| #10 | |
| /// Malware-holic | Suchmaschinen wie z.B Google leiten auf falsche Seite um danke, schaun wir mal weiter: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
24.10.2012, 20:10
| #11 |
| | Suchmaschinen wie z.B Google leiten auf falsche Seite um So hier der nächste Logfile: Combofix Logfile: Code:
ATTFilter ComboFix 12-10-24.02 - Besitzer 24.10.2012 20:45:47.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1031.18.1014.319 [GMT 2:00]
ausgeführt von:: c:\users\Besitzer\Desktop\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-24 bis 2012-10-24 ))))))))))))))))))))))))))))))
.
.
2012-10-24 19:01 . 2012-10-24 19:01 -------- d-----w- c:\users\Besitzer\AppData\Local\temp
2012-10-24 19:01 . 2012-10-24 19:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-24 16:06 . 2012-10-24 16:17 -------- d-----w- C:\_OTL
2012-10-22 16:05 . 2012-10-23 17:12 -------- d-----w- c:\users\Besitzer\AppData\Local\NPE
2012-10-22 15:17 . 2012-10-22 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-22 15:17 . 2012-09-29 17:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-21 20:11 . 2012-10-21 20:11 -------- d-----w- c:\program files\7-Zip
2012-10-21 19:17 . 2012-10-21 19:17 -------- d-----w- c:\programdata\Babylon
2012-10-21 19:17 . 2012-10-21 19:17 -------- d-----w- c:\users\Besitzer\AppData\Roaming\Babylon
2012-10-21 19:16 . 2012-10-21 19:16 -------- d-----w- c:\programdata\IBUpdaterService
2012-10-21 19:16 . 2012-10-21 19:16 -------- d-----w- c:\windows\system32\searchplugins
2012-10-21 19:16 . 2012-10-21 19:16 -------- d-----w- c:\windows\system32\Extensions
2012-10-21 19:16 . 2012-10-21 19:16 -------- d-----w- c:\programdata\Browser Manager
2012-10-21 19:15 . 2007-03-12 21:34 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2012-10-21 19:15 . 2007-03-12 21:34 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2012-10-21 19:15 . 2007-03-12 21:34 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2012-10-21 18:21 . 2012-10-21 18:21 -------- d-----w- c:\users\Besitzer\AppData\Roaming\Malwarebytes
2012-10-21 18:21 . 2012-10-21 18:21 -------- d-----w- c:\programdata\Malwarebytes
2012-10-21 17:57 . 2012-10-21 17:57 -------- d-----w- c:\program files\CCleaner
2012-10-21 17:47 . 2012-10-21 17:47 -------- d-----w- c:\program files\Trend Micro
2012-10-10 15:20 . 2012-10-10 15:20 -------- d-----w- c:\users\Besitzer\AppData\Roaming\anpo.republika.pl
2012-10-10 15:17 . 2012-10-10 15:17 -------- d-----w- c:\users\Besitzer\AppData\Roaming\fltk.org
2012-10-08 18:15 . 2012-10-21 19:29 -------- d-----w- c:\program files\ChatZum Toolbar
2012-10-08 18:05 . 2012-10-08 18:39 -------- d-----w- c:\program files\Franson
2012-10-08 16:59 . 2012-10-08 18:13 -------- d-----w- c:\windows\Downloaded Installations
2012-10-08 16:41 . 2012-10-08 16:41 -------- d-----w- c:\programdata\MySQL
2012-10-08 16:38 . 2012-10-08 18:20 -------- d-----w- c:\program files\MySQL
2012-10-08 16:36 . 2012-10-08 16:36 -------- d-----w- c:\program files\IIS Express
2012-10-08 14:20 . 2012-10-08 15:32 -------- d-----w- c:\users\Besitzer\AppData\Local\Garmin
2012-10-08 14:19 . 2012-10-08 14:19 -------- d-----w- c:\users\Besitzer\AppData\Local\GARMIN_Corp
2012-10-07 17:46 . 2012-10-07 17:46 -------- d-----w- c:\programdata\InstallMate
2012-10-07 17:18 . 2012-10-22 14:53 -------- d-----w- c:\users\Besitzer\Tracing
2012-10-07 17:18 . 2012-10-07 17:18 -------- d-----w- c:\programdata\SweetIM
2012-10-07 17:18 . 2012-10-07 17:18 -------- d-----w- c:\program files\SweetIM
2012-10-07 13:56 . 2012-10-07 13:56 -------- d-----w- c:\users\Besitzer\AppData\Local\WinZip
2012-10-07 13:56 . 2012-10-07 13:57 -------- d-----w- c:\programdata\WinZip
2012-10-06 19:08 . 2012-10-06 19:08 -------- d-----w- c:\program files\TorrentHandler
2012-10-06 19:08 . 2012-10-06 19:08 -------- d-----w- c:\program files\1ClickDownload
2012-10-06 12:39 . 2012-10-06 12:39 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Google
2012-10-06 12:37 . 2012-10-24 03:38 -------- d-----w- c:\program files\Google
2012-10-06 12:37 . 2012-10-23 17:27 -------- d-----w- c:\users\Besitzer\AppData\Local\Google
2012-10-06 12:36 . 2012-10-06 12:37 -------- d-----w- c:\users\Besitzer\AppData\Local\Deployment
2012-10-06 12:36 . 2012-10-06 12:36 -------- d-----w- c:\users\Besitzer\AppData\Local\Apps
2012-10-06 11:33 . 2012-10-06 12:21 -------- d-----w- C:\Garmin
2012-10-06 08:33 . 2012-10-09 18:24 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-06 08:33 . 2012-10-09 18:24 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-05 08:23 . 2012-10-05 08:23 -------- d-----w- c:\program files\DIFX
2012-10-05 08:23 . 2012-10-08 14:24 -------- d-----w- c:\program files\Garmin
2012-10-04 16:11 . 2012-10-08 14:23 -------- d-----w- c:\users\Besitzer\AppData\Roaming\GARMIN
2012-10-04 15:50 . 2012-10-08 14:22 -------- d-----w- c:\programdata\GARMIN
2012-10-04 15:50 . 2012-10-04 15:50 -------- d-----w- c:\program files\Garmin GPS Plugin
2012-10-04 12:13 . 2012-10-16 14:28 -------- d-----w- c:\windows\system32\drivers\NIS\1309000.009
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-29 23:15 . 2012-08-29 23:15 3782214 ----a-w- C:\chatzum_nt.exe
2012-07-30 09:24 . 2012-07-30 09:24 132608 ----a-w- c:\windows\system32\drivers\ser2pl.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-07-04 13:03 1310040 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2012-09-24 3129184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-07 1750312]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2010-05-06 83240]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032]
"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
.
c:\users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GpsGate.lnk - c:\program files\Franson\GpsGate 2.0\GpsGateXP.exe [2011-6-27 540672]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-4-16 828704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-28 00:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2010-05-28 05:47 3058304 ----a-w- c:\windows\AsScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS VIBE]
2010-03-02 02:22 102400 ----a-w- c:\program files\ASUS\ASUS VIBE\ASUS VIBE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSPRP]
2010-05-28 05:49 2018032 ----a-w- c:\program files\ASUS\APRP\aprp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSWebStorage]
2011-07-29 09:43 737104 ----a-w- c:\program files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boingo Wi-Fi]
2010-09-23 12:54 2429 ----a-w- c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CapsHook]
2010-03-03 05:21 29184 ----a-w- c:\windows\System32\AsusSender.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eee Docking]
2010-03-29 23:29 415920 ----a-w- c:\program files\ASUS\Eee Docking\Eee Docking.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyMon]
2010-03-03 05:21 29184 ----a-w- c:\windows\System32\AsusSender.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-05-10 14:33 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyService]
2010-03-03 05:21 29184 ----a-w- c:\windows\System32\AsusSender.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-06-05 02:03 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-05-10 14:33 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveUpdate]
2010-03-03 05:21 29184 ----a-w- c:\windows\System32\AsusSender.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OOBESetup]
2009-12-11 06:56 334848 ----a-w- c:\program files\ASUS\OOBERegBackup\OOBERegBackup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-05-10 14:33 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-04-22 03:57 8546848 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperHybridEngine]
2010-03-03 05:21 29184 ----a-w- c:\windows\System32\AsusSender.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2009-05-20 05:16 222504 ----a-w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R3 Franson GpsGate 2.0;Franson GpsGate 2.0;c:\program files\Franson\GpsGate 2.0\GpsGateService.exe [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 Ser2plx86;Prolific Serial port WDF driver;c:\windows\system32\DRIVERS\ser2pl.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1309000.009\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1309000.009\SYMEFA.SYS [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120928.001\BHDrvx86.sys [x]
S1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1309000.009\ccSetx86.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121023.002\IDSvix86.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1309000.009\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1309000.009\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-06 18:24]
.
2012-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-06 12:37]
.
2012-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-06 12:37]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://search.chatzum.com/
TCP: DhcpNameServer = 192.168.178.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe
MSConfigStartUp-EeeSplendidAgent - c:\program files\ASUS\EPC\EeeSplendid\AsAgent.exe
AddRemove-cGPSmapper Free_is1 - d:\cgpsmapper\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.9.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3960383723-1625167136-543547704-1000\Software\Microsoft\Internet Explorer\Approved Extensions]
@DACL=(02 0000)
"{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,3b,1b,1f,26,36,
52,89,39,1d,09,8b,fc,bc,9b,04,70,3e,6c
"{9E131A93-EED7-4BEB-B015-A0ADB30B5646}"=hex:51,66,7a,6c,4c,1d,3b,1b,83,07,08,
81,e0,be,8c,05,ab,1c,e1,ed,b2,4e,11,5f
"{000F18F2-09EB-4A59-82B2-5AE4184C39C3}"=hex:51,66,7a,6c,4c,1d,3b,1b,e2,05,14,
1f,dc,59,3e,04,99,bb,1b,a4,19,09,7e,da
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-24 21:05:44
ComboFix-quarantined-files.txt 2012-10-24 19:05
.
Vor Suchlauf: 8 Verzeichnis(se), 69.805.006.848 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 69.728.808.960 Bytes frei
.
- - End Of File - - 694C2111D0335B53E895AD49C313DA22
|
|
24.10.2012, 20:52
| #12 |
| /// Malware-holic | Suchmaschinen wie z.B Google leiten auf falsche Seite um hi waren das alle Malwarebytes logs, oder gibt es weitere, falls ja, poste die, mit funden. falls nein, update mal Malwarebytes und mache einen komplett scan
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
24.10.2012, 21:05
| #13 |
| | Suchmaschinen wie z.B Google leiten auf falsche Seite um Nein mehr habe ich nicht. Gut dann starte ich Malewerebytes mach noch ein update. Und mache ein komplett Scan So hier der nächste Logfile: Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.24.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16443 Besitzer :: BESITZER-PC [Administrator] Schutz: Aktiviert 24.10.2012 22:11:40 mbam-log-2012-10-24 (22-11-40).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 297943 Laufzeit: 1 Stunde(n), 24 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
26.10.2012, 15:49
| #14 |
| /// Malware-holic | Suchmaschinen wie z.B Google leiten auf falsche Seite um hallo, lade den CCleaner standard: CCleaner Download - CCleaner 3.24.1850 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Suchmaschinen wie z.B Google leiten auf falsche Seite um |
| aktiviere, andere, anleitung, avg secure search, avg security toolbar, bingbar, bluestacks, center, computer, erstell, falsche, forum, google, hijack, hijack this, interne, internetseite, internetseiten, logfile, nicht mehr, plug-in, problem, richtig, secure search, seite, seiten, suchmaschine, suchmaschinen, sweetim, this, vtoolbarupdater, windows |
Linear-Darstellung
