Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Fud Trojaner aufn Pc (https://www.trojaner-board.de/124344-fud-trojaner-aufn-pc.html)

sHaXi 19.09.2012 17:15
Fud Trojaner aufn Pc
 
hallo an alle ich habe ein sehr großes problem ich habe ein virus aufn pc der kann alles mit mir machen der schreibt soga mit mir der hacker oda virus auf jeden fall möchte ich nicht mein pc formatieren gibs ne lösung denn virus zu entfernen der sagt der hat denn gecryptet und der fud ist er hat mich jetzt für immer auf sein pc sagt er bitte um hilfe :heulen::heulen:

cosinus 19.09.2012 20:36
Zitat:
ich habe ein virus aufn pc
Was soll man mit so einem Posting anfangen? :balla:
Soll unsere Glaskugel erraten was auf deinem PC schlummert oder machst du dir mal die Mühe die Funde und alle anderen notwendigen Angaben zu posten?!

http://www.trojaner-board.de/images/icons/icon4.gif Bitte beachten http://www.trojaner-board.de/images/icons/icon4.gif => http://www.trojaner-board.de/95173-b...es-posten.html und http://www.trojaner-board.de/69886-a...-beachten.html

sHaXi 19.09.2012 21:34
HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:33:30, on 19.09.2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\EslWire\inGame32.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.95\deploy\LoLLauncher.exe
C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.203\deploy\LolClient.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\sHaXx\Downloads\HiJackThis(1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=cqde&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: icqBHO - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\bh\facemoods.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodsTlbr.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
O3 - Toolbar: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe" /md I
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Guard.Mail.ru.gui] "C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe" /gui
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [ESL Wire] "C:\Program Files\EslWire\wire.exe" --tray
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\sHaXx\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.7\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_3C94143684EBDCB38A44E45CF67FD0DC] "C:\Users\sHaXx\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O8 - Extra context menu item: Free YouTube Download - C:\Users\sHaXx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESL Wire Helper Service (EslWireHelper) - Unknown owner - C:\Program Files\EslWire\service\WireHelperSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Guard.Mail.ru - Unknown owner - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Motorola Device Manager Service (Motorola Device Manager) - Unknown owner - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PST Service - Motorola - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11846 bytes
--- --- ---

cosinus 20.09.2012 10:26
AUman ich poste extra was du machen sollst und was du nicht machen sollst und trotzdem kommt ein Hijackthis-Log :headbang: :stirn: :mad:

Bitte keine Hijackthis-Logfiles posten!!!

Zitat:
Zitat von Larusso (Beitrag 614538)
Uns ist klar, dass HijackThis wahrscheinlich eines der bekanntesten Analysetools ist.
Jedoch scannt es nur noch sehr oberflächlich und gibt uns für eine genaue Analyse eures Systems zu wenig Informationen.

Darum, bitte keine HijackThis Logfiles posten, sondern folgendes lesen und abarbeiten.

http://www.trojaner-board.de/69886-a...-beachten.html

Nur mit diesen Informationen können wir euch helfen.

Danke :daumenhoc

sHaXi 20.09.2012 15:05
tut mir leid bin nur so fertig es nervt :-( ich lade dir gleich otl log hoch sry noch ma

OTL Logfile:
Code:
OTL logfile created on: 20.09.2012 16:02:18 - Run 2
OTL by OldTimer - Version 3.2.64.0    Folder = C:\Users\sHaXx\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 28,03% Memory free
12,00 Gb Paging File | 6,28 Gb Available in Paging File | 52,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397,16 Gb Total Space | 1054,45 Gb Free Space | 75,47% Space Free | Partition Type: NTFS
 
Computer Name: SHAXX-PC | User Name: sHaXx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\sHaXx\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\EslWire\inGame32.exe ()
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe ()
PRC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
PRC - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\EslWire\NocIPC32.dll ()
MOD - C:\Programme\EslWire\inGame32.exe ()
MOD - C:\Programme\EslWire\inGame32.dll ()
MOD - C:\Users\sHaXx\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\sHaXx\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll ()
MOD - C:\Users\sHaXx\AppData\Local\Google\Chrome\Application\21.0.1180.89\avutil-51.dll ()
MOD - C:\Users\sHaXx\AppData\Local\Google\Chrome\Application\21.0.1180.89\avformat-54.dll ()
MOD - C:\Users\sHaXx\AppData\Local\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll ()
MOD - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe ()
MOD - C:\Users\sHaXx\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\105f615826ef408381c06be8ab5384cc\PresentationFramework.Classic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (EslWireHelper) -- C:\Programme\EslWire\service\WireHelperSvc.exe ()
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (Motorola Device Manager) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Guard.Mail.ru) -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SearchAnonymizer) -- C:\Users\sHaXx\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (PST Service) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GEST Service) -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (ESLWireAC) -- C:\Windows\SysNative\drivers\ESLWireACD.sys (<Turtle Entertainment>)
DRV:64bit: - (ssudobex) -- C:\Windows\SysNative\drivers\ssudobex.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (motccgp) -- C:\Windows\SysNative\drivers\motccgp.sys (Motorola Mobility Inc)
DRV:64bit: - (Motousbnet) -- C:\Windows\SysNative\drivers\Motousbnet.sys (Motorola Mobility Inc)
DRV:64bit: - (MotoSwitchService) -- C:\Windows\SysNative\drivers\motswch.sys (Motorola)
DRV:64bit: - (motmodem) -- C:\Windows\SysNative\drivers\motmodem.sys (Motorola Mobility Inc)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (EuMusDesignVirtualAudioCableWdm) -- C:\Windows\SysNative\drivers\vrtaucbl.sys (Eugene V. Muzychenko)
DRV:64bit: - (motccgpfl) -- C:\Windows\SysNative\drivers\motccgpfl.sys (Motorola Mobility Inc)
DRV:64bit: - (ESLvnic1) -- C:\Windows\SysNative\drivers\ESLvnic.sys (Turtle Entertainment GmbH)
DRV:64bit: - (motusbdevice) -- C:\Windows\SysNative\drivers\motusbdevice.sys (Motorola Inc)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (ANDModem) -- C:\Windows\SysNative\drivers\lgandmodem64.sys (LG Electronics Inc.)
DRV:64bit: - (AndDiag) -- C:\Windows\SysNative\drivers\lganddiag64.sys (LG Electronics Inc.)
DRV:64bit: - (AndGps) -- C:\Windows\SysNative\drivers\lgandgps64.sys (LG Electronics Inc.)
DRV:64bit: - (Andbus) -- C:\Windows\SysNative\drivers\lgandbus64.sys (LG Electronics Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys (Screaming Bee LLC)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ValFltr) -- C:\Windows\SysNative\drivers\ValoFltr.sys (ROCCAT Development, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (hidusbf) -- C:\Windows\SysNative\drivers\hidusbf.sys (SweetLow)
DRV:64bit: - (BTCFilterService) -- C:\Windows\SysNative\drivers\motfilt.sys (Motorola Inc)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=cqde&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {8BE30047-DDB1-4C02-965D-D3A2DE911D4F}
IE - HKCU\..\SearchScopes\{03770B97-9285-4E4C-AD37-1CD3268F4D25}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=e4e1a7cf-254b-435a-af61-b05bbffc0841&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=e4e1a7cf-254b-435a-af61-b05bbffc0841&pid=icqt&k=0
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com.anonymize-me.de/?anonymto=687474703A2F2F73746172742E666163656D6F6F64732E636F6D2F3F613D6371646526733D7B7365617263685465726D737D26663D34&st={searchTerms}&clid=e4e1a7cf-254b-435a-af61-b05bbffc0841&pid=icqt&k=0
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109989&babsrc=SP_ss&mntrId=a670a23700000000000000ff01000001
IE - HKCU\..\SearchScopes\{3AC81621-89B3-474C-8C51-425CF7210F4F}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=e4e1a7cf-254b-435a-af61-b05bbffc0841&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{4405782A-DE5A-47B6-8961-68D5014B9F8D}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=e4e1a7cf-254b-435a-af61-b05bbffc0841&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{8BE30047-DDB1-4C02-965D-D3A2DE911D4F}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\..\SearchScopes\{C6B171EF-34E7-4277-BBC9-AD80924B689E}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=e4e1a7cf-254b-435a-af61-b05bbffc0841&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{DD97C082-0728-4EFE-A2B8-5DD2E38329A9}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=e4e1a7cf-254b-435a-af61-b05bbffc0841&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{F8F664D5-3694-4C99-98A7-05C41A33884F}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=e4e1a7cf-254b-435a-af61-b05bbffc0841&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}: "URL" = [String data over 1000 bytes]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledAddons: ytd@mybrowserbar.com:6.2
FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:1.5.3
FF - prefs.js..extensions.enabledAddons: testpilot@labs.mozilla.com:1.2.2
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\sHaXx\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\sHaXx\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.29 16:31:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.15 16:14:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.08 07:18:11 | 000,000,000 | ---D | M]
 
[2011.12.29 17:07:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sHaXx\AppData\Roaming\mozilla\Extensions
[2012.09.12 06:30:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sHaXx\AppData\Roaming\mozilla\Firefox\Profiles\tyb2pg95.default\extensions
[2012.07.25 20:06:46 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\sHaXx\AppData\Roaming\mozilla\Firefox\Profiles\tyb2pg95.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.01.07 18:15:48 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\sHaXx\AppData\Roaming\mozilla\Firefox\Profiles\tyb2pg95.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.09.12 06:30:41 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\sHaXx\AppData\Roaming\mozilla\firefox\profiles\tyb2pg95.default\extensions\testpilot@labs.mozilla.com.xpi
[2012.07.27 09:03:34 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\sHaXx\AppData\Roaming\mozilla\firefox\profiles\tyb2pg95.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.17 08:04:48 | 000,000,950 | ---- | M] () -- C:\Users\sHaXx\AppData\Roaming\mozilla\firefox\profiles\tyb2pg95.default\searchplugins\icqplugin-1.xml
[2012.08.19 21:48:50 | 000,000,950 | ---- | M] () -- C:\Users\sHaXx\AppData\Roaming\mozilla\firefox\profiles\tyb2pg95.default\searchplugins\icqplugin-2.xml
[2012.07.19 01:28:47 | 000,000,950 | ---- | M] () -- C:\Users\sHaXx\AppData\Roaming\mozilla\firefox\profiles\tyb2pg95.default\searchplugins\icqplugin-3.xml
[2012.04.25 16:28:53 | 000,000,950 | ---- | M] () -- C:\Users\sHaXx\AppData\Roaming\mozilla\firefox\profiles\tyb2pg95.default\searchplugins\icqplugin-4.xml
[2012.06.06 18:18:50 | 000,000,950 | ---- | M] () -- C:\Users\sHaXx\AppData\Roaming\mozilla\firefox\profiles\tyb2pg95.default\searchplugins\icqplugin-5.xml
[2012.06.17 00:26:11 | 000,000,950 | ---- | M] () -- C:\Users\sHaXx\AppData\Roaming\mozilla\firefox\profiles\tyb2pg95.default\searchplugins\icqplugin-6.xml
[2012.08.26 22:49:45 | 000,000,950 | ---- | M] () -- C:\Users\sHaXx\AppData\Roaming\mozilla\firefox\profiles\tyb2pg95.default\searchplugins\icqplugin-7.xml
[2012.09.08 08:10:58 | 000,000,950 | ---- | M] () -- C:\Users\sHaXx\AppData\Roaming\mozilla\firefox\profiles\tyb2pg95.default\searchplugins\icqplugin-8.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\sHaXx\AppData\Roaming\mozilla\firefox\profiles\tyb2pg95.default\searchplugins\icqplugin.xml
[2012.09.08 07:18:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.15 16:14:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2012.07.30 19:19:27 | 000,000,000 | ---D | M] (YTD Toolbar) -- C:\PROGRAM FILES (X86)\YTD TOOLBAR\FF
[2012.09.15 16:14:08 | 000,260,576 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.08.15 11:30:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.05 22:59:09 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.08.15 11:30:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.15 11:30:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.29 17:07:04 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.08.15 11:30:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.15 11:30:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.15 11:30:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: ICQ.com Suche
CHR - default_search_provider: ICQ Search (Enabled)
CHR - default_search_provider: search_url = hxxp://search.icq.com/search/results.php?ch_id=osd&q={searchTerms}&icid=chrome
CHR - default_search_provider: suggest_url =
CHR - homepage: ICQ.com Suche
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\sHaXx\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\sHaXx\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\sHaXx\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\sHaXx\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\sHaXx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\sHaXx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Facemoods = C:\Users\sHaXx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.6.0_0\
CHR - Extension: Facemoods = C:\Users\sHaXx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.6.0_0\facemoods\
CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\sHaXx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\
CHR - Extension: Mehr Leistung und Videoformate f\\u00FCr dein HTML5 \\u003Cvideo\\u003E = C:\Users\sHaXx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\sHaXx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\sHaXx\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [ESL Wire] C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH)
O4 - HKCU..\Run: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\sHaXx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\sHaXx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC43A16D-8A88-4F40-AC22-F0DDB3DEEC01}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\gest.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\help.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\gest.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\help.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{065437ed-3323-11e1-8be5-00ff01000001}\Shell - "" = AutoRun
O33 - MountPoints2\{065437ed-3323-11e1-8be5-00ff01000001}\Shell\AutoRun\command - "" = E:\ZTE_Handset_USB_Driver.exe
O33 - MountPoints2\{352d2204-2f51-11e1-89da-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{352d2204-2f51-11e1-89da-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Run.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.19 17:37:38 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.09.19 17:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.09.19 17:37:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.09.19 16:05:46 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\Documents\Simply Super Software
[2012.09.19 16:05:46 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\AppData\Roaming\Simply Super Software
[2012.09.19 16:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012.09.19 16:05:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2012.09.19 16:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.09.18 20:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartPCFixer
[2012.09.18 20:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\SmartPCFixer
[2012.09.18 19:38:13 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\AppData\Local\Dögel_IT-Management
[2012.09.18 19:38:03 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\Documents\Neuer Ordner (4)
[2012.09.18 19:33:28 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\AppData\Local\Dögel_GmbH
[2012.09.18 19:22:23 | 000,000,000 | ---D | C] -- C:\Capture
[2012.09.18 19:21:10 | 020,789,760 | ---- | C] (Dögel GmbH) -- C:\Users\sHaXx\Documents\Evalaze_Free_2.0.2.12.exe
[2012.09.18 18:16:10 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\Documents\Neuer Ordner (3)
[2012.09.18 17:56:26 | 000,000,000 | R--D | C] -- C:\Sandbox
[2012.09.17 08:33:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TERA
[2012.09.17 08:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA
[2012.09.17 08:33:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TERA
[2012.09.13 14:39:07 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\AppData\Roaming\Process Hacker 2
[2012.09.10 17:42:42 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\Documents\TheMoonCrypter
[2012.09.08 07:18:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.09.06 16:46:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\[S.P.Y]
[2012.09.05 21:58:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\hacksss
[2012.09.03 21:37:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhrozenSoft
[2012.09.03 21:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DarkComet RAT Remover
[2012.09.03 21:35:50 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\Documents\DArkcomet
[2012.09.01 15:42:10 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crypter
[2012.09.01 15:42:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Crypter
[2012.09.01 15:05:41 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\Documents\Dialy Crypter
[2012.09.01 14:31:55 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\Documents\BLACKOUT CRYPTER
[2012.09.01 14:27:19 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Executable File Icons Changer
[2012.09.01 14:27:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ExeIco
[2012.09.01 14:19:20 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sib Icon Extractor
[2012.09.01 14:19:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sib Icon Extractor
[2012.09.01 03:12:35 | 000,405,152 | ---- | C] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
[2012.09.01 02:03:58 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\Documents\Biggest Windows 7's icons pack created by NhatPG
[2012.09.01 00:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker
[2012.09.01 00:54:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Resource Hacker
[2012.09.01 00:42:18 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\Documents\Neuer Ordner (2)
[2012.09.01 00:27:44 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\AppData\Local\Vitalwerks
[2012.08.31 23:34:09 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\Documents\Neuer Ordner
[2012.08.31 23:31:48 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC
[2012.08.31 23:31:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\No-IP
[2012.08.26 15:25:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.08.21 18:09:27 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\Documents\osiiiiii
[2012.08.21 18:09:01 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\Documents\devn
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.20 16:00:44 | 000,028,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.20 16:00:44 | 000,028,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.20 15:53:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.20 15:52:52 | 535,683,071 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.20 08:11:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1065711958-1204936007-2722131100-1001UA.job
[2012.09.20 03:11:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1065711958-1204936007-2722131100-1001Core.job
[2012.09.19 17:37:38 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.09.19 17:07:25 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.09.19 16:49:27 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.09.19 15:42:13 | 000,001,764 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012.09.18 20:52:11 | 000,000,860 | ---- | M] () -- C:\Users\Public\Desktop\SmartPCFixer.lnk
[2012.09.18 18:51:20 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\DarkComet Remover.lnk
[2012.09.18 18:44:38 | 015,356,774 | ---- | M] () -- C:\Users\sHaXx\Documents\DArkcomet.rar
[2012.09.18 18:22:52 | 000,000,003 | ---- | M] () -- C:\Users\Public\Documents\vaLNOR2
[2012.09.15 16:09:56 | 000,004,711 | ---- | M] () -- C:\Users\sHaXx\Documents\ipod2
[2012.09.15 16:08:30 | 000,000,218 | ---- | M] () -- C:\Users\sHaXx\Documents\ipodd
[2012.09.14 14:34:38 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.14 14:34:38 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.14 14:34:38 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.14 14:34:38 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.14 14:34:38 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.13 15:33:50 | 000,048,387 | ---- | M] () -- C:\Users\sHaXx\Documents\assy^^
[2012.09.13 09:37:52 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.12 23:30:24 | 000,006,568 | ---- | M] () -- C:\Users\sHaXx\Documents\looooooooooooooool
[2012.09.12 23:20:31 | 000,000,212 | ---- | M] () -- C:\Users\sHaXx\Documents\muahahahaa
[2012.09.09 21:10:39 | 000,007,277 | ---- | M] () -- C:\Users\sHaXx\Documents\Logs.dat
[2012.09.09 20:52:51 | 000,307,907 | ---- | M] () -- C:\Users\sHaXx\Documents\Cs.GOKeYs.rar
[2012.09.08 08:38:23 | 000,011,762 | ---- | M] () -- C:\Users\sHaXx\Documents\skgaming.rar
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.06 19:39:45 | 000,000,059 | ---- | M] () -- C:\Users\sHaXx\Documents\hehehee
[2012.09.05 21:18:55 | 000,000,145 | ---- | M] () -- C:\Users\sHaXx\Desktop\datas
[2012.09.05 00:00:22 | 000,000,779 | ---- | M] () -- C:\Users\Public\Desktop\ESL Wire.lnk
[2012.09.04 23:06:02 | 000,002,453 | ---- | M] () -- C:\Users\sHaXx\Desktop\Google Chrome.lnk
[2012.09.04 10:12:44 | 000,147,472 | ---- | M] (<Turtle Entertainment>) -- C:\Windows\SysNative\drivers\ESLWireACD.sys
[2012.09.03 05:15:49 | 000,149,932 | -H-- | M] () -- C:\Users\sHaXx\AppData\Roaming\sHaXxlog.dat
[2012.09.02 01:30:19 | 000,000,202 | ---- | M] () -- C:\Users\sHaXx\Desktop\War of the Immortals.url
[2012.09.02 00:23:31 | 000,000,219 | ---- | M] () -- C:\Users\sHaXx\Desktop\Counter-Strike Source Beta.url
[2012.09.01 15:42:10 | 000,000,987 | ---- | M] () -- C:\Users\sHaXx\Desktop\Crypter.lnk
[2012.09.01 14:27:19 | 000,001,871 | ---- | M] () -- C:\Users\sHaXx\Desktop\Executable File Icons Changer.lnk
[2012.09.01 14:27:19 | 000,000,022 | ---- | M] () -- C:\Windows\SysWow64\mseixml.sei
[2012.09.01 14:27:19 | 000,000,022 | ---- | M] () -- C:\Windows\mseixml.sei
[2012.09.01 14:27:19 | 000,000,002 | ---- | M] () -- C:\Users\sHaXx\Documents\eisavedicon.bmp
[2012.09.01 14:19:20 | 000,001,086 | ---- | M] () -- C:\Users\sHaXx\Desktop\Sib Icon Extractor.lnk
[2012.09.01 03:12:36 | 000,001,306 | ---- | M] () -- C:\Users\sHaXx\Desktop\Free YouTube Download.lnk
[2012.08.29 02:37:09 | 000,000,219 | ---- | M] () -- C:\Users\sHaXx\Desktop\Counter-Strike Global Offensive.url
[2012.08.29 02:37:09 | 000,000,216 | ---- | M] () -- C:\Users\sHaXx\Desktop\Counter-Strike Global Offensive - SDK.url
[2012.08.26 15:25:24 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.08.24 15:58:36 | 000,405,152 | ---- | M] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.19 17:37:38 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.09.19 17:07:00 | 000,274,464 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.09.18 20:52:11 | 000,000,860 | ---- | C] () -- C:\Users\Public\Desktop\SmartPCFixer.lnk
[2012.09.18 18:51:20 | 000,001,178 | ---- | C] () -- C:\Users\Public\Desktop\DarkComet Remover.lnk
[2012.09.18 18:44:34 | 015,356,774 | ---- | C] () -- C:\Users\sHaXx\Documents\DArkcomet.rar
[2012.09.18 18:42:27 | 000,000,003 | ---- | C] () -- C:\Users\Public\Documents\vaLNOR2
[2012.09.18 17:55:25 | 000,001,764 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.09.15 16:09:56 | 000,004,711 | ---- | C] () -- C:\Users\sHaXx\Documents\ipod2
[2012.09.15 16:08:30 | 000,000,218 | ---- | C] () -- C:\Users\sHaXx\Documents\ipodd
[2012.09.13 15:33:50 | 000,048,387 | ---- | C] () -- C:\Users\sHaXx\Documents\assy^^
[2012.09.12 23:30:24 | 000,006,568 | ---- | C] () -- C:\Users\sHaXx\Documents\looooooooooooooool
[2012.09.12 23:20:31 | 000,000,212 | ---- | C] () -- C:\Users\sHaXx\Documents\muahahahaa
[2012.09.09 20:52:51 | 000,307,907 | ---- | C] () -- C:\Users\sHaXx\Documents\Cs.GOKeYs.rar
[2012.09.08 08:38:22 | 000,011,762 | ---- | C] () -- C:\Users\sHaXx\Documents\skgaming.rar
[2012.09.06 19:39:45 | 000,000,059 | ---- | C] () -- C:\Users\sHaXx\Documents\hehehee
[2012.09.05 21:18:55 | 000,000,145 | ---- | C] () -- C:\Users\sHaXx\Desktop\datas
[2012.09.04 01:59:03 | 000,007,277 | ---- | C] () -- C:\Users\sHaXx\Documents\Logs.dat
[2012.09.02 01:30:19 | 000,000,202 | ---- | C] () -- C:\Users\sHaXx\Desktop\War of the Immortals.url
[2012.09.02 00:23:31 | 000,000,219 | ---- | C] () -- C:\Users\sHaXx\Desktop\Counter-Strike Source Beta.url
[2012.09.01 15:42:10 | 000,000,987 | ---- | C] () -- C:\Users\sHaXx\Desktop\Crypter.lnk
[2012.09.01 14:27:19 | 000,001,871 | ---- | C] () -- C:\Users\sHaXx\Desktop\Executable File Icons Changer.lnk
[2012.09.01 14:27:19 | 000,000,022 | ---- | C] () -- C:\Windows\SysWow64\mseixml.sei
[2012.09.01 14:27:19 | 000,000,022 | ---- | C] () -- C:\Windows\mseixml.sei
[2012.09.01 14:27:19 | 000,000,002 | ---- | C] () -- C:\Users\sHaXx\Documents\eisavedicon.bmp
[2012.09.01 14:19:20 | 000,001,086 | ---- | C] () -- C:\Users\sHaXx\Desktop\Sib Icon Extractor.lnk
[2012.08.29 02:37:09 | 000,000,219 | ---- | C] () -- C:\Users\sHaXx\Desktop\Counter-Strike Global Offensive.url
[2012.08.29 02:37:09 | 000,000,216 | ---- | C] () -- C:\Users\sHaXx\Desktop\Counter-Strike Global Offensive - SDK.url
[2012.08.26 15:25:24 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.08.26 15:25:24 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.07.09 00:28:52 | 000,282,696 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.07.09 00:28:46 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.07.09 00:28:45 | 003,166,792 | ---- | C] () -- C:\Windows\SysWow64\PBSVC.EXE
[2012.07.03 23:05:56 | 001,277,976 | ---- | C] () -- C:\Program Files (x86)\fotoflo.jpg
[2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.05.23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.05.23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.05.23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.05.23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.03.14 19:04:44 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.03.09 06:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.03.09 06:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.12.26 21:03:22 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2011.12.26 21:03:22 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011.12.26 20:17:26 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2011.12.26 18:41:56 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.12.26 01:55:37 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2006.01.29 20:15:38 | 000,149,932 | -H-- | C] () -- C:\Users\sHaXx\AppData\Roaming\sHaXxlog.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
========== LOP Check ==========
 
[2012.03.05 22:59:08 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\Babylon
[2011.12.29 17:02:16 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\DesktopIconForAmazon
[2012.09.01 03:12:40 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\DVDVideoSoft
[2012.09.01 03:12:37 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.05 20:55:18 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\FileZilla
[2012.03.12 09:52:55 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\HLSW
[2012.09.01 04:04:46 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\ICQ
[2012.02.22 11:24:57 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\Leadertech
[2012.02.24 02:11:35 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\LolClient
[2012.06.17 15:42:05 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\LolClient2
[2012.08.14 12:55:43 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\Motorola
[2012.08.14 12:57:38 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\Motorola Mobility
[2011.12.29 17:07:19 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\OCS
[2011.12.29 17:07:15 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\Opera
[2012.09.13 14:39:07 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\Process Hacker 2
[2012.04.23 23:49:45 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\Publish Providers
[2012.06.30 01:58:06 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\Samsung
[2012.06.03 04:11:00 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\Screaming Bee
[2012.09.19 16:05:46 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\Simply Super Software
[2012.04.23 23:49:41 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\Sony
[2012.04.22 22:07:15 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\TeamViewer
[2012.02.18 01:02:34 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\Teeworlds
[2012.09.19 16:52:00 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\TS3Client
[2012.01.18 10:28:36 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\TuneUp Software
[2012.07.09 01:12:42 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\Ubisoft
[2012.08.12 12:42:25 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\Youtube Downloader HD
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

cosinus 20.09.2012 16:04
Du hast ja auch Malwarebytes installiert!
Davon möchte ich auch alle Logs sehen!

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

sHaXi 20.09.2012 16:28
Malwarebytes Anti-Malware (PRO) 1.65.0.1400
Malwarebytes : Free anti-malware download

Datenbank Version: v2012.09.18.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
sHaXx :: SHAXX-PC [Administrator]

Schutz: Deaktiviert

19.09.2012 17:03:52
mbam-log-2012-09-19 (17-03-52).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 197670
Laufzeit: 1 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\sHaXx\AppData\Local\Temp\upnp.exe (Backdoor.Daromec) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

alwarebytes Anti-Malware (PRO) 1.65.0.1400
Malwarebytes : Free anti-malware download

Datenbank Version: v2012.09.19.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
sHaXx :: SHAXX-PC [Administrator]

Schutz: Aktiviert

20.09.2012 17:40:37
mbam-log-2012-09-20 (17-42-43).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P
Deaktivierte Suchlaufeinstellungen:
Durchsuchte Objekte: 198122
Laufzeit: 1 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\sHaXx\AppData\Local\Temp\upnp.exe (Backdoor.Daromec) -> Keine Aktion durchgeführt.

(Ende)
sry das ist der richtige er bekommt denn virus immer und immer wieder

cosinus 20.09.2012 20:12
Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:15 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131