Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Systemprozess in C:\Users\<user>\AppData\Local\Temp\7SDX33Y5VV.exe

Systemprozess in C:\Users\<user>\AppData\Local\Temp\7SDX33Y5VV.exe


Plagegeister aller Art und deren Bekämpfung: Systemprozess in C:\Users\<user>\AppData\Local\Temp\7SDX33Y5VV.exe

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 06.10.2011, 11:48   #1
viper2k
 
Systemprozess in C:\Users\<user>\AppData\Local\Temp\7SDX33Y5VV.exe - Standard

Systemprozess in C:\Users\<user>\AppData\Local\Temp\7SDX33Y5VV.exe


Hallo zusammen,

bei meinen Prozessen im Task-Manager taucht eine 7SDX33Y5VV.exe auf. Dieser Prozess kann nicht geschlossen werden. Die Datei befindet sich in: C:\Users\<user>\AppData\Local\Temp\
Die Datei hat den Originalnamen "ebook.exe" und ist laut den Datei-Eigenschaften ein Adobe Acrobat Dokument.
Virenscanner (Shophos Antivir) schlägt nicht Alarm.


OTL.txt

Code:
ATTFilter
OTL logfile created on: 06.10.2011 12:30:18 - Run 2
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\admin\Desktop
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,09 Gb Available Physical Memory | 76,28% Memory free
15,96 Gb Paging File | 14,14 Gb Available in Paging File | 88,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 44,43 Gb Free Space | 37,29% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 359,00 Gb Free Space | 77,08% Space Free | Partition Type: NTFS
Drive E: | 1397,26 Gb Total Space | 588,92 Gb Free Space | 42,15% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 558,50 Gb Free Space | 59,96% Space Free | Partition Type: NTFS
Drive X: | 931,51 Gb Total Space | 333,44 Gb Free Space | 35,80% Space Free | Partition Type: NTFS
Drive Z: | 1863,01 Gb Total Space | 1156,51 Gb Free Space | 62,08% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.10.06 12:01:02 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
PRC - [2011.10.05 17:45:56 | 000,167,960 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2011.10.05 17:44:35 | 001,543,704 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2011.09.05 19:04:58 | 002,904,984 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011.09.02 22:57:32 | 004,220,416 | ---- | M] (4 MB) -- C:\Users\admin\AppData\Local\Temp\7SDX33Y5VV.exe
PRC - [2011.08.23 09:35:19 | 000,494,616 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
PRC - [2011.08.23 09:34:56 | 000,232,472 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
PRC - [2011.08.23 09:33:40 | 000,099,864 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2011.08.05 20:14:10 | 000,745,600 | ---- | M] (CM & V) -- C:\Program Files (x86)\DVBViewer\DVBVservice.exe
PRC - [2011.08.04 19:13:40 | 001,496,528 | ---- | M] (TrueCrypt Foundation) -- C:\Programme\TrueCrypt\TrueCrypt.exe
PRC - [2011.04.30 00:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.03.30 00:17:08 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.07.22 00:00:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\BRSS01A.EXE
PRC - [2004.06.14 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\BRSVC01A.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.05 19:05:06 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.07.08 05:25:02 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.10.30 12:26:04 | 000,559,320 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\Topos\cFosSpeed\spd.exe -- (cFosSpeedS)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.10.05 17:45:56 | 000,167,960 | ---- | M] (Sophos Limited) [Unknown | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2011.10.05 17:44:35 | 001,543,704 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2011.08.23 09:34:56 | 000,232,472 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2011.08.23 09:33:40 | 000,099,864 | ---- | M] (Sophos Limited) [Unknown | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2011.08.05 20:14:10 | 000,745,600 | ---- | M] (CM & V) [Auto | Running] -- C:\Program Files (x86)\DVBViewer\DVBVservice.exe -- (DVBVRecorder)
SRV - [2011.06.25 02:14:12 | 000,550,840 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\USB Safely Remove\USBSRService.exe -- (USBSafelyRemoveService)
SRV - [2011.04.30 00:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2011.03.30 00:17:08 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2004.06.14 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\Windows\SysWOW64\BRSVC01A.EXE -- (Brother XP spl Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.10.05 17:45:24 | 000,144,672 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)
DRV:64bit: - [2011.08.23 09:32:12 | 000,026,104 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter)
DRV:64bit: - [2011.08.06 21:29:29 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.08.04 20:09:30 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV:64bit: - [2011.08.04 19:13:40 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011.08.04 17:50:34 | 000,440,064 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw88vid.sys -- (hcw88vid)
DRV:64bit: - [2011.08.04 17:50:34 | 000,339,968 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw88tse.sys -- (HCW88TSE)
DRV:64bit: - [2011.08.04 17:50:33 | 000,259,456 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw88bda.sys -- (hcw88bda)
DRV:64bit: - [2011.08.04 17:50:33 | 000,015,872 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw88rc5.sys -- (hcw88rc5)
DRV:64bit: - [2011.07.08 06:15:50 | 009,884,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.07.08 04:47:04 | 000,307,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.04.26 11:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.20 15:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 15:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 13:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 13:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.09.21 09:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.09.17 11:53:28 | 000,297,000 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2009.10.30 12:26:06 | 001,222,360 | ---- | M] (cFos Software GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfosspeed.sys -- (cFosSpeed)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.18 12:54:10 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\BC5D.tmp -- (MEMSWEEP2)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.01.29 10:01:34 | 000,033,600 | ---- | M] (X-Rite, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\XrUsb64.sys -- (X-Rite)
DRV - [2011.08.05 22:49:56 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\Users\admin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.11.23 10:23:06 | 000,097,792 | ---- | M] (T0r0 2008) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\NSHE.SYS -- (NSHE)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 65 15 C2 94 53 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..keyword.URL: "hxxp://search.qip.ru/search?from=FF&query="
FF - prefs.js..network.proxy.autoconfig_url: "file:///C:/Users/admin/Music/Temp/Tunebite/.downloading/profile/rrproxy_ffox_498499c2.pac"
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 4001
FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.backup.gopher_port: 4001
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 4001
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 4001
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 4001
FF - prefs.js..network.proxy.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.gopher_port: 4001
FF - prefs.js..network.proxy.share_proxy_settings: true
 
FF - user.js..network.proxy.backup.ftp: "127.0.0.1"
FF - user.js..network.proxy.backup.ftp_port: 4001
FF - user.js..network.proxy.backup.gopher: "127.0.0.1"
FF - user.js..network.proxy.backup.gopher_port: 4001
FF - user.js..network.proxy.backup.socks: "127.0.0.1"
FF - user.js..network.proxy.backup.socks_port: 4001
FF - user.js..network.proxy.backup.ssl: "127.0.0.1"
FF - user.js..network.proxy.backup.ssl_port: 4001
FF - user.js..network.proxy.ftp: "127.0.0.1"
FF - user.js..network.proxy.ftp_port: 4001
FF - user.js..network.proxy.gopher: "127.0.0.1"
FF - user.js..network.proxy.gopher_port: 4001
FF - user.js..network.proxy.share_proxy_settings: trueuser_pref("network.proxy.socks", "");
FF - user.js..network.proxy.socks_port: 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.09.19 11:38:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.30 17:01:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.18 10:00:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.08.04 17:15:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions
[2011.10.02 09:57:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\cuknkzye.default\extensions
[2011.09.27 09:09:52 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\cuknkzye.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.08.19 19:05:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\cuknkzye.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.06.21 13:55:13 | 000,001,594 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\cuknkzye.default\searchplugins\wunschlistede.xml
[2011.08.05 18:55:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.08.05 18:55:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CUKNKZYE.DEFAULT\EXTENSIONS\{11483926-DB67-4190-91B1-EF20FCEC5F33}.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CUKNKZYE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CUKNKZYE.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CUKNKZYE.DEFAULT\EXTENSIONS\URL-TOOLTIP@TIMOTHYTATE.NET.XPI
[2011.09.30 17:01:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.09.30 17:01:05 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.30 17:01:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.30 17:01:05 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.30 17:01:05 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.30 17:01:05 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.30 17:01:05 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.08.06 12:48:57 | 000,001,357 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHOX64.dll (Sophos Limited)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [cFosSpeed] C:\Programme\Topos\cFosSpeed\cfosspeed.exe (cFos Software GmbH)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe] C:\Users\admin\AppData\Local\Temp\7SDX33Y5VV.exe (4 MB)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Limited)
O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_17_Premium_Download-Version\TrayServer.exe (MAGIX AG)
O4 - HKCU..\Run: [Adobe] C:\Users\admin\AppData\Local\Temp\7SDX33Y5VV.exe (4 MB)
O4 - HKCU..\Run: [DVBV Service Ctrl] C:\Program Files (x86)\DVBViewer\DVBVCtrl.exe (CM&V Hackbart)
O4 - HKCU..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - HKCU..\Run: [USB Safely Remove] C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe (Crystal Rich Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: Adobe = C:\Users\admin\AppData\Local\Temp\7SDX33Y5VV.exe (4 MB)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC277A2D-3A31-4A16-A821-DC9BAF4433B0}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) -C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cede23a1-c2cc-11e0-a835-f46d049d51e7}\Shell - "" = AutoRun
O33 - MountPoints2\{cede23a1-c2cc-11e0-a835-f46d049d51e7}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.06 12:01:01 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2011.10.06 11:31:27 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\sar_15_sfx
[2011.10.05 19:40:44 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\Neuer Ordner
[2011.10.05 17:45:23 | 000,144,672 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys
[2011.10.04 14:37:16 | 000,000,000 | ---D | C] -- C:\Temp
[2011.10.04 14:08:13 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\golf3
[2011.09.30 23:51:52 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\FIFA 12
[2011.09.30 23:46:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fifa 12
[2011.09.23 14:53:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2011.09.18 20:43:58 | 000,000,000 | ---D | C] -- C:\AllSyncBackup
[2011.09.18 20:13:07 | 002,103,216 | ---- | C] (Codejock Software) -- C:\Windows\SysWow64\Codejock.CommandBars.v12.0.0.ocx
[2011.09.18 20:13:07 | 000,992,608 | ---- | C] (Bennet-Tec Information Systems, Inc) -- C:\Windows\SysWow64\TList8.ocx
[2011.09.18 20:13:07 | 000,587,968 | ---- | C] (Xceed Software Inc        (450) 442-2626        support@xceedsoft.com        www.xceedsoft.com) -- C:\Windows\SysWow64\XceedZip.dll
[2011.09.18 20:13:07 | 000,450,560 | ---- | C] (LogicNP Software (hxxp://www.ssware.com)) -- C:\Windows\SysWow64\fldrvw90.ocx
[2011.09.18 20:13:07 | 000,176,128 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\vbalEdit.ocx
[2011.09.18 20:13:07 | 000,094,208 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\SysWow64\mtFrame.ocx
[2011.09.18 20:13:07 | 000,081,920 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\SysWow64\mtSplitter.ocx
[2011.09.18 20:13:07 | 000,081,920 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\SysWow64\mtDateTimePicker2.ocx
[2011.09.18 20:13:07 | 000,073,728 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\SysWow64\mtScrollContainer.ocx
[2011.09.18 20:13:07 | 000,069,632 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\SysWow64\mtProgressBar2.ocx
[2011.09.18 20:13:07 | 000,049,152 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\SysWow64\mtSpinTextbox.ocx
[2011.09.18 20:13:07 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\SSubTmr6.DLL
[2011.09.18 20:13:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllSync
[2011.09.18 20:13:07 | 000,000,000 | ---D | C] -- C:\ProgramData\AllSync
[2011.09.18 20:13:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AllSync
[2011.09.15 12:23:31 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.09.14 12:33:45 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Youtube Downloader HD
[2011.09.12 20:43:23 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Sophos
[2011.09.12 15:25:53 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
[2011.09.11 17:56:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dead Island
[2011.09.10 17:07:36 | 000,000,000 | R--D | C] -- C:\Users\admin\Virtual Machines
[2011.09.10 17:01:43 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-TW
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-CN
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Virtual PC
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\tr-TR
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\th-TH
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\sv-SE
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ru-RU
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ro-RO
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-PT
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-BR
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pl-PL
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nl-NL
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nb-NO
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ko-KR
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ja-JP
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\it-IT
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\hu-HU
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\he-IL
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fr-FR
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fi-FI
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\es-ES
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\en-US
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\el-GR
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\da-DK
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\cs-CZ
[2011.09.10 17:01:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ar-SA
[2011.09.10 16:39:44 | 000,000,000 | ---D | C] -- C:\Program Files\Windows XP Mode
[2011.09.10 14:31:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011.09.10 14:31:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011.09.10 13:48:15 | 000,097,792 | ---- | C] (T0r0 2008) -- C:\Windows\SysWow64\drivers\NSHE.SYS
[2011.09.08 21:59:16 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\Handling.cfg
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.06 12:01:02 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2011.10.06 12:00:17 | 000,000,168 | ---- | M] () -- C:\Users\admin\defogger_reenable
[2011.10.06 12:00:01 | 000,050,477 | ---- | M] () -- C:\Users\admin\Desktop\Defogger.exe
[2011.10.06 11:07:13 | 000,022,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.06 11:07:13 | 000,022,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.06 11:04:36 | 000,652,708 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.10.06 11:04:35 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.10.06 11:04:35 | 000,698,726 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.10.06 11:04:35 | 000,148,782 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.10.06 11:04:35 | 000,121,640 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.10.06 11:00:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.06 09:41:11 | 000,002,032 | -H-- | M] () -- C:\Users\admin\Documents\Default.rdp
[2011.10.05 19:09:30 | 000,908,706 | ---- | M] () -- C:\Users\admin\Desktop\Konzeptzeichnung_kleiner.pdf
[2011.10.05 18:36:54 | 000,088,063 | ---- | M] () -- C:\Users\admin\Desktop\Anschlussbelegung der Steckanschlüsse am Schalttafeleinsatz.pdf
[2011.10.05 18:36:14 | 000,204,168 | ---- | M] () -- C:\Users\admin\Desktop\Printing from Tmplt62.pdf
[2011.10.05 17:45:24 | 000,144,672 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys
[2011.10.04 22:30:08 | 000,000,030 | ---- | M] () -- C:\Program Files (x86)\Exiferupdate.ini
[2011.10.04 13:53:37 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT
[2011.09.30 23:48:06 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Fifa 12.lnk
[2011.09.28 09:32:57 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\TSDoctor.lnk
[2011.09.27 21:00:10 | 000,265,254 | ---- | M] () -- C:\Users\admin\Desktop\barclaycard.pdf
[2011.09.26 23:12:26 | 000,364,544 | ---- | M] () -- C:\Users\admin\Documents\Database1.accdb
[2011.09.26 22:42:11 | 000,001,456 | ---- | M] () -- C:\Users\admin\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.09.24 10:21:22 | 000,000,655 | ---- | M] () -- C:\Users\admin\Desktop\_STUDIUM - Verknüpfung.lnk
[2011.09.20 22:17:13 | 000,001,115 | ---- | M] () -- C:\Windows\PVAStrumento.ini
[2011.09.18 20:13:10 | 000,000,931 | ---- | M] () -- C:\Users\Public\Desktop\AllSync .lnk
[2011.09.18 12:00:54 | 000,012,468 | ---- | M] () -- C:\Users\admin\Desktop\OEVM3_16-09-2011.pdf
[2011.09.18 12:00:25 | 000,018,597 | ---- | M] () -- C:\Users\admin\Desktop\WVM5_16-09-2011.pdf
[2011.09.18 09:09:00 | 000,000,017 | ---- | M] () -- C:\Users\admin\AppData\Local\resmon.resmoncfg
[2011.09.18 03:05:53 | 001,594,042 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.09.14 11:05:17 | 000,001,070 | ---- | M] () -- C:\Users\admin\Desktop\mount.bat - Verknüpfung.lnk
[2011.09.13 10:01:11 | 000,001,079 | ---- | M] () -- C:\Users\admin\Desktop\ftprush.exe.lnk
[2011.09.13 10:01:00 | 000,001,027 | ---- | M] () -- C:\Users\admin\Desktop\mirc.exe.lnk
[2011.09.13 10:00:31 | 000,001,198 | ---- | M] () -- C:\Users\admin\Desktop\StaxRip.exe.lnk
[2011.09.10 19:10:11 | 000,000,874 | ---- | M] () -- C:\Users\admin\Desktop\Handbrake.lnk
[2011.09.10 01:11:30 | 018,913,121 | ---- | M] () -- C:\Users\admin\Desktop\_MG_2903.CR2
[2011.09.10 01:11:01 | 017,792,474 | ---- | M] () -- C:\Users\admin\Desktop\_MG_1093.CR2
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.10.06 12:00:17 | 000,000,168 | ---- | C] () -- C:\Users\admin\defogger_reenable
[2011.10.06 12:00:01 | 000,050,477 | ---- | C] () -- C:\Users\admin\Desktop\Defogger.exe
[2011.10.05 19:07:17 | 000,908,706 | ---- | C] () -- C:\Users\admin\Desktop\Konzeptzeichnung_kleiner.pdf
[2011.10.01 13:44:44 | 000,204,168 | ---- | C] () -- C:\Users\admin\Desktop\Printing from Tmplt62.pdf
[2011.10.01 13:44:44 | 000,088,063 | ---- | C] () -- C:\Users\admin\Desktop\Anschlussbelegung der Steckanschlüsse am Schalttafeleinsatz.pdf
[2011.09.30 23:48:06 | 000,001,089 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fifa 12.lnk
[2011.09.30 23:48:06 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Fifa 12.lnk
[2011.09.27 21:00:10 | 000,265,254 | ---- | C] () -- C:\Users\admin\Desktop\barclaycard.pdf
[2011.09.26 22:40:09 | 000,001,456 | ---- | C] () -- C:\Users\admin\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.09.26 15:40:45 | 000,364,544 | ---- | C] () -- C:\Users\admin\Documents\Database1.accdb
[2011.09.24 10:21:22 | 000,000,655 | ---- | C] () -- C:\Users\admin\Desktop\_STUDIUM - Verknüpfung.lnk
[2011.09.19 11:38:34 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2011.09.19 11:38:34 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2011.09.18 20:13:10 | 000,000,931 | ---- | C] () -- C:\Users\Public\Desktop\AllSync .lnk
[2011.09.18 20:13:07 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\zlibwapi.dll
[2011.09.18 12:00:54 | 000,012,468 | ---- | C] () -- C:\Users\admin\Desktop\OEVM3_16-09-2011.pdf
[2011.09.18 12:00:25 | 000,018,597 | ---- | C] () -- C:\Users\admin\Desktop\WVM5_16-09-2011.pdf
[2011.09.18 09:09:00 | 000,000,017 | ---- | C] () -- C:\Users\admin\AppData\Local\resmon.resmoncfg
[2011.09.14 11:05:17 | 000,001,070 | ---- | C] () -- C:\Users\admin\Desktop\mount.bat - Verknüpfung.lnk
[2011.09.13 10:01:11 | 000,001,079 | ---- | C] () -- C:\Users\admin\Desktop\ftprush.exe.lnk
[2011.09.13 10:01:00 | 000,001,027 | ---- | C] () -- C:\Users\admin\Desktop\mirc.exe.lnk
[2011.09.13 10:00:31 | 000,001,198 | ---- | C] () -- C:\Users\admin\Desktop\StaxRip.exe.lnk
[2011.09.10 13:47:58 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE
[2011.09.10 13:47:58 | 000,006,836 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.INI
[2011.09.10 01:07:08 | 018,913,121 | ---- | C] () -- C:\Users\admin\Desktop\_MG_2903.CR2
[2011.09.10 01:06:47 | 017,792,474 | ---- | C] () -- C:\Users\admin\Desktop\_MG_1093.CR2
[2011.09.08 17:15:26 | 000,000,874 | ---- | C] () -- C:\Users\admin\Desktop\Handbrake.lnk
[2011.08.19 23:48:20 | 000,001,115 | ---- | C] () -- C:\Windows\PVAStrumento.ini
[2011.08.08 21:03:38 | 001,594,042 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.08.08 20:45:08 | 000,000,132 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.08.08 19:48:34 | 000,000,030 | ---- | C] () -- C:\Program Files (x86)\Exiferupdate.ini
[2011.08.07 19:11:27 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI
[2011.08.07 18:55:46 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Installer Plugin
[2011.08.07 18:55:46 | 000,000,268 | RH-- | C] () -- C:\ProgramData\InkjetPrinter
[2011.08.07 18:55:46 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Importer
[2011.08.07 18:55:46 | 000,000,268 | RH-- | C] () -- C:\Users\admin\AppData\Roaming\Image Units
[2011.08.07 18:55:46 | 000,000,268 | RH-- | C] () -- C:\Users\admin\AppData\Roaming\Image Manipulation
[2011.08.07 18:55:46 | 000,000,268 | RH-- | C] () -- C:\Users\admin\AppData\Roaming\Image Capture
[2011.08.07 18:55:46 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011.08.07 18:55:46 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011.08.07 18:55:46 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011.08.07 18:55:46 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Licenses
[2011.08.07 18:55:46 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Legacy
[2011.08.07 18:55:46 | 000,000,012 | RH-- | C] () -- C:\ProgramData\LaserPrinter
[2011.08.06 18:40:12 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\brss01a.ini
[2011.08.06 18:40:11 | 000,000,457 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.08.06 18:40:11 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.08.05 20:41:10 | 000,000,942 | ---- | C] () -- C:\Users\admin\AppData\Roaming\coreavc.ini
[2011.08.05 19:33:55 | 000,000,600 | ---- | C] () -- C:\Users\admin\AppData\Local\PUTTY.RND
[2011.08.05 18:52:46 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.08.05 18:52:46 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.08.05 14:38:40 | 000,003,952 | ---- | C] () -- C:\Users\admin\AppData\Roaming\iColorDisplay3.prefs
[2011.08.05 14:38:05 | 000,000,347 | -H-- | C] () -- C:\Users\admin\AppData\Roaming\iColorDisplay3.lic
[2011.08.04 20:58:44 | 000,000,458 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.08.04 18:59:00 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.08.04 16:38:42 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.08.04 16:34:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.03.30 00:17:10 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\HDREfexProFC32.dll
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.02.21 23:17:34 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\SilverEfexPro2FC32.dll
[2011.02.15 12:11:48 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\Viveza2FC32.dll
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
 
========== LOP Check ==========
 
[2011.08.08 19:03:26 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ACD Systems
[2011.08.29 18:28:59 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.08.06 21:30:02 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DAEMON Tools Lite
[2011.08.10 16:00:02 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Design Science
[2011.08.24 18:29:22 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ImgBurn
[2011.08.30 00:06:18 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\MAGIX
[2011.10.06 12:30:26 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\NetSpeedMonitor
[2011.08.06 18:14:26 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Nik Software
[2011.08.07 19:00:53 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Nikon
[2011.08.05 18:28:00 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\QIP
[2011.08.10 11:52:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TeamViewer
[2011.08.04 17:38:16 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Thunderbird
[2011.08.27 14:27:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TrueCrypt
[2011.08.05 15:13:36 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\USBSafelyRemove
[2011.08.08 21:57:48 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Xi
[2011.09.15 00:12:34 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Youtube Downloader HD
[2009.07.14 07:08:49 | 000,017,766 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.08.04 14:14:28 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.09.18 20:43:58 | 000,000,000 | ---D | M] -- C:\AllSyncBackup
[2011.08.06 23:44:06 | 000,000,000 | ---D | M] -- C:\ATI
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.08.04 14:14:23 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.08.08 22:47:31 | 000,000,000 | ---D | M] -- C:\FameRing
[2011.08.04 16:44:12 | 000,000,000 | ---D | M] -- C:\Intel
[2011.08.05 21:27:42 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.09.10 16:39:44 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.09.30 23:46:39 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.09.23 15:01:08 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.08.04 14:14:23 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.08.04 14:14:24 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.10.06 12:25:47 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.10.04 14:37:16 | 000,000,000 | ---D | M] -- C:\Temp
[2011.08.04 14:14:26 | 000,000,000 | R--D | M] -- C:\Users
[2011.09.23 15:00:31 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

 

Themen zu Systemprozess in C:\Users\<user>\AppData\Local\Temp\7SDX33Y5VV.exe
adobe, antivir, autorun, bho, codejock software, document, downloader, explorer, firefox, format, langs, logfile, microsoft, monitor, mozilla thunderbird, plug-in, port, programme, prozesse, realtek, registry, scan, software, systemprozess, task-manager, temp, usb, webcheck, windows, windows xp, winlogon.exe, youtube downloader


« Noch ein xxx.JPG.scr Virus/Trojaner via Facebook-Chat/ Win7 64bit startet nicht | Dropper.gen über Facebook-Link - kein Windows-Start »


Ähnliche Themen: Systemprozess in C:\Users\<user>\AppData\Local\Temp\7SDX33Y5VV.exe


  1. TR/Agent.7375 in C:\Users\HerrTest\AppData\Local\Temp\nscA085.tmp\temp\5FT.zip
    Log-Analyse und Auswertung - 18.10.2015 (13)
  2. C:\Users\User\AppData\Local\Temp\ljubZufuv Malware-Problem
    Log-Analyse und Auswertung - 07.09.2014 (6)
  3. gvu will svchost.exe unter C:\users\user\appdata\local\temp starten
    Log-Analyse und Auswertung - 16.01.2014 (13)
  4. C:\Users\****\AppData\Local\Temp\jrscpls.exe
    Plagegeister aller Art und deren Bekämpfung - 30.09.2013 (39)
  5. RunDLL: Problem beim Starten von C\Users\user\AppData\Local\Temp\wgsdgsdgdsgsd.exe - das angegebenen Modul wurde nicht gefunden
    Plagegeister aller Art und deren Bekämpfung - 21.12.2012 (1)
  6. C:\Users\User\AppData\Local\Temp\wgsdgsdgdsgsd.exe wurde nicht Gefunden
    Log-Analyse und Auswertung - 19.12.2012 (2)
  7. RunDLL: Problem beim Starten von C\Users\user\AppData\Local\Temp\wgsdgsdgdsgsd.exe - das angegebenen Modul wurde nicht gefunden
    Log-Analyse und Auswertung - 17.12.2012 (9)
  8. C:\Users\User\AppData\Local\Temp\wgsdgsdgdsgsd.exe wurde nicht Gefunden
    Plagegeister aller Art und deren Bekämpfung - 10.11.2012 (11)
  9. Fehlermeldung beim Neustart C:\ Users\User\AppData\Local\Temp\wgsdgsdgdsgsd.exe
    Log-Analyse und Auswertung - 22.10.2012 (48)
  10. C:/Users/User/AppData/Local/Temp/er_00_0_l.exe
    Log-Analyse und Auswertung - 17.10.2012 (4)
  11. C:\Users\User\AppData\Local\Temp\wgsdgsdgdsgsd.exe wurde nicht Gefunden - GVU Trojaner
    Plagegeister aller Art und deren Bekämpfung - 22.09.2012 (16)
  12. C:/Users/User/AppData/Local/Temp/i4jdel0.exe
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (5)
  13. Fehlermeldung:"Problem beim Starten von C:\Users\user\AppData\Local\Temp\ch810.exe"
    Log-Analyse und Auswertung - 14.05.2012 (27)
  14. C:\Users\***\AppData\Local\Temp!
    Plagegeister aller Art und deren Bekämpfung - 26.03.2012 (1)
  15. Avira findet TR/EyeStye.N.1213 unter C:\User\***\AppData\Local\Temp\203.temp
    Log-Analyse und Auswertung - 31.10.2011 (5)
  16. C:/Users/Appdata/Local/Temp/WAB.log
    Log-Analyse und Auswertung - 21.04.2011 (3)
  17. BDS/Bredavi.azd in C:\Users\****\AppData\Local\Temp\****.exe
    Plagegeister aller Art und deren Bekämpfung - 29.11.2009 (8)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Systemprozess in C:\Users\<user>\AppData\Local\Temp\7SDX33Y5VV.exe - Hallo zusammen, bei meinen Prozessen im Task-Manager taucht eine 7SDX33Y5VV.exe auf. Dieser Prozess kann nicht geschlossen werden. Die Datei befindet sich in: C:\Users\<user>\AppData\Local\Temp\ Die Datei hat den Originalnamen "ebook.exe" und - Systemprozess in C:\Users\<user>\AppData\Local\Temp\7SDX33Y5VV.exe...
Archiv
Du betrachtest: Systemprozess in C:\Users\<user>\AppData\Local\Temp\7SDX33Y5VV.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131