| |
| |||||||
Log-Analyse und Auswertung: Backdoor-Trojaner Bublik.B, Worm Gamarue.I: PUM.UserWLoad entfernen etc.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
10.04.2013, 21:10
| #1 |
 |  Backdoor-Trojaner Bublik.B, Worm Gamarue.I: PUM.UserWLoad entfernen etc. Durch Unaufmerksamkeit habe ich mir mit einem Schein-pdf einer gefakten Skype-Rechnung einen Plagegeist eingefangen. Ich wunderte mich, dass das pdf nach dem anklicken verschwunden war und sah, dass der Mailprovider einen Backdoor-Trojaner identifziert hatte. Zu spät. Als erstes habe ich dann folgendes gemacht:
Dann habe ich mich durch einschlägige Threads gelesen und einiges ausprobiert (Ergebnisse im Anhang) • AdwCleaner (1+2) • SpyRobot • Malwarebytes • CCleaner • ESET • Secunia PSI • avast! (hängte sich allerdings im aus gleichem Grunde mehrfach auf) Malwarebytes hat "Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: c:\users\andrea~1\dxsxrr.exe -> Keine Aktion durchgeführt" gefunden. Ein Symptom (vielleicht ist es eins oder nicht): es geht beim Rechnerstart auf dem Desktop folgendes Fenster auf: Explorer.EXE (EXE großgeschrieben) mit einem gelben Achtung!-Dreieck, aber ohne Text (s. Anhang). Wenn ich dieses Fenster nicht zumache, geht die Sidebar nicht an. Sonst habe ich noch keine weiteren Aktivitäten bemerkt. Jetzt weiß ich nicht mehr weiter und möchte die Angelegenheit nicht verschlimmbessern, deswegen bitte ich hier um Eure Hilfe. Meinen Rechner komplett neu aufsetzen, wäre superarbeitsintensiv. Das explorer.exe-Fenster ist immer noch da … Nun habe ich noch das getan, was man als Hilfesuchender tun soll (OTL und Gmer). Die Extra.txt-Datei von OTL hat er mir beim Quickscan nicht gegeben, die anhängende ist von meinem Vollscan heute nachmittag. Meinen Klarnamen habe ich mit MEINNAME ersetzt, den Rechnernamen mit MEINRECHNER Für alle Hilfen schon jetzt meinen allerherzlichsten Dank! Die hilflose ansuno Code:
ATTFilter OTL logfile created on: 10.04.2013 20:02:38 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MEINNAME\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,71 Gb Total Physical Memory | 5,75 Gb Available Physical Memory | 74,61% Memory free 8,90 Gb Paging File | 7,07 Gb Available in Paging File | 79,42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 118,90 Gb Total Space | 53,05 Gb Free Space | 44,62% Space Free | Partition Type: NTFS Computer Name: MEINRECHNER | User Name: MEINNAME | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.10 16:56:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MEINNAME\Desktop\OTL.exe PRC - [2013.04.10 13:22:52 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Update\realsched.exe PRC - [2013.03.06 02:21:50 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe PRC - [2013.02.20 03:21:43 | 000,896,512 | ---- | M] () -- C:\Users\MEINNAME\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe PRC - [2013.02.07 14:31:22 | 001,223,704 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe PRC - [2013.02.07 14:31:18 | 000,575,000 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe PRC - [2012.12.24 05:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012.07.16 17:24:28 | 001,114,112 | ---- | M] (1&1 Internet AG) -- C:\Program Files (x86)\1&1\1&1 EasyLogin\EasyLogin.exe ========== Modules (No Company Name) ========== MOD - [2013.02.25 18:45:33 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cf561d65486360afb324d26c80b9aac2\System.Configuration.ni.dll MOD - [2013.02.25 18:43:51 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65220f0f32ec84454f9a811fba883c2e\System.Windows.Forms.ni.dll MOD - [2013.02.25 18:43:41 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ae31f7dc9817e359d05c9c8efdd5f359\System.Xml.ni.dll MOD - [2013.02.25 18:43:39 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e6b074d3f3e3cc8e0270a3552c47aaa\System.Drawing.ni.dll MOD - [2013.02.25 18:43:34 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28c2c6e7f48ff80c680a97b08df66a72\System.ni.dll MOD - [2013.02.25 18:43:31 | 011,494,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll MOD - [2013.01.28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2013.01.28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2012.09.14 00:04:06 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2012.05.30 08:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.3.0.36\wincfi39.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.02.02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2013.01.29 03:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012.12.06 06:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2012.12.06 06:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012.11.06 06:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012.09.20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV - [2013.03.06 02:21:50 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service) SRV - [2013.02.28 19:25:34 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.02.20 03:21:43 | 000,896,512 | ---- | M] () [Auto | Running] -- C:\Users\MEINNAME\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe -- (AddonsHelper) SRV - [2013.02.07 14:31:22 | 001,223,704 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2013.02.07 14:31:20 | 000,660,504 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2012.12.24 05:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe -- (N360) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.22 21:53:59 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2013.02.07 14:15:22 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\psi_mf_amd64.sys -- (PSI) DRV:64bit: - [2013.02.07 06:09:56 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2013.02.02 13:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2013.02.02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2013.01.31 05:18:18 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symnets.sys -- (SymNetS) DRV:64bit: - [2013.01.31 05:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symefa64.sys -- (SymEFA) DRV:64bit: - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2013.01.29 03:45:19 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\srtsp64.sys -- (SRTSP) DRV:64bit: - [2013.01.29 03:45:19 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2013.01.22 04:15:33 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symds64.sys -- (SymDS) DRV:64bit: - [2013.01.11 20:02:34 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2013.01.10 03:39:29 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2012.12.14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012.11.16 04:22:01 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\ironx64.sys -- (SymIRON) DRV:64bit: - [2012.11.16 04:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\ccsetx64.sys -- (ccSet_N360) DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2012.09.20 09:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2012.09.20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012.09.20 09:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012.07.26 07:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2012.07.26 07:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012.06.20 20:45:12 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symelam.sys -- (SymELAM) DRV:64bit: - [2012.06.02 16:31:56 | 000,589,824 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168) DRV:64bit: - [2012.02.09 10:24:16 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ISCTD64.sys -- (ISCT) DRV - [2013.03.22 03:52:21 | 001,387,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130322.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2013.02.22 22:01:22 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130409.021\ex64.sys -- (NAVEX15) DRV - [2013.02.22 22:01:21 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130409.021\eng64.sys -- (NAVENG) DRV - [2013.02.21 17:50:58 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130406.001\IDSviA64.sys -- (IDSVia64) DRV - [2012.08.18 03:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012.08.18 03:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2003.07.03 17:53:26 | 000,028,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\usbccgp.sys -- (usbccgp) DRV - [2003.07.03 17:52:58 | 000,053,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\usbhub.sys -- (usbhub) DRV - [2003.07.03 17:51:46 | 000,019,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\usbuhci.sys -- (usbuhci) DRV - [2003.07.03 17:51:16 | 000,016,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\usbohci.sys -- (usbohci) DRV - [2003.07.03 17:50:46 | 000,025,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\usbehci.sys -- (usbehci) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=ds2se&d IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 57 CA 49 DB 0E CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494531305352&st={searchTerms}&clid=86c17e9c-58e5-4092-9400-7bb6f3e5385e&pid=freewarede&k=0 IE - HKCU\..\SearchScopes\{08E831E0-63F4-4C5D-A912-63AE5B429055}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=86c17e9c-58e5-4092-9400-7bb6f3e5385e&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{696E239D-21FC-4DEF-8735-883C752844CC}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=86c17e9c-58e5-4092-9400-7bb6f3e5385e&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=ds2se&d IE - HKCU\..\SearchScopes\{7B50B11E-A19B-4362-BDC8-2D4ABFD36BBC}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=86c17e9c-58e5-4092-9400-7bb6f3e5385e&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{8266E361-AF9E-46E1-99CB-7B881846ACB5}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=86c17e9c-58e5-4092-9400-7bb6f3e5385e&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{C4C4172E-71F5-4F42-803A-6F83F3D2B70B}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=86c17e9c-58e5-4092-9400-7bb6f3e5385e&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{D9750635-1F05-462A-95D8-ABB260077148}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=86c17e9c-58e5-4092-9400-7bb6f3e5385e&pid=freewarede&mode=bounce&k=0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.parfumo.de/" FF - prefs.js..extensions.enabledAddons: %7Bc1970c0d-dbe6-4d91-804f-c9c0de643a57%7D:1.3.2.13 FF - prefs.js..extensions.enabledAddons: %7BB17C1C5A-04B1-11DB-9804-B622A1EF5492%7D:1.2.1 FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:1.3.1 FF - prefs.js..extensions.enabledAddons: readable%40evernote.com:7.3346.273.222 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.9 FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%204 FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2013.3.4.3 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402 FF - prefs.js..extensions.enabledAddons: %7Bbee6eb20-01e0-ebd1-da83-080329fb9a3a%7D:1.31 FF - prefs.js..extensions.enabledAddons: %7BDAC3F861-B30D-40dd-9166-F4E75327FAC7%7D:1.3.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\dnshelp@dnshelp.com: C:\Users\MEINNAME\AppData\Roaming\Helper [2013.02.20 03:38:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013.02.22 21:54:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013.04.10 16:52:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.04.10 19:24:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\components [2013.04.10 08:38:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\plugins [2013.04.10 19:24:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.10 19:24:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.17 14:09:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MEINNAME\AppData\Roaming\mozilla\Extensions [2013.04.10 17:42:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MEINNAME\AppData\Roaming\mozilla\Firefox\Profiles\naokmbcz.default\extensions [2013.04.10 08:37:24 | 000,000,000 | ---D | M] (WOT) -- C:\Users\MEINNAME\AppData\Roaming\mozilla\Firefox\Profiles\naokmbcz.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013.04.10 19:24:22 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\MEINNAME\AppData\Roaming\mozilla\Firefox\Profiles\naokmbcz.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2013.03.05 23:38:36 | 001,190,001 | ---- | M] () (No name found) -- C:\Users\MEINNAME\AppData\Roaming\mozilla\firefox\profiles\naokmbcz.default\extensions\readable@evernote.com.xpi [2013.02.17 14:20:42 | 000,021,093 | ---- | M] () (No name found) -- C:\Users\MEINNAME\AppData\Roaming\mozilla\firefox\profiles\naokmbcz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2013.04.03 07:36:04 | 000,531,916 | ---- | M] () (No name found) -- C:\Users\MEINNAME\AppData\Roaming\mozilla\firefox\profiles\naokmbcz.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.02.17 14:20:42 | 000,089,442 | ---- | M] () (No name found) -- C:\Users\MEINNAME\AppData\Roaming\mozilla\firefox\profiles\naokmbcz.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2013.04.03 07:34:35 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\MEINNAME\AppData\Roaming\mozilla\firefox\profiles\naokmbcz.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2013.02.17 14:20:42 | 000,017,971 | ---- | M] () (No name found) -- C:\Users\MEINNAME\AppData\Roaming\mozilla\firefox\profiles\naokmbcz.default\extensions\{c1970c0d-dbe6-4d91-804f-c9c0de643a57}.xpi [2013.02.17 14:17:51 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\MEINNAME\AppData\Roaming\mozilla\firefox\profiles\naokmbcz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.02.20 03:38:29 | 000,002,080 | ---- | M] () -- C:\Users\MEINNAME\AppData\Roaming\mozilla\firefox\profiles\naokmbcz.default\searchplugins\7c9dbe2c-3ee2-46de-bf3e-380666a439a5.xml [2013.04.10 13:25:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.10 16:52:28 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\COFFPLGN [2013.02.22 21:54:05 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPLGN [2013.04.10 19:24:23 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT [2013.03.27 04:17:36 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.03.27 05:32:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.27 05:32:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.27 05:32:09 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.03.27 05:32:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.27 05:32:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.27 05:32:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet) O2 - BHO: (DNS Error Helper) - {9B6B03F1-16CF-4491-BBBB-E872802DD717} - C:\ProgramData\DNSErrorHelper\bho.dll () O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [TkBellExe] c:\program files\Update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [1&1 EasyLogin] C:\Program Files (x86)\1&1\1&1 EasyLogin\EasyLogin.exe (1&1 Internet AG) F3:64bit: - HKCU WinNT: Load - (c:\users\andrea~1\dxsxrr.exe) - File not found F3 - HKCU WinNT: Load - (c:\users\andrea~1\dxsxrr.exe) - File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A964C56F-DAD2-4CFC-A2AF-13162601EC96}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.10 17:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.04.10 17:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.04.10 17:47:33 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2013.04.10 17:47:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.04.10 16:56:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MEINNAME\Desktop\OTL.exe [2013.04.10 16:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.04.10 13:57:06 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\AppData\Roaming\Malwarebytes [2013.04.10 13:56:49 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.04.10 13:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.10 13:56:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.04.10 13:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.10 13:56:03 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\AppData\Local\Programs [2013.04.10 13:43:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.04.10 13:25:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.10 13:23:25 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\AppData\Roaming\RealNetworks [2013.04.10 13:23:15 | 000,000,000 | ---D | C] -- C:\Program Files\templates [2013.04.10 13:23:13 | 000,045,184 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpshellsearch.dll [2013.04.10 13:23:13 | 000,000,000 | ---D | C] -- C:\Program Files\Filters [2013.04.10 13:23:01 | 000,390,384 | ---- | C] (MainConcept GmbH) -- C:\Program Files\mc_enc_h263.dll [2013.04.10 13:23:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared [2013.04.10 13:23:00 | 000,000,000 | ---D | C] -- C:\Program Files\Producer [2013.04.10 13:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\library [2013.04.10 13:01:51 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\AppData\Local\Secunia PSI [2013.04.10 13:01:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia [2013.04.09 16:45:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Samsung_USB_Drivers [2013.04.09 16:45:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung [2013.04.08 10:19:00 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\Documents\Die Einzelheiten Ihres Einkaufs [2013.04.06 18:16:21 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\Documents\Amazon MP3 [2013.04.06 18:16:21 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\AppData\Roaming\Amazon [2013.04.06 18:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon [2013.04.06 18:00:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon [2013.04.05 13:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Labtec [2013.04.05 13:32:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech [2013.04.05 13:32:56 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2013.04.05 13:31:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2013.04.04 14:45:46 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\Documents\Outlook-Dateien [2013.04.04 12:28:46 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\AppData\Local\ORPALIS [2013.04.04 12:27:50 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\AppData\Local\Downloaded Installations [2013.04.02 19:16:31 | 000,000,000 | --SD | C] -- C:\Users\MEINNAME\Documents\Meine Shapes [2013.04.01 16:24:38 | 000,000,000 | R--D | C] -- C:\Users\MEINNAME\Documents\Scanned Documents [2013.04.01 16:24:38 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\Documents\Fax [2013.04.01 01:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.04.01 01:07:52 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\AppData\Roaming\Apple Computer [2013.04.01 01:07:52 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\AppData\Local\Apple Computer [2013.04.01 01:07:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2013.04.01 01:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.04.01 01:07:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.04.01 01:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.04.01 01:07:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013.04.01 01:07:35 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.04.01 01:07:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2013.04.01 01:07:23 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\AppData\Local\Apple [2013.04.01 01:07:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2013.04.01 01:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2013.04.01 01:07:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2013.04.01 01:07:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2013.04.01 01:07:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2013.03.31 20:39:49 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\AppData\Roaming\Skype [2013.03.31 20:39:41 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.03.31 20:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.03.31 20:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.03.31 20:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2013.03.31 07:57:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView [2013.03.31 07:57:31 | 001,931,472 | ---- | C] (Irfan Skiljan) -- C:\Users\MEINNAME\Desktop\iview435g_setup.exe [2013.03.31 07:54:53 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView [2013.03.30 08:31:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.03.30 08:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.03.30 08:30:54 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\AppData\Local\Google [2013.03.26 13:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\searchplugins [2013.03.26 13:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\extensions [2013.03.26 13:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\defaults [2013.03.26 13:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\components [2013.03.17 13:03:35 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\Documents\Geburtstage etc [2013.03.14 11:03:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.14 11:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.02.27 22:19:28 | 000,370,176 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjdlg.dll [2013.02.27 22:19:28 | 000,139,264 | ---- | C] (Inner Media, Inc.) -- C:\Program Files\dunzip32.dll [2013.02.27 22:19:28 | 000,031,232 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjprog.dll [2013.02.27 22:19:28 | 000,016,384 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\wmdmhelper.dll [2013.02.27 22:19:27 | 002,041,072 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\cddbcontrol.dll [2013.02.27 22:19:27 | 001,115,376 | ---- | C] (Gracenote) -- C:\Program Files\cddbmusicid.dll [2013.02.27 22:19:27 | 000,943,344 | ---- | C] (Gracenote) -- C:\Program Files\cddblink.dll [2013.02.27 22:19:27 | 000,641,536 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjbres.dll [2013.02.27 22:19:27 | 000,073,216 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\tsasdk.dll [2013.02.27 22:19:27 | 000,056,320 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpwa3260.dll [2013.02.27 22:19:27 | 000,048,640 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\tpasdk.dll [2013.02.27 22:19:27 | 000,045,568 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\ierjplug.dll [2013.02.27 22:19:27 | 000,044,544 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\mmcdda32.dll [2013.02.27 22:19:27 | 000,022,528 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\tnetdtct.dll [2013.02.27 22:19:27 | 000,008,704 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\fixrjb.exe [2013.02.27 22:19:26 | 003,303,936 | ---- | C] (MediaArea.net) -- C:\Program Files\mediainfo.dll [2013.02.27 22:19:26 | 000,389,712 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realcleaner.exe [2013.02.27 22:19:22 | 000,384,088 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realconverter.exe [2013.02.27 22:19:22 | 000,355,416 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\convert.exe [2013.02.27 22:19:21 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dbghelp.dll [2013.02.27 22:19:21 | 000,389,712 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realtrimmer.exe [2013.02.27 22:19:21 | 000,136,784 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realshare.exe [2013.02.27 22:19:21 | 000,115,200 | ---- | C] (RealPlayer) -- C:\Program Files\rpshellextension.dll [2013.02.27 22:19:21 | 000,069,632 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjwmapln.dll [2013.02.27 22:19:20 | 000,047,616 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpau3260.dll [2013.02.27 22:19:16 | 000,112,248 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rdsf3260.dll [2013.02.27 22:19:16 | 000,087,552 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\hxaudiodevicehook.dll [2013.02.27 22:19:16 | 000,086,016 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpplugprot.dll [2013.02.27 22:19:16 | 000,071,280 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpshell.dll [2013.02.27 22:19:16 | 000,030,816 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rndevicedbbuilder.exe [2013.02.27 22:19:15 | 000,501,328 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realplay.exe [2013.02.27 22:19:15 | 000,017,528 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rphelperapp.exe [2013.02.27 22:19:15 | 000,009,216 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realjbox.exe [2013.02.26 16:38:49 | 017,887,640 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xul.dll [2013.02.26 16:38:49 | 002,954,136 | ---- | C] (Mozilla Foundation) -- C:\Program Files\gkmedias.dll [2013.02.26 16:38:49 | 000,812,440 | ---- | C] (sqlite.org) -- C:\Program Files\mozsqlite3.dll [2013.02.26 16:38:49 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr100.dll [2013.02.26 16:38:49 | 000,641,944 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nss3.dll [2013.02.26 16:38:49 | 000,478,104 | ---- | C] (Mozilla Foundation) -- C:\Program Files\libGLESv2.dll [2013.02.26 16:38:49 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp100.dll [2013.02.26 16:38:49 | 000,375,192 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssckbi.dll [2013.02.26 16:38:49 | 000,277,400 | ---- | C] (Mozilla Foundation) -- C:\Program Files\freebl3.dll [2013.02.26 16:38:49 | 000,272,280 | ---- | C] (Mozilla Foundation) -- C:\Program Files\updater.exe [2013.02.26 16:38:49 | 000,193,584 | ---- | C] (Mozilla Corporation) -- C:\Program Files\maintenanceservice_installer.exe [2013.02.26 16:38:49 | 000,172,440 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nspr4.dll [2013.02.26 16:38:49 | 000,170,232 | ---- | C] (Mozilla Corporation) -- C:\Program Files\webapp-uninstaller.exe [2013.02.26 16:38:49 | 000,155,544 | ---- | C] (Mozilla Foundation) -- C:\Program Files\ssl3.dll [2013.02.26 16:38:49 | 000,151,960 | ---- | C] (Mozilla Foundation) -- C:\Program Files\softokn3.dll [2013.02.26 16:38:49 | 000,131,480 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozglue.dll [2013.02.26 16:38:49 | 000,115,608 | ---- | C] (Mozilla Foundation) -- C:\Program Files\maintenanceservice.exe [2013.02.26 16:38:49 | 000,104,344 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssutil3.dll [2013.02.26 16:38:49 | 000,096,664 | ---- | C] (Mozilla Foundation) -- C:\Program Files\webapprt-stub.exe [2013.02.26 16:38:49 | 000,092,056 | ---- | C] (Mozilla Foundation) -- C:\Program Files\smime3.dll [2013.02.26 16:38:49 | 000,091,544 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssdbm3.dll [2013.02.26 16:38:49 | 000,059,288 | ---- | C] (Mozilla Foundation) -- C:\Program Files\libEGL.dll [2013.02.26 16:38:49 | 000,021,912 | ---- | C] (Mozilla Foundation) -- C:\Program Files\plc4.dll [2013.02.26 16:38:49 | 000,021,400 | ---- | C] (Mozilla Foundation) -- C:\Program Files\plds4.dll [2013.02.26 16:38:49 | 000,019,352 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xpcom.dll [2013.02.26 16:38:49 | 000,017,304 | ---- | C] (Mozilla Corporation) -- C:\Program Files\plugin-container.exe [2013.02.26 16:38:49 | 000,016,280 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozalloc.dll [2013.02.26 16:38:48 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Program Files\D3DCompiler_43.dll [2013.02.26 16:38:48 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Program Files\d3dx9_43.dll [2013.02.26 16:38:48 | 000,917,400 | ---- | C] (Mozilla Corporation) -- C:\Program Files\firefox.exe [2013.02.26 16:38:48 | 000,116,120 | ---- | C] (Mozilla Foundation) -- C:\Program Files\crashreporter.exe [2013.02.26 16:38:48 | 000,074,136 | ---- | C] (Mozilla Foundation) -- C:\Program Files\breakpadinjector.dll [2013.02.26 16:38:48 | 000,019,352 | ---- | C] (Mozilla Foundation) -- C:\Program Files\AccessibleMarshal.dll [2013.02.26 16:38:12 | 020,426,896 | ---- | C] (Mozilla) -- C:\Users\MEINNAME\Firefox Setup 19.0.exe [2013.02.25 21:29:10 | 001,646,288 | ---- | C] (Irfan Skiljan) -- C:\Users\MEINNAME\iview435_setup.exe [2013.02.22 21:46:38 | 154,147,384 | ---- | C] (Symantec Corporation) -- C:\Users\MEINNAME\norton_360_setup.exe [2013.02.21 20:34:55 | 001,356,599 | ---- | C] (Wondersoft ) -- C:\Users\MEINNAME\pdfwriter_setup.exe [2013.02.21 02:51:33 | 006,325,760 | ---- | C] (TreeCardGames.com ) -- C:\Users\MEINNAME\free_spider_solitaire2010_v21_setup.exe [2013.02.20 03:24:04 | 000,593,472 | ---- | C] (www.download-sponsor.de) -- C:\Program Files (x86)\8gadgetpacksetup-Downloader.exe [2013.02.20 03:20:57 | 000,593,472 | ---- | C] (www.download-sponsor.de) -- C:\Program Files (x86)\vlc-2.0.5-win64-Downloader.exe [2013.02.19 22:58:20 | 006,020,336 | ---- | C] (1&1 Internet AG) -- C:\Program Files (x86)\EasyLogin_setup_DE.exe ========== Files - Modified Within 30 Days ========== [2013.04.10 19:40:59 | 000,000,000 | ---- | M] () -- C:\Users\MEINNAME\defogger_reenable [2013.04.10 19:35:00 | 000,001,154 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.10 19:31:54 | 001,745,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.10 19:31:54 | 000,751,892 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.10 19:31:54 | 000,710,046 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.10 19:31:54 | 000,155,620 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.10 19:31:54 | 000,132,416 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.10 19:26:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.10 19:25:34 | 000,001,150 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.10 19:24:58 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.04.10 19:24:57 | 2327,932,927 | -HS- | M] () -- C:\hiberfil.sys [2013.04.10 19:09:44 | 000,000,333 | ---- | M] () -- C:\Windows\BRCALIB.INI [2013.04.10 17:47:36 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.04.10 16:56:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MEINNAME\Desktop\OTL.exe [2013.04.10 16:50:24 | 000,000,324 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.04.10 16:46:48 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.04.10 13:57:48 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.10 13:45:35 | 000,421,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.10 13:25:16 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.04.10 13:23:15 | 000,139,264 | ---- | M] (Inner Media, Inc.) -- C:\Program Files\dunzip32.dll [2013.04.10 13:23:14 | 002,041,072 | ---- | M] (Gracenote, Inc.) -- C:\Program Files\cddbcontrol.dll [2013.04.10 13:23:14 | 001,115,376 | ---- | M] (Gracenote) -- C:\Program Files\cddbmusicid.dll [2013.04.10 13:23:14 | 000,943,344 | ---- | M] (Gracenote) -- C:\Program Files\cddblink.dll [2013.04.10 13:23:14 | 000,119,808 | ---- | M] () -- C:\Program Files\waiting.avi [2013.04.10 13:23:14 | 000,027,278 | ---- | M] () -- C:\Program Files\frw.bmp [2013.04.10 13:23:14 | 000,002,851 | ---- | M] () -- C:\Program Files\cdroms.cfg [2013.04.10 13:23:13 | 003,303,936 | ---- | M] (MediaArea.net) -- C:\Program Files\mediainfo.dll [2013.04.10 13:23:13 | 000,067,473 | ---- | M] () -- C:\Program Files\realplay.chm [2013.04.10 13:23:13 | 000,057,762 | ---- | M] () -- C:\Program Files\howto.chm [2013.04.10 13:23:13 | 000,016,296 | ---- | M] () -- C:\Program Files\realtfon.fon [2013.04.10 13:23:13 | 000,000,751 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2013.04.10 13:23:02 | 000,476,724 | ---- | M] () -- C:\Program Files\converter.vs [2013.04.10 13:23:01 | 000,390,384 | ---- | M] (MainConcept GmbH) -- C:\Program Files\mc_enc_h263.dll [2013.04.10 13:23:00 | 000,115,200 | ---- | M] (RealPlayer) -- C:\Program Files\rpshellextension.dll [2013.04.10 13:23:00 | 000,045,428 | ---- | M] () -- C:\Program Files\sharemedia.vs [2013.04.10 13:23:00 | 000,001,209 | ---- | M] () -- C:\Program Files\flvplay.swf [2013.04.10 13:22:59 | 000,033,157 | ---- | M] () -- C:\Program Files\RealNetworks License.html [2013.04.10 13:22:59 | 000,033,157 | ---- | M] () -- C:\Program Files\playrlic.html [2013.04.10 13:22:58 | 001,109,362 | ---- | M] () -- C:\Program Files\normal.vs [2013.04.10 13:22:58 | 000,061,495 | ---- | M] () -- C:\Program Files\ssimages.vs [2013.04.10 13:22:58 | 000,000,480 | ---- | M] () -- C:\Program Files\keys.dat [2013.04.10 13:22:55 | 000,001,161 | ---- | M] () -- C:\Program Files\autoplaylist.dat [2013.04.10 13:22:55 | 000,000,043 | ---- | M] () -- C:\Program Files\strs23.dat [2013.04.10 13:22:55 | 000,000,013 | ---- | M] () -- C:\Program Files\strs26.dat [2013.04.10 13:22:53 | 000,427,405 | ---- | M] () -- C:\Program Files\calibrate.rv [2013.04.10 13:22:53 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2013.04.10 13:22:53 | 000,017,846 | ---- | M] () -- C:\Program Files\videotest.rm [2013.04.10 13:22:53 | 000,000,221 | ---- | M] () -- C:\Program Files\subscription.rnx [2013.04.10 13:22:53 | 000,000,177 | ---- | M] () -- C:\Program Files\freeoffers.rnx [2013.04.10 13:01:46 | 000,001,110 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.04.01 01:07:52 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.03.31 20:39:41 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.03.31 07:57:57 | 000,001,894 | ---- | M] () -- C:\Users\MEINNAME\Desktop\IrfanView Thumbnails.lnk [2013.03.31 07:57:57 | 000,001,006 | ---- | M] () -- C:\Users\MEINNAME\Desktop\IrfanView.lnk [2013.03.31 07:57:34 | 001,931,472 | ---- | M] (Irfan Skiljan) -- C:\Users\MEINNAME\Desktop\iview435g_setup.exe [2013.03.24 13:08:35 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf ========== Files Created - No Company Name ========== [2013.04.10 19:40:59 | 000,000,000 | ---- | C] () -- C:\Users\MEINNAME\defogger_reenable [2013.04.10 17:47:36 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.04.10 17:47:36 | 000,002,177 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.04.10 16:46:48 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.04.10 14:35:11 | 000,000,324 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.04.10 13:56:49 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.10 13:45:32 | 000,421,080 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.10 13:23:13 | 000,000,751 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2013.04.10 13:01:46 | 000,001,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013.04.10 13:01:46 | 000,001,073 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2013.04.01 01:07:52 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.04.01 01:07:23 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013.03.31 20:39:41 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2013.03.31 07:57:57 | 000,001,894 | ---- | C] () -- C:\Users\MEINNAME\Desktop\IrfanView Thumbnails.lnk [2013.03.31 07:57:57 | 000,001,006 | ---- | C] () -- C:\Users\MEINNAME\Desktop\IrfanView.lnk [2013.03.30 08:30:59 | 000,001,154 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.30 08:30:58 | 000,001,150 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.24 13:08:35 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf [2013.03.02 11:23:26 | 000,054,769 | ---- | C] () -- C:\Program Files\blocklist.xml [2013.02.27 22:19:27 | 000,119,808 | ---- | C] () -- C:\Program Files\waiting.avi [2013.02.27 22:19:27 | 000,027,278 | ---- | C] () -- C:\Program Files\frw.bmp [2013.02.27 22:19:27 | 000,016,296 | ---- | C] () -- C:\Program Files\realtfon.fon [2013.02.27 22:19:27 | 000,002,851 | ---- | C] () -- C:\Program Files\cdroms.cfg [2013.02.27 22:19:26 | 000,067,473 | ---- | C] () -- C:\Program Files\realplay.chm [2013.02.27 22:19:26 | 000,057,762 | ---- | C] () -- C:\Program Files\howto.chm [2013.02.27 22:19:22 | 000,476,724 | ---- | C] () -- C:\Program Files\converter.vs [2013.02.27 22:19:21 | 000,045,428 | ---- | C] () -- C:\Program Files\sharemedia.vs [2013.02.27 22:19:21 | 000,001,209 | ---- | C] () -- C:\Program Files\flvplay.swf [2013.02.27 22:19:20 | 000,033,157 | ---- | C] () -- C:\Program Files\RealNetworks License.html [2013.02.27 22:19:20 | 000,033,157 | ---- | C] () -- C:\Program Files\playrlic.html [2013.02.27 22:19:19 | 001,109,362 | ---- | C] () -- C:\Program Files\normal.vs [2013.02.27 22:19:19 | 000,061,495 | ---- | C] () -- C:\Program Files\ssimages.vs [2013.02.27 22:19:19 | 000,000,480 | ---- | C] () -- C:\Program Files\keys.dat [2013.02.27 22:19:16 | 000,001,161 | ---- | C] () -- C:\Program Files\autoplaylist.dat [2013.02.27 22:19:16 | 000,000,043 | ---- | C] () -- C:\Program Files\strs23.dat [2013.02.27 22:19:16 | 000,000,013 | ---- | C] () -- C:\Program Files\strs26.dat [2013.02.27 22:19:15 | 000,427,405 | ---- | C] () -- C:\Program Files\calibrate.rv [2013.02.27 22:19:15 | 000,017,846 | ---- | C] () -- C:\Program Files\videotest.rm [2013.02.27 22:19:15 | 000,000,221 | ---- | C] () -- C:\Program Files\subscription.rnx [2013.02.27 22:19:15 | 000,000,177 | ---- | C] () -- C:\Program Files\freeoffers.rnx [2013.02.26 16:38:49 | 009,643,305 | ---- | C] () -- C:\Program Files\omni.ja [2013.02.26 16:38:49 | 003,069,848 | ---- | C] () -- C:\Program Files\mozjs.dll [2013.02.26 16:38:49 | 000,036,107 | ---- | C] () -- C:\Program Files\removed-files [2013.02.26 16:38:49 | 000,001,723 | ---- | C] () -- C:\Program Files\precomplete [2013.02.26 16:38:49 | 000,001,245 | ---- | C] () -- C:\Program Files\updater.ini [2013.02.26 16:38:49 | 000,000,899 | ---- | C] () -- C:\Program Files\softokn3.chk [2013.02.26 16:38:49 | 000,000,899 | ---- | C] () -- C:\Program Files\nssdbm3.chk [2013.02.26 16:38:49 | 000,000,899 | ---- | C] () -- C:\Program Files\freebl3.chk [2013.02.26 16:38:49 | 000,000,142 | ---- | C] () -- C:\Program Files\platform.ini [2013.02.26 16:38:49 | 000,000,132 | ---- | C] () -- C:\Program Files\update-settings.ini [2013.02.26 16:38:48 | 000,004,284 | ---- | C] () -- C:\Program Files\crashreporter.ini [2013.02.26 16:38:48 | 000,000,706 | ---- | C] () -- C:\Program Files\crashreporter-override.ini [2013.02.26 16:38:48 | 000,000,463 | ---- | C] () -- C:\Program Files\application.ini [2013.02.26 16:38:48 | 000,000,183 | ---- | C] () -- C:\Program Files\dependentlibs.list [2013.02.21 14:33:36 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2013.02.20 03:21:52 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2013.02.20 03:04:46 | 009,539,515 | ---- | C] () -- C:\Program Files (x86)\Minianwendungen-fuer-Windows-8-DE-x64.zip [2013.02.20 00:22:51 | 097,375,792 | ---- | C] () -- C:\Program Files (x86)\MM82-G-319.exe [2013.02.19 22:04:17 | 000,000,333 | ---- | C] () -- C:\Windows\BRCALIB.INI [2012.12.14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.12.14 02:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.12.14 02:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.10.31 06:22:12 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2012.10.31 06:22:12 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2012.07.29 03:20:07 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== ZeroAccess Check ========== [2013.02.20 00:34:46 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.01.10 01:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 01:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.02.20 00:16:02 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\1&1 [2013.04.06 18:16:21 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\Amazon [2013.04.10 19:24:22 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\IrfanView [2013.04.10 19:24:22 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\MyPhoneExplorer [2013.02.20 03:21:42 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\Opera ========== Purity Check ========== < End of report > Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-10 20:27:18
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002f SanDisk_SDSSDP128G rev.2.0.0 119,24GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ANDREA~1\AppData\Local\Temp\ugdoqpob.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000063d00 7 bytes [40, A9, 82, 01, 00, 51, F2]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000063d08 7 bytes [01, BA, C1, FF, 00, 58, DC]
---- User code sections - GMER 2.1 ----
.text C:\Windows\Explorer.EXE[2624] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ff4bb0177a 4 bytes [B0, 4B, FF, 07]
.text C:\Windows\Explorer.EXE[2624] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ff4bb01782 4 bytes [B0, 4B, FF, 07]
.text C:\Windows\Explorer.EXE[2624] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007ff433d1b32 4 bytes [3D, 43, FF, 07]
.text C:\Windows\Explorer.EXE[2624] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007ff433d1b3a 4 bytes [3D, 43, FF, 07]
.text C:\Windows\System32\igfxpers.exe[3856] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ff4bb0177a 4 bytes [B0, 4B, FF, 07]
.text C:\Windows\System32\igfxpers.exe[3856] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ff4bb01782 4 bytes [B0, 4B, FF, 07]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [476:3020] fffff9600078d5e8
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -773498795
---- Files - GMER 2.1 ----
File C:\System Volume Information\SystemRestore\FRStaging\Users\MEINNAME\AppData\Local\Microsoft\Windows\FileHistory\Data\9\C\Users\MEINNAME\Documents\Work\ASNVerw\ASNBUFÜ\BuFü\2013\ER\4 Mercedes-Benz 16 Zoll Radkappen 2044000325 121 _ eBay-Dateien\25ihsq2lfizbndwhuavhp5dzz.js 4373 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Users\MEINNAME\AppData\Local\Microsoft\Windows\FileHistory\Data\9\C\Users\MEINNAME\Documents\Work\ASNVerw\ASNBUFÜ\BuFü\2013\ER\4 Mercedes-Benz 16 Zoll Radkappen 2044000325 121 _ eBay-Dateien\all.js 148543 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Users\MEINNAME\AppData\Local\Microsoft\Windows\FileHistory\Data\9\C\Users\MEINNAME\Documents\Work\ASNVerw\ASNBUFÜ\BuFü\2013\ER\4 Mercedes-Benz 16 Zoll Radkappen 2044000325 121 _ eBay-Dateien\n2chdrnc2i5zrj3qac552l2vr.js 16692 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Users\MEINNAME\AppData\Local\Microsoft\Windows\FileHistory\Data\9\C\Users\MEINNAME\Documents\Work\ASNVerw\ASNBUFÜ\BuFü\2013\ER\4 Mercedes-Benz 16 Zoll Radkappen 2044000325 121 _ eBay-Dateien\ngvgb3wfmmzyvkftzlyyj4xxt.js 16942 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Users\MEINNAME\AppData\Local\Microsoft\Windows\FileHistory\Data\9\C\Users\MEINNAME\Documents\Work\ASNVerw\ASNBUFÜ\BuFü\2013\ER\4 Mercedes-Benz 16 Zoll Radkappen 2044000325 121 _ eBay-Dateien\r32gctn0fu3vjkpge2mjhij3q.js 104294 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Users\MEINNAME\AppData\Local\Microsoft\Windows\FileHistory\Data\9\C\Users\MEINNAME\Documents\Work\ASNVerw\ASNBUFÜ\BuFü\2013\ER\4 Mercedes-Benz 16 Zoll Radkappen 2044000325 121 _ eBay-Dateien\rtm.js 7554 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Users\MEINNAME\AppData\Local\Microsoft\Windows\FileHistory\Data\9\C\Users\MEINNAME\Documents\Work\ASNVerw\ASNBUFÜ\BuFü\2013\ER\4 Mercedes-Benz 16 Zoll Radkappen 2044000325 121 _ eBay-Dateien\vxdx1ixzaq1ihlzdim0txtfb2.js 40860 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Users\MEINNAME\AppData\Local\Microsoft\Windows\FileHistory\Data\9\C\Users\MEINNAME\Documents\Work\ASNVerw\ASNBUFÜ\BuFü\2013\ER\4 Mercedes-Benz 16 Zoll Radkappen 2044000325 121 _ eBay-Dateien\xfaqvdsp124hnino3kp5t1klv.js 342077 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Users\MEINNAME\AppData\Local\Microsoft\Windows\FileHistory\Data\9\C\Users\MEINNAME\Documents\Work\ASNVerw\ASNBUFÜ\BuFü\2013\ER\Rohrreinigungswelle 1,40m Abflussreiniger Spirale Top Abfluß Reinigung Welle _ eBay-Dateien\all.js 148543 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Users\MEINNAME\AppData\Local\Microsoft\Windows\FileHistory\Data\9\C\Users\MEINNAME\Documents\Work\ASNVerw\ASNBUFÜ\BuFü\2013\ER\Rohrreinigungswelle 1,40m Abflussreiniger Spirale Top Abfluß Reinigung Welle _ eBay-Dateien\eBayISAPI.dll 11 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Users\MEINNAME\AppData\Local\Microsoft\Windows\FileHistory\Data\9\C\Users\MEINNAME\Documents\Work\ASNVerw\ASNBUFÜ\BuFü\2013\ER\Rohrreinigungswelle 1,40m Abflussreiniger Spirale Top Abfluß Reinigung Welle _ eBay-Dateien\rtm.js 19128 bytes
---- EOF - GMER 2.1 ----
Geändert von ansuno (10.04.2013 um 21:46 Uhr) |
|
11.04.2013, 09:41
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Backdoor-Trojaner Bublik.B, Worm Gamarue.I: PUM.UserWLoad entfernen etc. Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
11.04.2013, 12:07
| #3 |
| | Backdoor-Trojaner Bublik.B, Worm Gamarue.I: PUM.UserWLoad entfernen etc. Hallo Cosinus,
__________________ganz herzlichen Dank für Deine schnelle Antwort! Meinen Klarnamen habe ich mit *** ersetzt, den Rechnernamen mit ABC, ich hoffe, das ist ok. Hier nun die gewünschten Logfiles: MBAR Code:
ATTFilter ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
(c) Malwarebytes Corporation 2011-2012
OS version: 6.2.9200 Windows 8 x64
Account is Administrative
Internet Explorer version: 10.0.9200.16540
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.193000 GHz
Memory total: 8278626304, free: 6610415616
------------ Kernel report ------------
04/11/2013 11:52:14
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\pciide.sys
\SystemRoot\System32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\intelide.sys
\SystemRoot\System32\drivers\viaide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\atapi.sys
\SystemRoot\System32\drivers\ataport.SYS
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\N360x64\1403000.024\SYMDS64.SYS
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\N360x64\1403000.024\SYMEFA64.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\N360x64\1403000.024\ccSetx64.sys
\SystemRoot\system32\drivers\N360x64\1403000.024\Ironx64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\Drivers\N360x64\1403000.024\SYMNETS.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\N360x64\1403000.024\SRTSPX64.SYS
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130322.001\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\ISCTD64.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\drivers\usbprint.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\DRIVERS\psi_mf_amd64.sys
\SystemRoot\System32\Drivers\N360x64\1403000.024\SRTSP64.SYS
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\cdd.dll
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130410.022\EX64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130410.022\ENG64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130410.001\IDSvia64.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80075ff060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000002f\
Lower Device Object: 0xfffffa8006b5b7f0
Lower Device Driver Name: \Driver\storahci\
Driver name found: storahci
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\Drivers\storport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.04.11.06
Downloaded database version: v2013.03.25.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80075ff060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80075ffb10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80075ff060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8006b5b5d0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8006b5b7f0, DeviceName: \Device\0000002f\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xfffff8a00fdbff00, 0xfffffa80075ff060, 0xfffffa8007151090
Lower DeviceData: 0xfffff8a00e0a3e70, 0xfffffa8006b5b7f0, 0xfffffa80078fe760
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B51F22E4
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 716800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 718848 Numsec = 249348096
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 128035676160 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-250049680-250069680)...
Done!
Performing system, memory and registry scan...
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load --> [PUM.UserWLoad]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal successful. No system shutdown is required.
=======================================
Code:
ATTFilter ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
(c) Malwarebytes Corporation 2011-2012
OS version: 6.2.9200 Windows 8 x64
Account is Administrative
Internet Explorer version: 10.0.9200.16540
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.193000 GHz
Memory total: 8278626304, free: 6610415616
------------ Kernel report ------------
04/11/2013 11:52:14
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\pciide.sys
\SystemRoot\System32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\intelide.sys
\SystemRoot\System32\drivers\viaide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\atapi.sys
\SystemRoot\System32\drivers\ataport.SYS
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\N360x64\1403000.024\SYMDS64.SYS
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\N360x64\1403000.024\SYMEFA64.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\N360x64\1403000.024\ccSetx64.sys
\SystemRoot\system32\drivers\N360x64\1403000.024\Ironx64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\Drivers\N360x64\1403000.024\SYMNETS.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\N360x64\1403000.024\SRTSPX64.SYS
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130322.001\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\ISCTD64.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\drivers\usbprint.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\DRIVERS\psi_mf_amd64.sys
\SystemRoot\System32\Drivers\N360x64\1403000.024\SRTSP64.SYS
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\cdd.dll
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130410.022\EX64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130410.022\ENG64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130410.001\IDSvia64.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80075ff060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000002f\
Lower Device Object: 0xfffffa8006b5b7f0
Lower Device Driver Name: \Driver\storahci\
Driver name found: storahci
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\Drivers\storport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.04.11.06
Downloaded database version: v2013.03.25.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80075ff060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80075ffb10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80075ff060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8006b5b5d0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8006b5b7f0, DeviceName: \Device\0000002f\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xfffff8a00fdbff00, 0xfffffa80075ff060, 0xfffffa8007151090
Lower DeviceData: 0xfffff8a00e0a3e70, 0xfffffa8006b5b7f0, 0xfffffa80078fe760
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B51F22E4
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 716800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 718848 Numsec = 249348096
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 128035676160 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-250049680-250069680)...
Done!
Performing system, memory and registry scan...
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load --> [PUM.UserWLoad]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal successful. No system shutdown is required.
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
(c) Malwarebytes Corporation 2011-2012
OS version: 6.2.9200 Windows 8 x64
Account is Administrative
Internet Explorer version: 10.0.9200.16540
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.193000 GHz
Memory total: 8278626304, free: 6656380928
------------ Kernel report ------------
04/11/2013 12:04:12
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\pciide.sys
\SystemRoot\System32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\intelide.sys
\SystemRoot\System32\drivers\viaide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\atapi.sys
\SystemRoot\System32\drivers\ataport.SYS
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\N360x64\1403000.024\SYMDS64.SYS
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\N360x64\1403000.024\SYMEFA64.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\N360x64\1403000.024\ccSetx64.sys
\SystemRoot\system32\drivers\N360x64\1403000.024\Ironx64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\Drivers\N360x64\1403000.024\SYMNETS.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\N360x64\1403000.024\SRTSPX64.SYS
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130322.001\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\ISCTD64.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\drivers\usbprint.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\DRIVERS\psi_mf_amd64.sys
\SystemRoot\System32\Drivers\N360x64\1403000.024\SRTSP64.SYS
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\cdd.dll
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130410.022\EX64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130410.022\ENG64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130410.001\IDSvia64.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80075ff060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000002f\
Lower Device Object: 0xfffffa8006b5b7f0
Lower Device Driver Name: \Driver\storahci\
Device already Exists: 0xfffffa80078fe760
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80075ff060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80075ffb10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80075ff060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8006b5b5d0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8006b5b7f0, DeviceName: \Device\0000002f\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xfffff8a00374d860, 0xfffffa80075ff060, 0xfffffa8007151090
Lower DeviceData: 0xfffff8a01a3ddbe0, 0xfffffa8006b5b7f0, 0xfffffa80078fe760
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B51F22E4
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 716800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 718848 Numsec = 249348096
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 128035676160 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-250049680-250069680)...
Done!
Performing system, memory and registry scan...
Scan Interrupted
Done!
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
(c) Malwarebytes Corporation 2011-2012
OS version: 6.2.9200 Windows 8 x64
Account is Administrative
Internet Explorer version: 10.0.9200.16540
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.193000 GHz
Memory total: 8278626304, free: 6628667392
------------ Kernel report ------------
04/11/2013 12:05:17
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\pciide.sys
\SystemRoot\System32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\intelide.sys
\SystemRoot\System32\drivers\viaide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\atapi.sys
\SystemRoot\System32\drivers\ataport.SYS
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\N360x64\1403000.024\SYMDS64.SYS
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\N360x64\1403000.024\SYMEFA64.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\N360x64\1403000.024\ccSetx64.sys
\SystemRoot\system32\drivers\N360x64\1403000.024\Ironx64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\Drivers\N360x64\1403000.024\SYMNETS.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\N360x64\1403000.024\SRTSPX64.SYS
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130322.001\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\ISCTD64.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\drivers\usbprint.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\DRIVERS\psi_mf_amd64.sys
\SystemRoot\System32\Drivers\N360x64\1403000.024\SRTSP64.SYS
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\cdd.dll
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130410.022\EX64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130410.022\ENG64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130410.001\IDSvia64.sys
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\drivers\WpdUpFltr.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800be34740
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000005b\
Lower Device Object: 0xfffffa800ac24060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80075ff060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000002f\
Lower Device Object: 0xfffffa8006b5b7f0
Lower Device Driver Name: \Driver\storahci\
Device already Exists: 0xfffffa80078fe760
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80075ff060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80075ffb10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80075ff060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8006b5b5d0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8006b5b7f0, DeviceName: \Device\0000002f\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xfffff8a017649390, 0xfffffa80075ff060, 0xfffffa8007151090
Lower DeviceData: 0xfffff8a00fdb02e0, 0xfffffa8006b5b7f0, 0xfffffa80078fe760
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B51F22E4
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 716800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 718848 Numsec = 249348096
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 128035676160 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-250049680-250069680)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800be34740, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800bea4570, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800be34740, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800ac24060, DeviceName: \Device\0000005b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0xfffff8a00dea26f0, 0xfffffa800be34740, 0xfffffa800c1ed090
Lower DeviceData: 0xfffff8a0194bd580, 0xfffffa800ac24060, 0xfffffa8007470620
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4EF27132
Partition information:
Partition 0 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 1953518017
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-11 12:14:09
-----------------------------
12:14:09.313 OS Version: Windows x64 6.2.9200
12:14:09.313 Number of processors: 4 586 0x3A09
12:14:09.313 ComputerName: ABC UserName:
12:14:09.782 Initialize success
12:16:13.205 AVAST engine defs: 13041100
12:29:40.422 The log file has been saved successfully to "C:\Users\***\Documents\Work\Aktenmappe\Trojaner\aswMBR.txt"
TDSSKiller -> ist zu lang für den Post, habe ich als Datei angehängt. Ich hoffe, alles ist richtig durchgeführt und warte jetzt auf Deine Antwort. Meinen Rechner habe ich noch nicht neugestartet, da MBAR das nicht verlangt hat. BTW: muss ich alle USB-Sticks scannen? Externe Festplatte hing angeschaltet am Rechner bei den Tests. Viele liebe Grüße, ansuno |
|
11.04.2013, 12:45
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor-Trojaner Bublik.B, Worm Gamarue.I: PUM.UserWLoad entfernen etc. Du hast die falschen Logs von MBAR gepostet, bitte die Anleitungen sorgfältiger lesen und umstezen
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
11.04.2013, 13:02
| #5 |
| | Backdoor-Trojaner Bublik.B, Worm Gamarue.I: PUM.UserWLoad entfernen etc. Hallo cosinus, entschuldige, ich habe mehrere Reports, hier jetzt alle: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org
Database version: v2013.04.11.06
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16540
*** :: ABC [administrator]
11.04.2013 11:56:58
mbar-log-2013-04-11 (11-56-58).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29554
Time elapsed: 3 minute(s), 16 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load (PUM.UserWLoad) -> Data: c:\users\andrea~1\dxsxrr.exe -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org
Database version: v2013.04.11.06
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16540
*** :: ABC [administrator]
11.04.2013 12:04:55
mbar-log-2013-04-11 (12-04-55).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 22325
Time elapsed: 36 second(s) [aborted]
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org
Database version: v2013.04.11.06
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16540
*** :: ABC [administrator]
11.04.2013 12:08:13
mbar-log-2013-04-11 (12-08-13).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29530
Time elapsed: 2 minute(s), 48 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
VG, ansuno |
|
11.04.2013, 13:09
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor-Trojaner Bublik.B, Worm Gamarue.I: PUM.UserWLoad entfernen etc. JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ --> Backdoor-Trojaner Bublik.B, Worm Gamarue.I: PUM.UserWLoad entfernen etc. |
|
11.04.2013, 13:36
| #7 |
| | Backdoor-Trojaner Bublik.B, Worm Gamarue.I: PUM.UserWLoad entfernen etc. Hallo cosinus, hier die Logs: JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows 8 x64
Ran by *** on 11.04.2013 at 14:13:18,17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\naokmbcz.default\invalidprefs.js
Emptied folder: C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\naokmbcz.default\minidumps [2 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.04.2013 at 14:16:55,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AdWareCleaner Code:
ATTFilter # AdwCleaner v2.200 - Datei am 11/04/2013 um 14:21:45 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzer : *** - ABC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Gelöscht mit Neustart : C:\Users\ANDREA~1\AppData\Local\Temp\OCS
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16537
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0 (de)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\naokmbcz.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [984 octets] - [10/04/2013 15:20:23]
AdwCleaner[R2].txt - [1043 octets] - [10/04/2013 15:20:41]
AdwCleaner[R3].txt - [1164 octets] - [10/04/2013 16:49:56]
AdwCleaner[S1].txt - [4288 octets] - [10/04/2013 14:32:30]
AdwCleaner[S2].txt - [1112 octets] - [10/04/2013 15:20:48]
AdwCleaner[S3].txt - [1233 octets] - [10/04/2013 16:50:12]
AdwCleaner[S4].txt - [335 octets] - [10/04/2013 16:52:28]
AdwCleaner[S5].txt - [1221 octets] - [11/04/2013 14:21:45]
########## EOF - C:\AdwCleaner[S5].txt - [1281 octets] ##########
Code:
ATTFilter OTL logfile created on: 11.04.2013 14:27:18 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,71 Gb Total Physical Memory | 6,25 Gb Available Physical Memory | 81,02% Memory free 8,90 Gb Paging File | 7,47 Gb Available in Paging File | 83,99% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 118,90 Gb Total Space | 48,20 Gb Free Space | 40,54% Space Free | Partition Type: NTFS Drive E: | 978,72 Mb Total Space | 224,55 Mb Free Space | 22,94% Space Free | Partition Type: FAT Drive F: | 931,28 Gb Total Space | 722,16 Gb Free Space | 77,54% Space Free | Partition Type: FAT32 Drive G: | 3,73 Gb Total Space | 0,13 Gb Free Space | 3,39% Space Free | Partition Type: FAT32 Computer Name: ABC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe () PRC - C:\Users\***\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe () PRC - C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) PRC - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\1&1\1&1 EasyLogin\EasyLogin.exe (1&1 Internet AG) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cf561d65486360afb324d26c80b9aac2\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65220f0f32ec84454f9a811fba883c2e\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ae31f7dc9817e359d05c9c8efdd5f359\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e6b074d3f3e3cc8e0270a3552c47aaa\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28c2c6e7f48ff80c680a97b08df66a72\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.3.0.36\wincfi39.dll () ========== Services (SafeList) ========== SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation) SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation) SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation) SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation) SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation) SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation) SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation) SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation) SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation) SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation) SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation) SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe () SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AddonsHelper) -- C:\Users\***\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe () SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation) DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation) DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation) DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (PSI) -- C:\Windows\SysNative\Drivers\psi_mf_amd64.sys (Secunia) DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation) DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symnets.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symefa64.sys (Symantec Corporation) DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\srtspx64.sys (Symantec Corporation) DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symds64.sys (Symantec Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation) DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\ironx64.sys (Symantec Corporation) DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\ccsetx64.sys (Symantec Corporation) DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation) DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation) DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation) DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation) DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation) DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation) DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation) DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation) DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation) DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation) DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation) DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation) DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation) DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation) DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation) DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation) DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation) DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation) DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation) DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation) DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation) DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation) DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation) DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation) DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation) DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation) DRV:64bit: - (SymELAM) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symelam.sys (Symantec Corporation) DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek ) DRV:64bit: - (ISCT) -- C:\Windows\SysNative\Drivers\ISCTD64.sys () DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130322.001\BHDrvx64.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130410.022\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130410.022\eng64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130410.001\IDSviA64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (usbccgp) -- C:\Windows\SysWOW64\drivers\usbccgp.sys (Microsoft Corporation) DRV - (usbhub) -- C:\Windows\SysWOW64\drivers\usbhub.sys (Microsoft Corporation) DRV - (usbuhci) -- C:\Windows\SysWOW64\drivers\usbuhci.sys (Microsoft Corporation) DRV - (usbohci) -- C:\Windows\SysWOW64\drivers\usbohci.sys (Microsoft Corporation) DRV - (usbehci) -- C:\Windows\SysWOW64\drivers\usbehci.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=ds2se&d IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1427359656-2598300182-1699052561-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1427359656-2598300182-1699052561-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ IE - HKU\S-1-5-21-1427359656-2598300182-1699052561-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-1427359656-2598300182-1699052561-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 57 CA 49 DB 0E CE 01 [binary data] IE - HKU\S-1-5-21-1427359656-2598300182-1699052561-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1427359656-2598300182-1699052561-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494531305352&st={searchTerms}&clid=86c17e9c-58e5-4092-9400-7bb6f3e5385e&pid=freewarede&k=0 IE - HKU\S-1-5-21-1427359656-2598300182-1699052561-1001\..\SearchScopes\{08E831E0-63F4-4C5D-A912-63AE5B429055}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=86c17e9c-58e5-4092-9400-7bb6f3e5385e&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-1427359656-2598300182-1699052561-1001\..\SearchScopes\{696E239D-21FC-4DEF-8735-883C752844CC}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=86c17e9c-58e5-4092-9400-7bb6f3e5385e&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-1427359656-2598300182-1699052561-1001\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=ds2se&d IE - HKU\S-1-5-21-1427359656-2598300182-1699052561-1001\..\SearchScopes\{7B50B11E-A19B-4362-BDC8-2D4ABFD36BBC}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=86c17e9c-58e5-4092-9400-7bb6f3e5385e&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-1427359656-2598300182-1699052561-1001\..\SearchScopes\{8266E361-AF9E-46E1-99CB-7B881846ACB5}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=86c17e9c-58e5-4092-9400-7bb6f3e5385e&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-1427359656-2598300182-1699052561-1001\..\SearchScopes\{C4C4172E-71F5-4F42-803A-6F83F3D2B70B}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=86c17e9c-58e5-4092-9400-7bb6f3e5385e&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-1427359656-2598300182-1699052561-1001\..\SearchScopes\{D9750635-1F05-462A-95D8-ABB260077148}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=86c17e9c-58e5-4092-9400-7bb6f3e5385e&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-1427359656-2598300182-1699052561-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1427359656-2598300182-1699052561-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.parfumo.de/" FF - prefs.js..extensions.enabledAddons: %7Bc1970c0d-dbe6-4d91-804f-c9c0de643a57%7D:1.3.2.13 FF - prefs.js..extensions.enabledAddons: %7BB17C1C5A-04B1-11DB-9804-B622A1EF5492%7D:1.2.1 FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:1.3.1 FF - prefs.js..extensions.enabledAddons: readable%40evernote.com:7.3346.273.222 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.9 FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%204 FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2013.3.4.3 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402 FF - prefs.js..extensions.enabledAddons: %7Bbee6eb20-01e0-ebd1-da83-080329fb9a3a%7D:1.31 FF - prefs.js..extensions.enabledAddons: %7BDAC3F861-B30D-40dd-9166-F4E75327FAC7%7D:1.3.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\dnshelp@dnshelp.com: C:\Users\***\AppData\Roaming\Helper [2013.02.20 03:38:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013.02.22 21:54:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013.04.10 16:52:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.04.10 19:24:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\components [2013.04.10 08:38:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\plugins [2013.04.10 19:24:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.10 19:24:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.17 14:09:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.04.10 17:42:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\naokmbcz.default\extensions [2013.04.10 19:24:22 | 000,000,000 | ---D | M] (WOT) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\naokmbcz.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013.04.10 19:24:22 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\naokmbcz.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2013.03.05 23:38:36 | 001,190,001 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\naokmbcz.default\extensions\readable@evernote.com.xpi [2013.02.17 14:20:42 | 000,021,093 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\naokmbcz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2013.04.03 07:36:04 | 000,531,916 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\naokmbcz.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.02.17 14:20:42 | 000,089,442 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\naokmbcz.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2013.04.03 07:34:35 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\naokmbcz.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2013.02.17 14:20:42 | 000,017,971 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\naokmbcz.default\extensions\{c1970c0d-dbe6-4d91-804f-c9c0de643a57}.xpi [2013.02.17 14:17:51 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\naokmbcz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.02.20 03:38:29 | 000,002,080 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\naokmbcz.default\searchplugins\7c9dbe2c-3ee2-46de-bf3e-380666a439a5.xml [2013.04.10 13:25:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.10 16:52:28 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\COFFPLGN [2013.02.22 21:54:05 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPLGN [2013.04.10 19:24:23 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT [2013.03.27 04:17:36 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.03.27 05:32:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.27 05:32:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.27 05:32:09 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.03.27 05:32:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.27 05:32:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.27 05:32:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet) O2 - BHO: (DNS Error Helper) - {9B6B03F1-16CF-4491-BBBB-E872802DD717} - C:\ProgramData\DNSErrorHelper\bho.dll () O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-1427359656-2598300182-1699052561-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [TkBellExe] c:\program files\Update\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-21-1427359656-2598300182-1699052561-1001..\Run: [1&1 EasyLogin] C:\Program Files (x86)\1&1\1&1 EasyLogin\EasyLogin.exe (1&1 Internet AG) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A964C56F-DAD2-4CFC-A2AF-13162601EC96}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.11 14:13:16 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.04.11 14:13:11 | 000,000,000 | ---D | C] -- C:\JRT [2013.04.11 14:13:01 | 000,551,587 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\***\Desktop\JRT.exe [2013.04.11 12:59:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013.04.11 12:59:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2013.04.11 12:36:31 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe [2013.04.11 12:12:06 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe [2013.04.11 11:50:52 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbar-1.01.0.1022 [2013.04.10 22:43:08 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppobjs.dll [2013.04.10 22:43:06 | 001,627,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.04.10 22:43:05 | 010,116,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll [2013.04.10 22:43:05 | 008,857,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll [2013.04.10 22:43:04 | 005,978,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.04.10 22:43:04 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfasfsrcsnk.dll [2013.04.10 22:43:04 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfasfsrcsnk.dll [2013.04.10 22:43:04 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll [2013.04.10 22:43:03 | 005,091,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.04.10 22:43:03 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.04.10 22:43:03 | 001,149,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmde.dll [2013.04.10 22:43:03 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll [2013.04.10 22:43:03 | 000,951,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Globalization.dll [2013.04.10 22:43:03 | 000,893,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmde.dll [2013.04.10 22:43:03 | 000,760,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2013.04.10 22:43:03 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Security.Authentication.OnlineId.dll [2013.04.10 22:43:03 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Globalization.dll [2013.04.10 22:43:03 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.04.10 22:43:03 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BCP47Langs.dll [2013.04.10 22:43:03 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcfgx.dll [2013.04.10 22:43:03 | 000,332,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys [2013.04.10 22:43:03 | 000,327,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys [2013.04.10 22:43:03 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\BCP47Langs.dll [2013.04.10 22:43:03 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll [2013.04.10 22:43:03 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll [2013.04.10 22:43:03 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TimeBrokerServer.dll [2013.04.10 22:43:02 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll [2013.04.10 22:43:02 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.04.10 22:43:02 | 001,619,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2013.04.10 22:43:02 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll [2013.04.10 22:43:02 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll [2013.04.10 22:43:02 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll [2013.04.10 22:43:02 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll [2013.04.10 22:43:02 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcfgx.dll [2013.04.10 22:43:02 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll [2013.04.10 22:43:02 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll [2013.04.10 22:43:02 | 000,337,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBXHCI.SYS [2013.04.10 22:43:02 | 000,283,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys [2013.04.10 22:43:02 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usbmon.dll [2013.04.10 22:43:02 | 000,194,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys [2013.04.10 22:43:02 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powercfg.cpl [2013.04.10 22:43:02 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\discan.dll [2013.04.10 22:43:02 | 000,148,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tpm.sys [2013.04.10 22:43:02 | 000,125,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys [2013.04.10 22:43:02 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NdisImPlatform.dll [2013.04.10 22:43:02 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013.04.10 22:43:02 | 000,077,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storahci.sys [2013.04.10 22:43:02 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys [2013.04.10 22:43:02 | 000,058,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2013.04.10 22:43:02 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2013.04.10 22:43:01 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll [2013.04.10 22:43:01 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll [2013.04.10 22:43:01 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powercfg.cpl [2013.04.10 22:43:01 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2013.04.10 22:43:01 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSyncInfo.dll [2013.04.10 22:43:01 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll [2013.04.10 22:43:01 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSyncInfo.dll [2013.04.10 22:43:01 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2013.04.10 22:43:01 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll [2013.04.10 22:43:01 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhostex.exe [2013.04.10 22:43:01 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDPrintProxy.DLL [2013.04.10 22:43:01 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevDispItemProvider.dll [2013.04.10 22:43:01 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2013.04.10 22:43:01 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevDispItemProvider.dll [2013.04.10 22:43:01 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe [2013.04.10 17:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.04.10 17:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.04.10 17:47:33 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2013.04.10 17:47:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.04.10 16:56:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.04.10 16:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.04.10 13:57:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2013.04.10 13:56:49 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.04.10 13:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.10 13:56:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.04.10 13:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.10 13:56:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs [2013.04.10 13:43:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.04.10 13:25:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.10 13:23:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\RealNetworks [2013.04.10 13:23:15 | 000,000,000 | ---D | C] -- C:\Program Files\templates [2013.04.10 13:23:13 | 000,045,184 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpshellsearch.dll [2013.04.10 13:23:13 | 000,000,000 | ---D | C] -- C:\Program Files\Filters [2013.04.10 13:23:01 | 000,390,384 | ---- | C] (MainConcept GmbH) -- C:\Program Files\mc_enc_h263.dll [2013.04.10 13:23:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared [2013.04.10 13:23:00 | 000,000,000 | ---D | C] -- C:\Program Files\Producer [2013.04.10 13:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\library [2013.04.10 13:01:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Secunia PSI [2013.04.10 13:01:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia [2013.04.10 08:34:47 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.10 08:34:45 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll [2013.04.10 08:34:44 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.10 08:34:44 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.10 08:34:44 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.10 08:34:44 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.04.10 08:34:44 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.04.10 08:34:44 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.04.10 08:34:44 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.04.10 08:34:44 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.04.10 08:34:26 | 006,991,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.04.10 08:34:25 | 001,011,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll [2013.04.10 08:34:25 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll [2013.04.09 16:45:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Samsung_USB_Drivers [2013.04.09 16:45:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung [2013.04.08 10:19:00 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Die Einzelheiten Ihres Einkaufs [2013.04.06 18:16:21 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Amazon MP3 [2013.04.06 18:16:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Amazon [2013.04.06 18:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon [2013.04.06 18:00:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon [2013.04.05 13:33:17 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capicom.dll [2013.04.05 13:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Labtec [2013.04.05 13:33:03 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71.dll [2013.04.05 13:33:03 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71u.dll [2013.04.05 13:33:03 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71DEU.DLL [2013.04.05 13:33:03 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71ITA.DLL [2013.04.05 13:33:03 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71ESP.DLL [2013.04.05 13:33:03 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71ENU.DLL [2013.04.05 13:33:03 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71KOR.DLL [2013.04.05 13:33:03 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71JPN.DLL [2013.04.05 13:33:03 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71CHT.DLL [2013.04.05 13:33:03 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71CHS.DLL [2013.04.05 13:33:02 | 000,933,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC48906.rra [2013.04.05 13:33:02 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\atl71.dll [2013.04.05 13:32:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech [2013.04.05 13:32:56 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2013.04.05 13:31:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2013.04.04 14:45:46 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Outlook-Dateien [2013.04.04 12:28:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ORPALIS [2013.04.04 12:27:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Downloaded Installations [2013.04.02 19:16:31 | 000,000,000 | --SD | C] -- C:\Users\***\Documents\Meine Shapes [2013.04.01 16:24:38 | 000,000,000 | R--D | C] -- C:\Users\***\Documents\Scanned Documents [2013.04.01 16:24:38 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Fax [2013.04.01 01:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.04.01 01:07:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Apple Computer [2013.04.01 01:07:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple Computer [2013.04.01 01:07:41 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2013.04.01 01:07:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2013.04.01 01:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.04.01 01:07:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.04.01 01:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.04.01 01:07:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013.04.01 01:07:35 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.04.01 01:07:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2013.04.01 01:07:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple [2013.04.01 01:07:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2013.04.01 01:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2013.04.01 01:07:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2013.04.01 01:07:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2013.04.01 01:07:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2013.03.31 20:39:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Skype [2013.03.31 20:39:41 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.03.31 20:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.03.31 20:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.03.31 20:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2013.03.31 07:57:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView [2013.03.31 07:57:31 | 001,931,472 | ---- | C] (Irfan Skiljan) -- C:\Users\***\Desktop\iview435g_setup.exe [2013.03.31 07:54:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView [2013.03.30 08:31:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.03.30 08:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.03.30 08:30:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Google [2013.03.26 13:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\searchplugins [2013.03.26 13:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\extensions [2013.03.26 13:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\defaults [2013.03.26 13:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\components [2013.03.17 13:03:35 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Geburtstage etc [2013.03.14 11:03:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.14 11:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.14 11:01:45 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll [2013.03.14 11:01:45 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll [2013.03.14 11:01:23 | 013,643,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll [2013.03.14 11:01:22 | 010,792,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll [2013.03.14 11:01:20 | 000,731,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.03.14 11:01:20 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\duser.dll [2013.03.14 11:01:20 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlroamextension.dll [2013.03.14 11:01:20 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WWanAPI.dll [2013.03.14 11:01:20 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll [2013.03.14 11:01:20 | 000,446,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS [2013.03.14 11:01:20 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlroamextension.dll [2013.03.14 11:01:20 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2013.03.14 11:01:20 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WWanAPI.dll [2013.03.14 11:01:20 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.Connectivity.dll [2013.03.14 11:01:20 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hotspotauth.dll [2013.03.14 11:01:20 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll [2013.03.14 11:01:20 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mbsmsapi.dll [2013.03.14 11:01:20 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll [2013.03.14 11:01:20 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mbsmsapi.dll [2013.03.14 11:01:20 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll [2013.03.14 11:01:20 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskkill.exe [2013.03.14 11:01:20 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tasklist.exe [2013.03.14 11:01:20 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskkill.exe [2013.03.14 11:01:20 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys [2013.03.14 11:01:19 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll [2013.03.14 11:01:19 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys [2013.03.14 11:01:19 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tasklist.exe [2013.03.14 11:01:19 | 000,061,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys [2013.03.14 11:01:19 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmproxy.dll [2013.03.14 11:01:19 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmsprep.dll [2013.03.14 11:01:15 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll [2013.03.14 11:01:15 | 001,437,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll [2013.03.14 11:01:15 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.03.14 11:01:13 | 000,230,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys [2013.03.14 11:01:13 | 000,035,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys [2013.03.14 11:01:11 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll [2013.03.14 11:01:11 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll [2013.02.27 22:19:28 | 000,370,176 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjdlg.dll [2013.02.27 22:19:28 | 000,139,264 | ---- | C] (Inner Media, Inc.) -- C:\Program Files\dunzip32.dll [2013.02.27 22:19:28 | 000,031,232 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjprog.dll [2013.02.27 22:19:28 | 000,016,384 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\wmdmhelper.dll [2013.02.27 22:19:27 | 002,041,072 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\cddbcontrol.dll [2013.02.27 22:19:27 | 001,115,376 | ---- | C] (Gracenote) -- C:\Program Files\cddbmusicid.dll [2013.02.27 22:19:27 | 000,943,344 | ---- | C] (Gracenote) -- C:\Program Files\cddblink.dll [2013.02.27 22:19:27 | 000,641,536 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjbres.dll [2013.02.27 22:19:27 | 000,073,216 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\tsasdk.dll [2013.02.27 22:19:27 | 000,056,320 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpwa3260.dll [2013.02.27 22:19:27 | 000,048,640 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\tpasdk.dll [2013.02.27 22:19:27 | 000,045,568 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\ierjplug.dll [2013.02.27 22:19:27 | 000,044,544 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\mmcdda32.dll [2013.02.27 22:19:27 | 000,022,528 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\tnetdtct.dll [2013.02.27 22:19:27 | 000,008,704 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\fixrjb.exe [2013.02.27 22:19:26 | 003,303,936 | ---- | C] (MediaArea.net) -- C:\Program Files\mediainfo.dll [2013.02.27 22:19:26 | 000,389,712 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realcleaner.exe [2013.02.27 22:19:22 | 000,384,088 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realconverter.exe [2013.02.27 22:19:22 | 000,355,416 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\convert.exe [2013.02.27 22:19:21 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dbghelp.dll [2013.02.27 22:19:21 | 000,389,712 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realtrimmer.exe [2013.02.27 22:19:21 | 000,136,784 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realshare.exe [2013.02.27 22:19:21 | 000,115,200 | ---- | C] (RealPlayer) -- C:\Program Files\rpshellextension.dll [2013.02.27 22:19:21 | 000,069,632 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjwmapln.dll [2013.02.27 22:19:20 | 000,047,616 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpau3260.dll [2013.02.27 22:19:16 | 000,112,248 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rdsf3260.dll [2013.02.27 22:19:16 | 000,087,552 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\hxaudiodevicehook.dll [2013.02.27 22:19:16 | 000,086,016 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpplugprot.dll [2013.02.27 22:19:16 | 000,071,280 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpshell.dll [2013.02.27 22:19:16 | 000,030,816 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rndevicedbbuilder.exe [2013.02.27 22:19:15 | 000,501,328 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realplay.exe [2013.02.27 22:19:15 | 000,017,528 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rphelperapp.exe [2013.02.27 22:19:15 | 000,009,216 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realjbox.exe [2013.02.26 16:38:49 | 017,887,640 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xul.dll [2013.02.26 16:38:49 | 002,954,136 | ---- | C] (Mozilla Foundation) -- C:\Program Files\gkmedias.dll [2013.02.26 16:38:49 | 000,812,440 | ---- | C] (sqlite.org) -- C:\Program Files\mozsqlite3.dll [2013.02.26 16:38:49 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr100.dll [2013.02.26 16:38:49 | 000,641,944 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nss3.dll [2013.02.26 16:38:49 | 000,478,104 | ---- | C] (Mozilla Foundation) -- C:\Program Files\libGLESv2.dll [2013.02.26 16:38:49 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp100.dll [2013.02.26 16:38:49 | 000,375,192 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssckbi.dll [2013.02.26 16:38:49 | 000,277,400 | ---- | C] (Mozilla Foundation) -- C:\Program Files\freebl3.dll [2013.02.26 16:38:49 | 000,272,280 | ---- | C] (Mozilla Foundation) -- C:\Program Files\updater.exe [2013.02.26 16:38:49 | 000,193,584 | ---- | C] (Mozilla Corporation) -- C:\Program Files\maintenanceservice_installer.exe [2013.02.26 16:38:49 | 000,172,440 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nspr4.dll [2013.02.26 16:38:49 | 000,170,232 | ---- | C] (Mozilla Corporation) -- C:\Program Files\webapp-uninstaller.exe [2013.02.26 16:38:49 | 000,155,544 | ---- | C] (Mozilla Foundation) -- C:\Program Files\ssl3.dll [2013.02.26 16:38:49 | 000,151,960 | ---- | C] (Mozilla Foundation) -- C:\Program Files\softokn3.dll [2013.02.26 16:38:49 | 000,131,480 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozglue.dll [2013.02.26 16:38:49 | 000,115,608 | ---- | C] (Mozilla Foundation) -- C:\Program Files\maintenanceservice.exe [2013.02.26 16:38:49 | 000,104,344 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssutil3.dll [2013.02.26 16:38:49 | 000,096,664 | ---- | C] (Mozilla Foundation) -- C:\Program Files\webapprt-stub.exe [2013.02.26 16:38:49 | 000,092,056 | ---- | C] (Mozilla Foundation) -- C:\Program Files\smime3.dll [2013.02.26 16:38:49 | 000,091,544 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssdbm3.dll [2013.02.26 16:38:49 | 000,059,288 | ---- | C] (Mozilla Foundation) -- C:\Program Files\libEGL.dll [2013.02.26 16:38:49 | 000,021,912 | ---- | C] (Mozilla Foundation) -- C:\Program Files\plc4.dll [2013.02.26 16:38:49 | 000,021,400 | ---- | C] (Mozilla Foundation) -- C:\Program Files\plds4.dll [2013.02.26 16:38:49 | 000,019,352 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xpcom.dll [2013.02.26 16:38:49 | 000,017,304 | ---- | C] (Mozilla Corporation) -- C:\Program Files\plugin-container.exe [2013.02.26 16:38:49 | 000,016,280 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozalloc.dll [2013.02.26 16:38:48 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Program Files\D3DCompiler_43.dll [2013.02.26 16:38:48 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Program Files\d3dx9_43.dll [2013.02.26 16:38:48 | 000,917,400 | ---- | C] (Mozilla Corporation) -- C:\Program Files\firefox.exe [2013.02.26 16:38:48 | 000,116,120 | ---- | C] (Mozilla Foundation) -- C:\Program Files\crashreporter.exe [2013.02.26 16:38:48 | 000,074,136 | ---- | C] (Mozilla Foundation) -- C:\Program Files\breakpadinjector.dll [2013.02.26 16:38:48 | 000,019,352 | ---- | C] (Mozilla Foundation) -- C:\Program Files\AccessibleMarshal.dll [2013.02.26 16:38:12 | 020,426,896 | ---- | C] (Mozilla) -- C:\Users\***\Firefox Setup 19.0.exe [2013.02.25 21:29:10 | 001,646,288 | ---- | C] (Irfan Skiljan) -- C:\Users\***\iview435_setup.exe [2013.02.22 21:46:38 | 154,147,384 | ---- | C] (Symantec Corporation) -- C:\Users\***\norton_360_setup.exe [2013.02.21 20:34:55 | 001,356,599 | ---- | C] (Wondersoft ) -- C:\Users\***\pdfwriter_setup.exe [2013.02.21 02:51:33 | 006,325,760 | ---- | C] (TreeCardGames.com ) -- C:\Users\***\free_spider_solitaire2010_v21_setup.exe [2013.02.20 03:24:04 | 000,593,472 | ---- | C] (www.download-sponsor.de) -- C:\Program Files (x86)\8gadgetpacksetup-Downloader.exe [2013.02.20 03:20:57 | 000,593,472 | ---- | C] (www.download-sponsor.de) -- C:\Program Files (x86)\vlc-2.0.5-win64-Downloader.exe [2013.02.19 22:58:20 | 006,020,336 | ---- | C] (1&1 Internet AG) -- C:\Program Files (x86)\EasyLogin_setup_DE.exe ========== Files - Modified Within 30 Days ========== [2013.04.11 14:24:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.11 14:22:59 | 000,001,150 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.11 14:22:30 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.04.11 14:22:23 | 2327,932,927 | -HS- | M] () -- C:\hiberfil.sys [2013.04.11 14:21:53 | 000,000,432 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.04.11 14:19:45 | 000,613,083 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.04.11 14:13:02 | 000,551,587 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\***\Desktop\JRT.exe [2013.04.11 13:35:00 | 000,001,154 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.11 12:40:35 | 001,745,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.11 12:40:35 | 000,751,892 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.11 12:40:35 | 000,710,046 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.11 12:40:35 | 000,155,620 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.11 12:40:35 | 000,132,416 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.11 12:36:31 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe [2013.04.11 12:13:28 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe [2013.04.11 11:50:00 | 012,894,739 | ---- | M] () -- C:\Users\***\Desktop\mbar-1.01.0.1022.zip [2013.04.11 09:50:36 | 000,000,333 | ---- | M] () -- C:\Windows\BRCALIB.INI [2013.04.10 19:58:48 | 000,377,856 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe [2013.04.10 19:40:59 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.04.10 17:47:36 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.04.10 16:56:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.04.10 16:46:48 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.04.10 13:57:48 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.10 13:45:35 | 000,421,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.10 13:25:16 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.04.10 13:23:15 | 000,370,176 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\rjdlg.dll [2013.04.10 13:23:15 | 000,139,264 | ---- | M] (Inner Media, Inc.) -- C:\Program Files\dunzip32.dll [2013.04.10 13:23:15 | 000,031,232 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\rjprog.dll [2013.04.10 13:23:15 | 000,016,384 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\wmdmhelper.dll [2013.04.10 13:23:14 | 002,041,072 | ---- | M] (Gracenote, Inc.) -- C:\Program Files\cddbcontrol.dll [2013.04.10 13:23:14 | 001,115,376 | ---- | M] (Gracenote) -- C:\Program Files\cddbmusicid.dll [2013.04.10 13:23:14 | 000,943,344 | ---- | M] (Gracenote) -- C:\Program Files\cddblink.dll [2013.04.10 13:23:14 | 000,641,536 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\rjbres.dll [2013.04.10 13:23:14 | 000,119,808 | ---- | M] () -- C:\Program Files\waiting.avi [2013.04.10 13:23:14 | 000,073,216 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\tsasdk.dll [2013.04.10 13:23:14 | 000,056,320 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\rpwa3260.dll [2013.04.10 13:23:14 | 000,048,640 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\tpasdk.dll [2013.04.10 13:23:14 | 000,045,568 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\ierjplug.dll [2013.04.10 13:23:14 | 000,044,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mmcdda32.dll [2013.04.10 13:23:14 | 000,027,278 | ---- | M] () -- C:\Program Files\frw.bmp [2013.04.10 13:23:14 | 000,022,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\tnetdtct.dll [2013.04.10 13:23:14 | 000,008,704 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\fixrjb.exe [2013.04.10 13:23:14 | 000,002,851 | ---- | M] () -- C:\Program Files\cdroms.cfg [2013.04.10 13:23:13 | 003,303,936 | ---- | M] (MediaArea.net) -- C:\Program Files\mediainfo.dll [2013.04.10 13:23:13 | 000,389,712 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\realcleaner.exe [2013.04.10 13:23:13 | 000,067,473 | ---- | M] () -- C:\Program Files\realplay.chm [2013.04.10 13:23:13 | 000,057,762 | ---- | M] () -- C:\Program Files\howto.chm [2013.04.10 13:23:13 | 000,045,184 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\rpshellsearch.dll [2013.04.10 13:23:13 | 000,016,296 | ---- | M] () -- C:\Program Files\realtfon.fon [2013.04.10 13:23:13 | 000,000,751 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2013.04.10 13:23:02 | 000,476,724 | ---- | M] () -- C:\Program Files\converter.vs [2013.04.10 13:23:02 | 000,384,088 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\realconverter.exe [2013.04.10 13:23:02 | 000,355,416 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\convert.exe [2013.04.10 13:23:01 | 000,390,384 | ---- | M] (MainConcept GmbH) -- C:\Program Files\mc_enc_h263.dll [2013.04.10 13:23:00 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\dbghelp.dll [2013.04.10 13:23:00 | 000,389,712 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\realtrimmer.exe [2013.04.10 13:23:00 | 000,136,784 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\realshare.exe [2013.04.10 13:23:00 | 000,115,200 | ---- | M] (RealPlayer) -- C:\Program Files\rpshellextension.dll [2013.04.10 13:23:00 | 000,069,632 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\rjwmapln.dll [2013.04.10 13:23:00 | 000,045,428 | ---- | M] () -- C:\Program Files\sharemedia.vs [2013.04.10 13:23:00 | 000,001,209 | ---- | M] () -- C:\Program Files\flvplay.swf [2013.04.10 13:22:59 | 000,047,616 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\rpau3260.dll [2013.04.10 13:22:59 | 000,033,157 | ---- | M] () -- C:\Program Files\RealNetworks License.html [2013.04.10 13:22:59 | 000,033,157 | ---- | M] () -- C:\Program Files\playrlic.html [2013.04.10 13:22:58 | 001,109,362 | ---- | M] () -- C:\Program Files\normal.vs [2013.04.10 13:22:58 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll [2013.04.10 13:22:58 | 000,061,495 | ---- | M] () -- C:\Program Files\ssimages.vs [2013.04.10 13:22:58 | 000,000,480 | ---- | M] () -- C:\Program Files\keys.dat [2013.04.10 13:22:55 | 000,112,248 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\rdsf3260.dll [2013.04.10 13:22:55 | 000,087,552 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\hxaudiodevicehook.dll [2013.04.10 13:22:55 | 000,086,016 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\rpplugprot.dll [2013.04.10 13:22:55 | 000,071,280 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\rpshell.dll [2013.04.10 13:22:55 | 000,030,816 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\rndevicedbbuilder.exe [2013.04.10 13:22:55 | 000,001,161 | ---- | M] () -- C:\Program Files\autoplaylist.dat [2013.04.10 13:22:55 | 000,000,043 | ---- | M] () -- C:\Program Files\strs23.dat [2013.04.10 13:22:55 | 000,000,013 | ---- | M] () -- C:\Program Files\strs26.dat [2013.04.10 13:22:54 | 000,017,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\rphelperapp.exe [2013.04.10 13:22:54 | 000,009,216 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\realjbox.exe [2013.04.10 13:22:54 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll [2013.04.10 13:22:54 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll [2013.04.10 13:22:53 | 000,501,328 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\realplay.exe [2013.04.10 13:22:53 | 000,427,405 | ---- | M] () -- C:\Program Files\calibrate.rv [2013.04.10 13:22:53 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2013.04.10 13:22:53 | 000,017,846 | ---- | M] () -- C:\Program Files\videotest.rm [2013.04.10 13:22:53 | 000,000,221 | ---- | M] () -- C:\Program Files\subscription.rnx [2013.04.10 13:22:53 | 000,000,177 | ---- | M] () -- C:\Program Files\freeoffers.rnx [2013.04.10 13:01:46 | 000,001,110 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.04.03 00:08:01 | 000,692,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.04.03 00:08:01 | 000,078,176 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.04.01 01:07:52 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.03.31 20:39:41 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.03.31 07:57:57 | 000,001,894 | ---- | M] () -- C:\Users\***\Desktop\IrfanView Thumbnails.lnk [2013.03.31 07:57:57 | 000,001,006 | ---- | M] () -- C:\Users\***\Desktop\IrfanView.lnk [2013.03.31 07:57:34 | 001,931,472 | ---- | M] (Irfan Skiljan) -- C:\Users\***\Desktop\iview435g_setup.exe [2013.03.24 13:08:35 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf ========== Files Created - No Company Name ========== [2013.04.11 14:19:44 | 000,613,083 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.04.11 11:49:49 | 012,894,739 | ---- | C] () -- C:\Users\***\Desktop\mbar-1.01.0.1022.zip [2013.04.10 22:43:01 | 000,387,867 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml [2013.04.10 19:58:48 | 000,377,856 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe [2013.04.10 19:40:59 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.04.10 17:47:36 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.04.10 17:47:36 | 000,002,177 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.04.10 16:46:48 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.04.10 14:35:11 | 000,000,432 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.04.10 13:56:49 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.10 13:45:32 | 000,421,080 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.10 13:23:13 | 000,000,751 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2013.04.10 13:01:46 | 000,001,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013.04.10 13:01:46 | 000,001,073 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2013.04.01 01:07:52 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.04.01 01:07:23 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013.03.31 20:39:41 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2013.03.31 07:57:57 | 000,001,894 | ---- | C] () -- C:\Users\***\Desktop\IrfanView Thumbnails.lnk [2013.03.31 07:57:57 | 000,001,006 | ---- | C] () -- C:\Users\***\Desktop\IrfanView.lnk [2013.03.30 08:30:59 | 000,001,154 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.30 08:30:58 | 000,001,150 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.24 13:08:35 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf [2013.03.02 11:23:26 | 000,054,769 | ---- | C] () -- C:\Program Files\blocklist.xml [2013.02.27 22:19:27 | 000,119,808 | ---- | C] () -- C:\Program Files\waiting.avi [2013.02.27 22:19:27 | 000,027,278 | ---- | C] () -- C:\Program Files\frw.bmp [2013.02.27 22:19:27 | 000,016,296 | ---- | C] () -- C:\Program Files\realtfon.fon [2013.02.27 22:19:27 | 000,002,851 | ---- | C] () -- C:\Program Files\cdroms.cfg [2013.02.27 22:19:26 | 000,067,473 | ---- | C] () -- C:\Program Files\realplay.chm [2013.02.27 22:19:26 | 000,057,762 | ---- | C] () -- C:\Program Files\howto.chm [2013.02.27 22:19:22 | 000,476,724 | ---- | C] () -- C:\Program Files\converter.vs [2013.02.27 22:19:21 | 000,045,428 | ---- | C] () -- C:\Program Files\sharemedia.vs [2013.02.27 22:19:21 | 000,001,209 | ---- | C] () -- C:\Program Files\flvplay.swf [2013.02.27 22:19:20 | 000,033,157 | ---- | C] () -- C:\Program Files\RealNetworks License.html [2013.02.27 22:19:20 | 000,033,157 | ---- | C] () -- C:\Program Files\playrlic.html [2013.02.27 22:19:19 | 001,109,362 | ---- | C] () -- C:\Program Files\normal.vs [2013.02.27 22:19:19 | 000,061,495 | ---- | C] () -- C:\Program Files\ssimages.vs [2013.02.27 22:19:19 | 000,000,480 | ---- | C] () -- C:\Program Files\keys.dat [2013.02.27 22:19:16 | 000,001,161 | ---- | C] () -- C:\Program Files\autoplaylist.dat [2013.02.27 22:19:16 | 000,000,043 | ---- | C] () -- C:\Program Files\strs23.dat [2013.02.27 22:19:16 | 000,000,013 | ---- | C] () -- C:\Program Files\strs26.dat [2013.02.27 22:19:15 | 000,427,405 | ---- | C] () -- C:\Program Files\calibrate.rv [2013.02.27 22:19:15 | 000,017,846 | ---- | C] () -- C:\Program Files\videotest.rm [2013.02.27 22:19:15 | 000,000,221 | ---- | C] () -- C:\Program Files\subscription.rnx [2013.02.27 22:19:15 | 000,000,177 | ---- | C] () -- C:\Program Files\freeoffers.rnx [2013.02.26 16:38:49 | 009,643,305 | ---- | C] () -- C:\Program Files\omni.ja [2013.02.26 16:38:49 | 003,069,848 | ---- | C] () -- C:\Program Files\mozjs.dll [2013.02.26 16:38:49 | 000,036,107 | ---- | C] () -- C:\Program Files\removed-files [2013.02.26 16:38:49 | 000,001,723 | ---- | C] () -- C:\Program Files\precomplete [2013.02.26 16:38:49 | 000,001,245 | ---- | C] () -- C:\Program Files\updater.ini [2013.02.26 16:38:49 | 000,000,899 | ---- | C] () -- C:\Program Files\softokn3.chk [2013.02.26 16:38:49 | 000,000,899 | ---- | C] () -- C:\Program Files\nssdbm3.chk [2013.02.26 16:38:49 | 000,000,899 | ---- | C] () -- C:\Program Files\freebl3.chk [2013.02.26 16:38:49 | 000,000,142 | ---- | C] () -- C:\Program Files\platform.ini [2013.02.26 16:38:49 | 000,000,132 | ---- | C] () -- C:\Program Files\update-settings.ini [2013.02.26 16:38:48 | 000,004,284 | ---- | C] () -- C:\Program Files\crashreporter.ini [2013.02.26 16:38:48 | 000,000,706 | ---- | C] () -- C:\Program Files\crashreporter-override.ini [2013.02.26 16:38:48 | 000,000,463 | ---- | C] () -- C:\Program Files\application.ini [2013.02.26 16:38:48 | 000,000,183 | ---- | C] () -- C:\Program Files\dependentlibs.list [2013.02.21 14:33:36 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2013.02.20 03:21:52 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2013.02.20 03:04:46 | 009,539,515 | ---- | C] () -- C:\Program Files (x86)\Minianwendungen-fuer-Windows-8-DE-x64.zip [2013.02.20 00:22:51 | 097,375,792 | ---- | C] () -- C:\Program Files (x86)\MM82-G-319.exe [2013.02.19 22:04:17 | 000,000,333 | ---- | C] () -- C:\Windows\BRCALIB.INI [2012.12.14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.12.14 02:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.12.14 02:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.10.31 06:22:12 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2012.10.31 06:22:12 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2012.07.29 03:20:07 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== ZeroAccess Check ========== [2013.02.20 00:34:46 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.03.02 04:45:01 | 019,748,864 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.03.02 10:23:07 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > VG, ansuno Geändert von ansuno (11.04.2013 um 13:44 Uhr) |
|
11.04.2013, 13:58
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor-Trojaner Bublik.B, Worm Gamarue.I: PUM.UserWLoad entfernen etc. Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.04.2013, 21:09
| #9 |
| | Backdoor-Trojaner Bublik.B, Worm Gamarue.I: PUM.UserWLoad entfernen etc. Hallo cosinus, hier die Logs; etwas später, weil ich zur Arbeit mußte und ESEt länger brauchte. MBAR Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org
Database version: v2013.04.11.07
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16540
*** :: ABC [administrator]
11.04.2013 16:10:50
mbar-log-2013-04-11 (16-10-50).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29517
Time elapsed: 3 minute(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=cbf694134d8ab646a1e5788b972a4cc5
# engine=13597
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-11 05:12:41
# local_time=2013-04-11 07:12:41 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=3592 16777213 100 91 628252 116362857 0 0
# compatibility_mode=5893 16776574 100 94 2115685 6289460 0 0
# scanned=344602
# found=10
# cleaned=0
# scan_time=10497
sh=3B232FFEE48A9235B2ABDB7F780898B99C881B9A ft=1 fh=a69526e0f5d72c42 vn="a variant of Win32/Adware.ToolPlugin.A application" ac=I fn="C:\Users\***\Documents\Work\Akquise\Sem_TNU_TLF\Mimik_Körpersprache\FACS\FACS_Theorie\Artikel etc\vlc-1.1.7-win32.exe"
sh=3B232FFEE48A9235B2ABDB7F780898B99C881B9A ft=1 fh=a69526e0f5d72c42 vn="a variant of Win32/Adware.ToolPlugin.A application" ac=I fn="C:\Users\***\Documents\Work\FACS_Theorie\Artikel etc\vlc-1.1.7-win32.exe"
sh=85579A5C403A69AF4C9AAA10689C054D2A662777 ft=1 fh=cbe7bc02f2e4e91b vn="Win32/Adware.1ClickDownload application" ac=I fn="C:\Users\***\Music\Hörbücher\Rebecca_by_Daphne_du_Maurier_Unabdridged_Audiobook_mp3_SpT.exe"
sh=3B232FFEE48A9235B2ABDB7F780898B99C881B9A ft=1 fh=a69526e0f5d72c42 vn="a variant of Win32/Adware.ToolPlugin.A application" ac=I fn="F:\Laufwerk D 111027\Lokaler Datenträger\$RECYCLE.BIN\S-1-5-21-1225226380-3579147282-3528913073-1000\$RBWV4DD.exe"
sh=85579A5C403A69AF4C9AAA10689C054D2A662777 ft=1 fh=cbe7bc02f2e4e91b vn="Win32/Adware.1ClickDownload application" ac=I fn="F:\Transfer PC\Music\Hörbücher\Rebecca_by_Daphne_du_Maurier_Unabdridged_Audiobook_mp3_SpT.exe"
sh=3B232FFEE48A9235B2ABDB7F780898B99C881B9A ft=1 fh=a69526e0f5d72c42 vn="a variant of Win32/Adware.ToolPlugin.A application" ac=I fn="F:\Transfer PC\Work\Akquise\Sem_TNU_TLF\Mimik_Körpersprache\FACS\FACS_Theorie\Artikel etc\vlc-1.1.7-win32.exe"
sh=3B232FFEE48A9235B2ABDB7F780898B99C881B9A ft=1 fh=a69526e0f5d72c42 vn="a variant of Win32/Adware.ToolPlugin.A application" ac=I fn="F:\Transfer PC\Work\FACS_Theorie\Artikel etc\vlc-1.1.7-win32.exe"
sh=85579A5C403A69AF4C9AAA10689C054D2A662777 ft=1 fh=cbe7bc02f2e4e91b vn="Win32/Adware.1ClickDownload application" ac=I fn="F:\FileHistory\***\ABC\Data\C\Users\***\Music\Hörbücher\Rebecca_by_Daphne_du_Maurier_Unabdridged_Audiobook_mp3_SpT (2013_03_03 19_48_25 UTC).exe"
sh=3B232FFEE48A9235B2ABDB7F780898B99C881B9A ft=1 fh=a69526e0f5d72c42 vn="a variant of Win32/Adware.ToolPlugin.A application" ac=I fn="F:\FileHistory\***\ABC\Data\C\Users\***\Documents\Work\FACS_Theorie\Artikel etc\vlc-1.1.7-win32 (2013_03_03 19_48_25 UTC).exe"
sh=3B232FFEE48A9235B2ABDB7F780898B99C881B9A ft=1 fh=a69526e0f5d72c42 vn="a variant of Win32/Adware.ToolPlugin.A application" ac=I fn="F:\FileHistory\***\ABC\Data\C\Users\***\Documents\Work\Akquise\Sem_TNU_TLF\Mimik_Körpersprache\FACS\FACS_Theorie\Artikel etc\vlc-1.1.7-win32 (2013_03_03 19_48_25 UTC).exe"
VG und gute Nacht ;-), ansuno |
|
12.04.2013, 13:20
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor-Trojaner Bublik.B, Worm Gamarue.I: PUM.UserWLoad entfernen etc. Du solltest Malwarebytes Anti-Malware (MBAM) ausführen, nicht MBAR Mach bitte einen Quickscan mit MBAM
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.04.2013, 17:47
| #11 |
| | Backdoor-Trojaner Bublik.B, Worm Gamarue.I: PUM.UserWLoad entfernen etc. Oh Entschuldigung, das kommmt davon, wenn man schnell noch etwas machen will, obwohl man schon halb aus der Tür ist  Code:
ATTFilter Internet Explorer 10.0.9200.16540
*** :: ABC [Administrator]
12.04.2013 18:41:21
mbam-log-2013-04-12 (18-41-21).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 211181
Laufzeit: 1 Minute(n), 18 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)
|
|
13.04.2013, 12:58
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor-Trojaner Bublik.B, Worm Gamarue.I: PUM.UserWLoad entfernen etc. Warum postest du das Log nicht vollständig? 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.04.2013, 13:06
| #13 |
| | Backdoor-Trojaner Bublik.B, Worm Gamarue.I: PUM.UserWLoad entfernen etc.Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.10.06 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16540 *** :: ABC [Administrator] 12.04.2013 18:41:21 mbam-log-2013-04-12 (18-41-21).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 211181 Laufzeit: 1 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
13.04.2013, 15:27
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor-Trojaner Bublik.B, Worm Gamarue.I: PUM.UserWLoad entfernen etc.Code:
ATTFilter "C:\Users\***\Music\Hörbücher\Rebecca_by_Daphne_du_Maurier_Unabdridged_Audiobook_mp3_SpT.exe"
"F:\Transfer PC\Music\Hörbücher\Rebecca_by_Daphne_du_Maurier_Unabdridged_Audiobook_mp3_SpT.exe"
"F:\FileHistory\***\ABC\Data\C\Users\***\Music\Hörbücher\Rebecca_by_Daphne_du_Maurier_Unabdridged_Audiobook_mp3_SpT (2013_03_03 19_48_25 UTC).exe"
Code:
ATTFilter "C:\Users\***\Documents\Work\FACS_Theorie\Artikel etc\vlc-1.1.7-win32.exe"
"C:\Users\***\Documents\Work\Akquise\Sem_TNU_TLF\Mimik_Körpersprache\FACS\FACS_Theorie\Artikel etc\vlc-1.1.7-win32.exe"
"F:\FileHistory\***\ABC\Data\C\Users\***\Documents\Work\FACS_Theorie\Artikel etc\vlc-1.1.7-win32 (2013_03_03 19_48_25 UTC).exe"
"F:\FileHistory\***\ABC\Data\C\Users\***\Documents\Work\Akquise\Sem_TNU_TLF\Mimik_Körpersprache\FACS\FACS_Theorie\Artikel etc\vlc-1.1.7-win32 (2013_03_03 19_48_25 UTC).exe"
"F:\Transfer PC\Work\Akquise\Sem_TNU_TLF\Mimik_Körpersprache\FACS\FACS_Theorie\Artikel etc\vlc-1.1.7-win32.exe"
"F:\Transfer PC\Work\FACS_Theorie\Artikel etc\vlc-1.1.7-win32.exe"
 Code:
ATTFilter "F:\Laufwerk D 111027\Lokaler Datenträger\$RECYCLE.BIN\S-1-5-21-1225226380-3579147282-3528913073-1000\$RBWV4DD.exe"
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.04.2013, 17:33
| #15 |
| | Backdoor-Trojaner Bublik.B, Worm Gamarue.I: PUM.UserWLoad entfernen etc. Danke für die Tipps, ich räume auf. Trojaner scheint weg zu sein?! |
|
| Themen zu Backdoor-Trojaner Bublik.B, Worm Gamarue.I: PUM.UserWLoad entfernen etc. |
| backdoor trojaner bublik.b, defender, error, gamarue.i, harddisk, logfile, neu aufsetzen, pum.userwload, realplayer, registry, safer networking, security, software, symantec, system volume information, temp, trojan:win32/bublik.b, win32/adware.1clickdownload, win32/adware.toolplugin.a, win32k.sys, windows, winlogon, worm:win32/gamarue.i |
Linear-Darstellung
