| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Sophos Scan hat Trojaner und Maleware gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
02.12.2011, 23:09
| #16 |
  |  Sophos Scan hat Trojaner und Maleware gefunden Hi, denke ich habe ihn... Antimalewarebytes updaten, dann die Files checken und die Logs speichern (sollten clean sein), dann OTL durchlaufen lassen und nach start OTL offline gehen, Offline (nachdem der Rechner wieder gebootet hat) Fullscan mit Anitmalewarebytes... Danach Online und die Logs posten... (Fett markiert ist die kleine Saubacke)... Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter C:\Windows\system32\Macromed\Flash\NPSWF32.dll
C:\Programme\Mozilla Firefox\mozjs.dll
C:\Windows\System32\bcmwlrc.dll
OTL:
 Code:
ATTFilter :OTL
SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- File not found
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Vincenzo\AppData\Roaming\5051 [2011.11.28 20:40:45 | 000,000,000 | ---D | M]
[2011.11.28 20:40:45 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\VINCENZO\APPDATA\ROAMING\5051
() (No name found) -- C:\USERS\VINCENZO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0SN3YRHA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2011.11.28 20:40:42 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\5051
[2011.11.27 16:22:38 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Local\PDF24
[2011.11.25 21:46:12 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\5050
[2011.11.24 18:58:51 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\5049
[2011.11.24 18:58:29 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\xmldm
[2011.11.24 18:58:28 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\kock
:Commands
[emptytemp]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[Reboot]
chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
03.12.2011, 16:45
| #17 |
 | Anti Maleware Quick-Scan Malwarebytes' Anti-Malware 1.51.2.1300
__________________www.malwarebytes.org Datenbank Version: 8297 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 03.12.2011 12:13:12 mbam-log-2011-12-03 (12-13-12).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 168231 Laufzeit: 8 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
03.12.2011, 16:46
| #18 |
| | OTL nach Start offline OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 03.12.2011 12:15:16 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Vincenzo\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 56,15% Memory free 5,99 Gb Paging File | 4,58 Gb Available in Paging File | 76,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,66 Gb Total Space | 338,61 Gb Free Space | 72,72% Space Free | Partition Type: NTFS Computer Name: VINCENZO-PC | User Name: Vincenzo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Vincenzo\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Vincenzo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Plc) PRC - C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc) PRC - C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Plc) PRC - C:\Programme\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc) PRC - C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc) PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe (IDT, Inc.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - c:\Programme\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe (Andrea Electronics Corporation) PRC - c:\ElsaWin\bin\LcSvrAdm.exe (Volkswagen AG) PRC - c:\ElsaWin\bin\LcSvrHis.exe (Volkswagen AG) PRC - c:\ElsaWin\bin\LcSvrSaz.exe (Volkswagen AG) PRC - c:\ElsaWin\bin\LcSvrAuf.exe (Volkswagen AG) PRC - c:\ElsaWin\bin\LcSvrPas.exe (Volkswagen AG) PRC - c:\ElsaWin\bin\LcSvrDba.exe (Volkswagen AG) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll () MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapEngine.dll () MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLSchMgr.dll () MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll () MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLTinyDB.dll () ========== Win32 Services (SafeList) ========== SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- File not found SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (swi_service) -- C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Plc) SRV - (SAVAdminService) -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (Sophos AutoUpdate Service) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc) SRV - (SAVService) -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc) SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe (IDT, Inc.) SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (OpenVPNService) -- C:\Programme\OpenVPN\bin\openvpnserv.exe () SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe (Andrea Electronics Corporation) SRV - (LcSvrAdm) -- c:\ElsaWin\bin\LcSvrAdm.exe (Volkswagen AG) SRV - (LcSvrHis) -- c:\ElsaWin\bin\LcSvrHis.exe (Volkswagen AG) SRV - (LcSvrSaz) -- c:\ElsaWin\bin\LcSvrSaz.exe (Volkswagen AG) SRV - (LcSvrAuf) -- c:\ElsaWin\bin\LcSvrAuf.exe (Volkswagen AG) SRV - (LcSvrPAS) -- c:\ElsaWin\bin\LcSvrPas.exe (Volkswagen AG) SRV - (LcSvrDba) -- c:\ElsaWin\bin\LcSvrDba.exe (Volkswagen AG) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (SAVOnAccess) -- C:\Windows\System32\drivers\savonaccess.sys (Sophos Plc) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (SophosBootDriver) -- C:\Windows\System32\drivers\SophosBootDriver.sys (Sophos Plc) DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation) DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (hpdskflt) -- C:\Windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard) DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard) DRV - (iscFlash) -- C:\swsetup\sp45138\iscflash.sys (Insyde Software) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation) DRV - (LUMDriver) -- C:\Windows\System32\drivers\LUMDriver.sys (IBM) DRV - (PVUSB) -- C:\Windows\System32\drivers\CESG502.sys (Hitachi Semiconductor and Devices Sales Co.,Ltd.) DRV - (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) -- C:\Windows\System32\drivers\ssm_bus.sys (MCCI) DRV - (ssm_mdm) -- C:\Windows\System32\drivers\ssm_mdm.sys (MCCI) DRV - (ssm_mdfl) -- C:\Windows\System32\drivers\ssm_mdfl.sys (MCCI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB 77 EB E3 D1 AA CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..network.proxy.no_proxies_on: "local" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.16 20:22:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.16 20:22:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.09 16:11:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.30 14:16:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.30 14:16:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.09 16:11:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Vincenzo\AppData\Roaming\5051 [2011.11.28 20:40:45 | 000,000,000 | ---D | M] [2011.09.16 16:31:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vincenzo\AppData\Roaming\mozilla\Extensions [2009.12.21 21:10:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vincenzo\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.09.28 19:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vincenzo\AppData\Roaming\mozilla\Firefox\Profiles\0sn3yrha.default\extensions [2011.11.12 18:17:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.11.28 20:40:45 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\VINCENZO\APPDATA\ROAMING\5051 () (No name found) -- C:\USERS\VINCENZO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0SN3YRHA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.11.11 20:04:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2009.12.21 06:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011.10.06 20:01:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.06 20:01:34 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.06 20:01:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.06 20:01:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.06 20:01:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.06 20:01:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Plc) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - Startup: C:\Users\Vincenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Vincenzo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office XP\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O13 - gopher Prefix: missing O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6254A1D2-3EED-44D2-9F3C-21F2525BB591}: DhcpNameServer = 134.108.34.5 134.108.34.6 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A8C7BF2-C42F-4BD7-852F-7AC3AD549007}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\vw-wi {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - c:\ElsaWin\bin\wiprot.dll (TODO: <Company name>) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (acaptuser32.dll) -C:\Windows\System32\acaptuser32.dll (Adobe Systems Incorporated) O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) -C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{625edd1c-ff76-11df-9d92-001e68f7211d}\Shell - "" = AutoRun O33 - MountPoints2\{625edd1c-ff76-11df-9d92-001e68f7211d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.02 16:53:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Vincenzo\Desktop\OTL.exe [2011.12.01 20:54:51 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\Malwarebytes [2011.12.01 20:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.01 20:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.01 20:54:35 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.12.01 20:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.12.01 13:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.12.01 13:03:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.12.01 12:42:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} [2011.12.01 12:42:05 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Local\PackageAware [2011.11.28 20:40:42 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\5051 [2011.11.27 16:22:38 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Local\PDF24 [2011.11.25 21:46:12 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\5050 [2011.11.24 18:58:51 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\5049 [2011.11.24 18:58:29 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\xmldm [2011.11.24 18:58:28 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\kock [2011.11.24 12:33:42 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Vincenzo\Desktop\TDSSKiller.exe [2011.11.17 22:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011.11.17 18:41:25 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\Desktop\A_Klasse [2011.11.16 20:25:24 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Local\Axialis [2011.11.09 17:34:03 | 002,341,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2009.12.20 00:27:03 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe [2009.12.20 00:27:03 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe [2009.12.20 00:27:03 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe [2009.12.20 00:27:03 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe [2009.12.20 00:27:03 | 002,231,606 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Games.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Vincenzo\AppData\Roaming\*.tmp files -> C:\Users\Vincenzo\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.03 11:42:42 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.03 11:42:42 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.03 11:39:04 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.03 11:35:57 | 000,000,985 | ---- | M] () -- C:\ProgramData\hpqp.ini [2011.12.03 11:35:23 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.03 11:34:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.03 11:34:25 | 2413,719,552 | -HS- | M] () -- C:\hiberfil.sys [2011.12.02 17:03:08 | 001,547,774 | ---- | M] () -- C:\Users\Vincenzo\Desktop\tdsskiller.zip [2011.12.02 16:53:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Vincenzo\Desktop\OTL.exe [2011.12.01 22:53:00 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.12.01 19:34:02 | 000,000,480 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Vincenzo.job [2011.12.01 13:16:01 | 003,690,976 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.12.01 13:12:04 | 000,000,036 | ---- | M] () -- C:\Users\Vincenzo\AppData\Roaming\blckdom.res [2011.12.01 13:03:12 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.11.27 10:03:59 | 000,664,634 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.11.27 10:03:59 | 000,624,776 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.11.27 10:03:59 | 000,134,770 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.11.27 10:03:59 | 000,110,414 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.11.24 12:33:42 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Vincenzo\Desktop\TDSSKiller.exe [2011.11.21 12:27:13 | 000,579,494 | ---- | M] () -- C:\Users\Vincenzo\Desktop\Deutschland testet.pdf [2011.11.15 20:50:03 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.11.13 19:20:47 | 000,620,234 | ---- | M] () -- C:\Users\Vincenzo\SHARK.INI [2011.11.08 16:17:05 | 006,028,664 | ---- | M] () -- C:\Users\Vincenzo\Desktop\GT-I9100_UM_Open_Ger_D04_110501-1.pdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Vincenzo\AppData\Roaming\*.tmp files -> C:\Users\Vincenzo\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.02 17:02:52 | 001,547,774 | ---- | C] () -- C:\Users\Vincenzo\Desktop\tdsskiller.zip [2011.12.01 22:53:00 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.12.01 13:03:12 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.11.28 15:15:08 | 000,000,036 | ---- | C] () -- C:\Users\Vincenzo\AppData\Roaming\blckdom.res [2011.11.21 12:27:13 | 000,579,494 | ---- | C] () -- C:\Users\Vincenzo\Desktop\Deutschland testet.pdf [2011.11.08 16:17:04 | 006,028,664 | ---- | C] () -- C:\Users\Vincenzo\Desktop\GT-I9100_UM_Open_Ger_D04_110501-1.pdf [2011.10.09 16:07:42 | 000,180,988 | ---- | C] () -- C:\Windows\hpoins13.dat.temp [2011.10.09 16:07:42 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl13.dat.temp [2011.05.18 17:58:10 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.04.17 20:34:45 | 000,007,602 | ---- | C] () -- C:\Users\Vincenzo\AppData\Local\Resmon.ResmonCfg [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.03.05 18:34:42 | 000,000,056 | ---- | C] () -- C:\Windows\Acroread.ini [2011.01.10 13:25:34 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.11.30 14:13:23 | 000,000,616 | ---- | C] () -- C:\Windows\System32\NTS5CSET.INI [2010.06.15 16:16:35 | 000,000,928 | ---- | C] () -- C:\Windows\ODBC.INI [2010.01.14 16:54:23 | 000,000,096 | ---- | C] () -- C:\Users\Vincenzo\AppData\Local\fusioncache.dat [2009.12.24 22:11:33 | 000,005,120 | ---- | C] () -- C:\Users\Vincenzo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.12.24 21:34:53 | 002,729,472 | ---- | C] () -- C:\Windows\System32\fun_avcodec.dll [2009.12.24 20:19:39 | 000,181,013 | ---- | C] () -- C:\Windows\hpoins13.dat [2009.12.24 20:19:39 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl13.dat [2009.12.20 00:26:20 | 000,000,985 | ---- | C] () -- C:\ProgramData\hpqp.ini [2009.12.19 23:50:49 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll [2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2009.07.14 09:47:43 | 000,664,634 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 09:47:43 | 000,134,770 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 05:33:53 | 003,690,976 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,624,776 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,110,414 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat < End of report > |
|
03.12.2011, 16:47
| #19 |
| | Anti Maleware Fullscan Offline Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8297 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 03.12.2011 16:24:03 mbam-log-2011-12-03 (16-24-03).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 730384 Laufzeit: 3 Stunde(n), 40 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
03.12.2011, 17:44
| #20 |
| | Sophos Scan hat Trojaner und Maleware gefunden C:\Windows\system32\Macromed\Flash\NPSWF32.dll Antivirus Version Last Update Result AhnLab-V3 2011.12.03.00 2011.12.03 - AntiVir 7.11.18.204 2011.12.02 - Antiy-AVL 2.0.3.7 2011.12.03 - Avast 6.0.1289.0 2011.12.03 - AVG 10.0.0.1190 2011.12.03 - BitDefender 7.2 2011.12.03 - ByteHero 1.0.0.1 2011.11.29 - CAT-QuickHeal 12.00 2011.12.03 - ClamAV 0.97.3.0 2011.12.03 - Commtouch 5.3.2.6 2011.12.03 - Comodo 10827 2011.12.03 - DrWeb 5.0.2.03300 2011.12.03 - Emsisoft 5.1.0.11 2011.12.03 - eSafe 7.0.17.0 2011.12.01 - eTrust-Vet 37.0.9600 2011.12.02 - F-Prot 4.6.5.141 2011.11.29 - F-Secure 9.0.16440.0 2011.12.03 - Fortinet 4.3.388.0 2011.12.03 - GData 22.295/22.549 2011.12.03 - Ikarus T3.1.1.109.0 2011.12.03 - Jiangmin 13.0.900 2011.12.03 - K7AntiVirus 9.119.5589 2011.12.03 - Kaspersky 9.0.0.837 2011.12.03 - McAfee 5.400.0.1158 2011.12.03 - McAfee-GW-Edition 2010.1D 2011.12.03 - Microsoft 1.7903 2011.12.03 - NOD32 6668 2011.12.01 - Norman 6.07.13 2011.12.03 - nProtect 2011-12-03.01 2011.12.03 - Panda 10.0.3.5 2011.12.03 - PCTools 8.0.0.5 2011.12.03 - Prevx 3.0 2011.12.03 - Rising 23.86.04.02 2011.12.02 - Sophos 4.71.0 2011.12.03 - SUPERAntiSpyware 4.40.0.1006 2011.12.03 - Symantec 20111.2.0.82 2011.12.03 - TheHacker 6.7.0.1.352 2011.12.01 - TrendMicro 9.500.0.1008 2011.12.03 - TrendMicro-HouseCall 9.500.0.1008 2011.12.03 - VBA32 3.12.16.4 2011.12.03 - VIPRE 11197 2011.12.03 - ViRobot 2011.12.3.4807 2011.12.03 - VirusBuster 14.1.97.0 2011.12.02 - Additional information MD5 : de3745a51b7ac7fedc356a83f76c8023 SHA1 : 7043c94cde62cec4fc5840121b7944463b227411 SHA256: d93b9d3bb342b98a5b33764d123dcf230087dab401728fdd86b091b359cee9bb ssdeep: 196608:hiNCwoC243SsEPRASaRqrOiF5bnm6SzEBgQpqxLmntSXuFhbsBOp8m:gcjC2FOSMiF5y 6Sz8tpqxLmntSXunp8m File size : 8527008 bytes First seen: 2011-11-10 22:18:34 Last seen : 2011-12-03 16:33:06 TrID: Win32 EXE PECompact compressed (generic) (76.8%) Win32 Executable Generic (15.7%) Generic Win/DOS Executable (3.7%) DOS Executable Generic (3.6%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) sigcheck: publisher....: Adobe Systems, Inc. copyright....: Adobe_ Flash_ Player. Copyright (c) 1996-2011 Adobe Systems Incorporated. All Rights Reserved. Adobe and Flash are either trademarks or registered trademarks in the United States and/or other countries. product......: Shockwave Flash description..: Shockwave Flash 11.1 r102 original name: npswf32.dll internal name: Adobe Flash Player 11.1 file version.: 11,1,102,55 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x5B9DE1 timedatestamp....: 0x4EAF86CE (Tue Nov 01 05:42:38 2011) machinetype......: 0x14c (I386) [[ 7 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .text, 0x1000, 0x64DBF9, 0x64DC00, 6.85, b9eeac0cc6bed2b5f81f437e511cdca0 .rodata, 0x64F000, 0x10E0, 0x1200, 4.17, f9b675a1bd0fbf9eb19f171f153bf909 .rdata, 0x651000, 0x1406E5, 0x140800, 6.98, b7190453514f812ff9d8f5aca2ae8674 .data, 0x792000, 0x113EE4, 0x2E600, 5.24, 7db3d6a668f4bd44078b1dcf6f6760e5 .rodata, 0x8A6000, 0x4A0, 0x600, 4.82, 434f064a79169b10bce9f9048ecacdfc .rsrc, 0x8A7000, 0x1C8A4, 0x1CA00, 5.92, dec31d2bc0ba83db7da3433728144add .reloc, 0x8C4000, 0x45534, 0x45600, 5.48, e5799d99a3cd32c0f6faae8828fb96ba [[ 17 import(s) ]] VERSION.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA, GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW WINMM.dll: timeGetTime, waveInOpen, waveInPrepareHeader, waveInReset, timeSetEvent, timeKillEvent, timeEndPeriod, timeBeginPeriod, timeGetDevCaps, waveOutWrite, mixerGetID, waveInGetDevCapsA, waveOutGetDevCapsA, waveOutMessage, waveInMessage, mixerClose, mixerGetLineControlsA, mixerGetLineInfoA, mixerGetDevCapsA, mixerOpen, mixerGetControlDetailsA, waveOutRestart, waveOutPause, waveInGetPosition, mixerSetControlDetails, waveInUnprepareHeader, waveInClose, waveOutClose, waveInStop, waveInAddBuffer, waveInStart, waveOutReset, waveOutGetPosition, waveOutOpen, waveInGetNumDevs, waveOutGetNumDevs, waveInGetDevCapsW, waveOutGetDevCapsW, waveOutUnprepareHeader, waveOutPrepareHeader WININET.dll: InternetSetOptionW, InternetCloseHandle, InternetReadFile, HttpSendRequestW, HttpOpenRequestA, InternetConnectA, InternetOpenA CRYPT32.dll: CertNameToStrW, CryptDecodeObjectEx, CertFindRDNAttr, CertRDNValueToStrW, CryptFindOIDInfo, CertCompareCertificateName, CertAddCertificateContextToStore, CertEnumCertificatesInStore, CertCompareCertificate, CertVerifyTimeValidity, CertVerifyRevocation, CertOpenStore, CertAddStoreToCollection, CryptVerifyMessageSignature, CryptGetMessageCertificates, CertCreateCertificateContext, CertVerifySubjectCertificateContext, CertFindCertificateInStore, CertFreeCertificateContext, CertCloseStore RPCRT4.dll: RpcStringFreeA, UuidToStringA OLEAUT32.dll: -, -, -, -, -, -, - urlmon.dll: CopyStgMedium DSOUND.dll: - KERNEL32.dll: GetModuleFileNameA, FindClose, FindNextFileW, DeleteFileW, RemoveDirectoryW, FindFirstFileW, SystemTimeToFileTime, GetSystemTime, GetFileSizeEx, CreateFileW, GetFileAttributesW, CreateDirectoryW, WideCharToMultiByte, DeleteFileA, WriteFile, CreateFileA, GetTempFileNameA, GetCurrentDirectoryA, CreateDirectoryA, GetEnvironmentVariableA, GlobalFree, FreeLibrary, GetVersionExW, GetProcessTimes, GlobalUnlock, GlobalLock, GetCurrentProcessId, GlobalSize, GlobalAlloc, GetSystemInfo, GetModuleHandleW, GetUserDefaultUILanguage, MoveFileExW, VirtualQuery, GetUserDefaultLangID, GetVersionExA, SetFilePointer, VerifyVersionInfoW, FindResourceA, CreateProcessA, CreateThread, ReadFile, GetFileSize, FindResourceExA, FindResourceExW, SetUnhandledExceptionFilter, GetTempPathW, InterlockedIncrement, InterlockedDecrement, GetTimeZoneInformation, ReleaseSemaphore, WaitForMultipleObjects, SetEvent, CreateSemaphoreW, GetTempFileNameW, GetSystemDirectoryW, ExpandEnvironmentStringsA, GetTempPathA, GetFileAttributesA, CreateMutexA, SetFilePointerEx, GetFileAttributesExW, GetFileInformationByHandle, GetVolumeInformationW, GetCurrentDirectoryW, SetCurrentDirectoryW, ExpandEnvironmentStringsW, OutputDebugStringA, TlsSetValue, UnmapViewOfFile, ReleaseMutex, MapViewOfFile, CreateFileMappingA, SetThreadPriority, GetSystemDirectoryA, TerminateThread, lstrcpyA, lstrlenA, CompareFileTime, LocalFree, QueryPerformanceCounter, QueryPerformanceFrequency, QueueUserAPC, OpenThread, SleepEx, SwitchToThread, GetProcessHeap, HeapFree, HeapSize, VirtualProtect, GetProcessAffinityMask, IsProcessorFeaturePresent, UnhandledExceptionFilter, RtlUnwind, ExitProcess, GetCommandLineA, GetSystemTimeAsFileTime, GetStdHandle, TerminateProcess, SizeofResource, LoadResource, LockResource, OpenFile, _lwrite, _lclose, FreeResource, LoadLibraryA, GetModuleFileNameW, lstrlenW, SetLastError, GetCurrentProcess, VirtualAlloc, FlushInstructionCache, RaiseException, LCMapStringW, GetTickCount, GetCurrentThreadId, GetLocaleInfoW, GetEnvironmentVariableW, GetLastError, ResetEvent, WaitForSingleObject, CloseHandle, CreateEventW, LoadLibraryW, GetProcAddress, GetCurrentThread, SetThreadAffinityMask, IsDBCSLeadByte, GetACP, GetCPInfo, MultiByteToWideChar, ExitThread, InterlockedExchange, InterlockedCompareExchange, Sleep, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, TlsGetValue, IsDebuggerPresent, HeapAlloc, EnumSystemLocalesW, GetUserDefaultLCID, GetTimeFormatW, GetDateFormatW, CompareStringW, GetCurrencyFormatW, GetNumberFormatW, TlsFree, TlsAlloc, SetHandleCount, GetFileType, GetStartupInfoA, GetConsoleCP, GetConsoleMode, HeapReAlloc, HeapCreate, HeapDestroy, GetOEMCP, IsValidCodePage, LCMapStringA, InitializeCriticalSectionAndSpinCount, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, CreateSemaphoreA, GetEnvironmentStringsW, FlushFileBuffers, GetLocaleInfoA, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, GetStringTypeA, GetStringTypeW, CompareStringA, SetEnvironmentVariableA, SetEndOfFile, GetModuleHandleA, VirtualFree, DeviceIoControl, GetVersion, InterlockedExchangeAdd, CancelWaitableTimer, SetWaitableTimer, CreateWaitableTimerA, VerSetConditionMask, CreateEventA USER32.dll: EnumDisplayDevicesW, EmptyClipboard, SetClipboardData, IsClipboardFormatAvailable, OpenClipboard, GetClipboardData, CloseClipboard, RegisterClipboardFormatW, IsWindow, GetWindowThreadProcessId, RemoveMenu, SetMenuItemInfoW, GetMenuItemInfoW, InsertMenuItemW, CreatePopupMenu, TrackPopupMenu, DrawMenuBar, DestroyMenu, CreateMenu, SetMenuInfo, MapVirtualKeyW, WaitForInputIdle, GetForegroundWindow, DialogBoxParamW, SetWindowTextA, RedrawWindow, DialogBoxIndirectParamW, EndDialog, GetDesktopWindow, GetDlgItem, SetWindowTextW, SendMessageTimeoutW, CreateIconIndirect, SetRectEmpty, GetCursor, DestroyIcon, LoadImageW, GetPropW, SetPropW, GetMonitorInfoW, GetClipboardFormatNameA, RegisterClipboardFormatA, SetWindowPos, DestroyCaret, DestroyWindow, RegisterClassA, CreateWindowExA, SetCapture, ReleaseCapture, GetSubMenu, ScreenToClient, GetCapture, GetCursorPos, WindowFromPoint, GetParent, GetTopWindow, PeekMessageW, GetQueueStatus, KillTimer, SetTimer, InvalidateRect, LoadIconW, RegisterClassW, IsWindowVisible, PostMessageW, GetFocus, SendMessageW, SendNotifyMessageW, GetKeyState, ReleaseDC, SetCursor, LoadStringW, MessageBoxW, EnableMenuItem, CheckMenuItem, FillRect, GetDC, BeginPaint, EndPaint, UnregisterClassA, SetFocus, GetWindowInfo, CopyRect, CreateWindowExW, RegisterClassExW, CallWindowProcW, PostQuitMessage, LoadCursorW, GetClassInfoExW, SetWindowLongW, MapWindowPoints, ShowWindow, DefWindowProcW, ClientToScreen, SendInput, GetKeyboardLayout, GetWindowLongW, GetWindowRect, UpdateLayeredWindow, EnumDisplayDevicesA, GetSystemMetrics, SetRect, OffsetRect, MonitorFromWindow, GetDoubleClickTime, EnumDisplaySettingsW, MoveWindow, SetCaretPos, CreateCaret, SystemParametersInfoW, ShowCaret, PostMessageA, RegisterWindowMessageA, GetClientRect, MessageBoxA GDI32.dll: SetPixel, CreateDCA, GetICMProfileA, SelectPalette, RealizePalette, RectVisible, LPtoDP, StretchDIBits, GetStockObject, Rectangle, GetDeviceCaps, GetSystemPaletteEntries, GetClipBox, CreateSolidBrush, EnumFontFamiliesW, CreateBitmap, GetStretchBltMode, SetStretchBltMode, GetTextMetricsW, EnumFontFamiliesA, ExtTextOutA, SetTextColor, CreateFontIndirectA, IntersectClipRect, GetClipRgn, CreateRectRgn, SetTextAlign, SetBkMode, GetTextAlign, GetBkMode, GetTextColor, DeleteObject, CreateFontIndirectW, SelectClipRgn, GetBkColor, SetTextCharacterExtra, CreatePen, GetTextExtentPoint32W, GetCurrentObject, DPtoLP, GetTextExtentPoint32A, GetTextCharacterExtra, SetWorldTransform, SetGraphicsMode, GetWorldTransform, CreatePalette, StartDocW, EndDoc, StrokePath, ExtCreatePen, FillPath, StretchBlt, SetBkColor, ExtTextOutW, SelectObject, BitBlt, CreateDIBSection, GetObjectW, GdiFlush, DeleteDC, CreateCompatibleDC, RestoreDC, SelectClipPath, PolyBezierTo, GetFontData, EnumFontFamiliesExW, LineTo, MoveToEx, EndPath, BeginPath, SaveDC, SetPolyFillMode, StartPage, EndPage COMDLG32.dll: GetSaveFileNameW, GetOpenFileNameW, CommDlgExtendedError, PrintDlgW ADVAPI32.dll: CryptAcquireContextW, CryptGenRandom, CryptReleaseContext, RegOpenKeyExA, RegQueryValueExW, RegOpenKeyA, RegOpenKeyExW, RegDeleteValueA, RegQueryValueExA, RegCreateKeyExA, RegCreateKeyA, RegSetValueExA, RegCloseKey SHELL32.dll: SHGetSpecialFolderLocation, SHAppBarMessage, SHGetFolderPathA, SHBrowseForFolderW, SHGetPathFromIDListW, SHGetFolderPathW, SHFileOperationW, SHGetDiskFreeSpaceExW ole32.dll: ReleaseStgMedium, OleUninitialize, OleFlushClipboard, OleIsCurrentClipboard, CreateBindCtx, PropVariantClear, OleInitialize, CoInitialize, CoUninitialize, CoTaskMemFree, CoTaskMemAlloc, CoCreateInstance, OleSetClipboard, OleGetClipboard WS2_32.dll: WSAIoctl, -, -, -, -, -, -, WSASocketW, -, -, -, -, -, -, WSACloseEvent, -, -, -, -, -, -, -, -, -, -, WSAEnumNetworkEvents, WSAEventSelect, WSACreateEvent, WSAAddressToStringA, -, -, -, -, -, - mscms.dll: TranslateBitmapBits, DeleteColorTransform, CreateColorTransformW, OpenColorProfileW, CloseColorProfile [[ 65 export(s) ]] BrokerMainW, DllRegisterServer, DllUnregisterServer, FlashPlayer_11_1_102_55_FlashPlayer, Flash_DisableLocalSecurity, Flash_EnforceLocalSecurity, Java_ShockwaveFlash_CurrentFrame_stub, Java_ShockwaveFlash_FlashVersion_stub, Java_ShockwaveFlash_FrameLoaded_stub, Java_ShockwaveFlash_GetVariable_stub, Java_ShockwaveFlash_GotoFrame_stub, Java_ShockwaveFlash_IsPlaying_stub, Java_ShockwaveFlash_LoadMovie_stub, Java_ShockwaveFlash_Pan_stub, Java_ShockwaveFlash_PercentLoaded_stub, Java_ShockwaveFlash_Play_stub, Java_ShockwaveFlash_SetVariable_stub, Java_ShockwaveFlash_SetZoomRect_stub, Java_ShockwaveFlash_StopPlay_stub, Java_ShockwaveFlash_TCallFrame_stub, Java_ShockwaveFlash_TCallLabel_stub, Java_ShockwaveFlash_TCurrentFrame_stub, Java_ShockwaveFlash_TCurrentLabel_stub, Java_ShockwaveFlash_TGetProperty_stub, Java_ShockwaveFlash_TGotoFrame_stub, Java_ShockwaveFlash_TGotoLabel_stub, Java_ShockwaveFlash_TPlay_stub, Java_ShockwaveFlash_TSetProperty_stub, Java_ShockwaveFlash_TStopPlay_stub, Java_ShockwaveFlash_TotalFrames_stub, Java_ShockwaveFlash_Zoom_stub, NP_GetEntryPoints, NP_Initialize, NP_Shutdown, native_ShockwaveFlash_CurrentFrame, native_ShockwaveFlash_FlashVersion, native_ShockwaveFlash_FrameLoaded, native_ShockwaveFlash_GetVariable, native_ShockwaveFlash_GotoFrame, native_ShockwaveFlash_IsPlaying, native_ShockwaveFlash_LoadMovie, native_ShockwaveFlash_Pan, native_ShockwaveFlash_PercentLoaded, native_ShockwaveFlash_Play, native_ShockwaveFlash_SetVariable, native_ShockwaveFlash_SetZoomRect, native_ShockwaveFlash_StopPlay, native_ShockwaveFlash_TCallFrame, native_ShockwaveFlash_TCallLabel, native_ShockwaveFlash_TCurrentFrame, native_ShockwaveFlash_TCurrentLabel, native_ShockwaveFlash_TGetProperty, native_ShockwaveFlash_TGotoFrame, native_ShockwaveFlash_TGotoLabel, native_ShockwaveFlash_TPlay, native_ShockwaveFlash_TSetProperty, native_ShockwaveFlash_TStopPlay, native_ShockwaveFlash_TotalFrames, native_ShockwaveFlash_Zoom, register_ShockwaveFlash, unregister_ShockwaveFlash, unuse_ShockwaveFlash, unuse_netscape_plugin_Plugin, use_ShockwaveFlash, use_netscape_plugin_Plugin ExifTool: file metadata CharacterSet: Windows, Latin1 CodeSize: 6614528 CompanyName: Adobe Systems, Inc. Debugger: 0 EntryPoint: 0x5b9de1 FileDescription: Shockwave Flash 11.1 r102 FileExtents: swf|spl|mfp FileFlagsMask: 0x003f FileOS: Win32 FileOpenName: Adobe Flash movie (*.swf)|FutureSplash movie (*.spl)|Adobe Flash Paper (*.mfp) FileSize: 8.1 MB FileSubtype: 0 FileType: Win32 DLL FileVersion: 11,1,102,55 FileVersionNumber: 11.1.102.55 ImageVersion: 0.0 InitializedDataSize: 1905664 InternalName: Adobe Flash Player 11.1 LanguageCode: English (U.S.) LegalCopyright: Adobe Flash Player. Copyright 1996-2011 Adobe Systems Incorporated. All Rights Reserved. Adobe and Flash are either trademarks or registered trademarks in the United States and/or other countries. LegalTrademarks: Adobe Flash Player LinkerVersion: 9.0 MIMEType: application/x-shockwave-flash|application/futuresplash MachineType: Intel 386 or later, and compatibles OSVersion: 5.0 ObjectFileType: Dynamic link library OriginalFilename: npswf32.dll PEType: PE32 ProductName: Shockwave Flash ProductVersion: 11,1,102,55 ProductVersionNumber: 11.1.102.55 Subsystem: Windows GUI SubsystemVersion: 5.0 TimeStamp: 2011:11:01 06:42:38+01:00 UninitializedDataSize: 0 Geändert von john_c (03.12.2011 um 17:50 Uhr) |
|
03.12.2011, 17:47
| #21 |
| | Sophos Scan hat Trojaner und Maleware gefunden C:\Programme\Mozilla Firefox\mozjs.dll Antivirus Version Last Update Result AhnLab-V3 2011.12.03.00 2011.12.03 - AntiVir 7.11.18.204 2011.12.02 - Antiy-AVL 2.0.3.7 2011.12.03 - Avast 6.0.1289.0 2011.12.03 - AVG 10.0.0.1190 2011.12.03 - BitDefender 7.2 2011.12.03 - ByteHero 1.0.0.1 2011.11.29 - CAT-QuickHeal 12.00 2011.12.03 - ClamAV 0.97.3.0 2011.12.03 - Commtouch 5.3.2.6 2011.12.03 - Comodo 10827 2011.12.03 - Emsisoft 5.1.0.11 2011.12.03 - eSafe 7.0.17.0 2011.12.01 - eTrust-Vet 37.0.9600 2011.12.02 - F-Prot 4.6.5.141 2011.11.29 - F-Secure 9.0.16440.0 2011.12.03 - Fortinet 4.3.388.0 2011.12.03 - GData 22 2011.12.03 - Ikarus T3.1.1.109.0 2011.12.03 - Jiangmin 13.0.900 2011.12.03 - K7AntiVirus 9.119.5589 2011.12.03 - Kaspersky 9.0.0.837 2011.12.03 - McAfee 5.400.0.1158 2011.12.03 - McAfee-GW-Edition 2010.1D 2011.12.03 - Microsoft 1.7903 2011.12.03 - NOD32 6668 2011.12.01 - Norman 6.07.13 2011.12.03 - nProtect 2011-12-03.01 2011.12.03 - Panda 10.0.3.5 2011.12.03 - PCTools 8.0.0.5 2011.12.03 - Prevx 3.0 2011.12.03 - Rising 23.86.04.02 2011.12.02 - Sophos 4.71.0 2011.12.03 - SUPERAntiSpyware 4.40.0.1006 2011.12.03 - Symantec 20111.2.0.82 2011.12.03 - TheHacker 6.7.0.1.352 2011.12.01 - TrendMicro 9.500.0.1008 2011.12.03 - TrendMicro-HouseCall 9.500.0.1008 2011.12.03 - VBA32 3.12.16.4 2011.12.03 - VIPRE 11197 2011.12.03 - ViRobot 2011.12.3.4807 2011.12.03 - VirusBuster 14.1.97.0 2011.12.02 - Additional information MD5 : 47a91e11a42f115d094dee60ec144ad7 SHA1 : 830b7c4027e34642f5a0c74e61bf6b4e03413155 SHA256: e8682b46ecb05c0e2bb5795e822902f0af1c7e2928ebb0214fb4398dbd09415e ssdeep: 24576:/D5Rr11rvNTvf21JbFu8CTl88NicIS1b4PHtHK3rPatZv0NyAV+++kMseh:/DDr7vlu1J Fu8Tfztq/yAsXh File size : 1989592 bytes First seen: 2011-11-06 11:54:54 Last seen : 2011-12-03 16:37:01 TrID: Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: Mozilla Corporation Thawte Code Signing CA - G2 thawte Primary Root CA Thawte Premium Server CA signing date.: 7:54 05/11/2011 verified.....: - PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x15E4D0 timedatestamp....: 0x4EB4979C (Sat Nov 05 01:55:40 2011) machinetype......: 0x14c (I386) [[ 4 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .text, 0x1000, 0x15E4AB, 0x15F000, 6.57, 556c0c1e9e9223070130e4a8fc7bad1a .rdata, 0x160000, 0x55E42, 0x56000, 3.69, ec4cdfb77667fc979d8569d3fb87d4d6 .data, 0x1B6000, 0x20974, 0x20000, 1.25, 82fa29390def7c2b227176e4a50579c9 .reloc, 0x1D7000, 0xDFD2, 0xE000, 6.09, 6a39c15c40f24d213c56d12c1a6c2298 [[ 4 import(s) ]] nspr4.dll: PR_FindFunctionSymbol, PR_FindSymbol, PR_LoadLibraryWithFlags, PR_UnloadLibrary, PR_CallOnce, PR_CreateThread, PR_JoinThread, PR_IntervalNow, PR_IntervalToMilliseconds, PR_GetCurrentThread, PR_NotifyAllCondVar, PR_NewLock, PR_NewCondVar, PR_DestroyLock, PR_DestroyCondVar, PR_NotifyCondVar, PR_WaitCondVar, PR_Unlock, PR_Lock KERNEL32.dll: GetCurrentProcessId, GetCurrentThreadId, GetTickCount, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, InterlockedCompareExchange, Sleep, GetSystemInfo, EnterCriticalSection, SetCriticalSectionSpinCount, LeaveCriticalSection, GetSystemTimeAdjustment, DeleteCriticalSection, InterlockedExchange, InitializeCriticalSectionAndSpinCount, VirtualAlloc, VirtualFree, VirtualQuery, GetSystemTimeAsFileTime, QueryPerformanceCounter, QueryPerformanceFrequency WINMM.dll: timeBeginPeriod, timeEndPeriod MOZCRT19.dll: _malloc_crt, _initterm, _initterm_e, _amsg_exit, _adjust_fdiv, __CppXcptFilter, _crt_debugger_hook, _except_handler4_common, __clean_type_info_names_internal, _encoded_null, _time64, _decode_pointer, _onexit, _lock, memset, memcpy, _fstat64i32, malloc, calloc, realloc, free, _isnan, floor, _purecall, __3@YAXPAX@Z, ___V@YAXPAX@Z, memmove, strncmp, getc, __iob_func, fclose, fopen, isspace, isdigit, _CIfmod, isalpha, _errno, _setjmp3, _fileno, acos, asin, atan, _copysign, _CIatan2, ceil, cos, _CIexp, log, _CIpow, _CIsqrt, sin, sqrt, tan, fabs, localeconv, _HUGE, tolower, isxdigit, strchr, isprint, sprintf, ungetc, fputc, exit, fflush, fprintf, _CIlog10, strstr, _localtime64, _tzset, strftime, _set_invalid_parameter_handler, getenv, vfprintf, bsearch, _fpclass, _finite, abort, _unlock, __dllonexit, _encode_pointer [[ 868 export(s) ]] __0ArrayBuffer@js@@QAE@XZ, __0AutoEnterFrameCompartment@JS@@QAE@XZ, __0AutoEnterScriptCompartment@JS@@QAE@XZ, __0ForceFrame@js@@QAE@PAUJSContext@@PAUJSObject@@@Z, __0JSAutoEnterCompartment@@QAE@XZ, __0JSAutoStructuredCloneBuffer@@QAE@XZ, __0JSCompartment@@QAE@PAUJSRuntime@@@Z, __0JSCrossCompartmentWrapper@@QAE@ABV0@@Z, __0JSCrossCompartmentWrapper@@QAE@I@Z, __0JSProxyHandler@js@@QAE@ABV01@@Z, __0JSProxyHandler@js@@QAE@PAX@Z, __0JSWrapper@@QAE@ABV0@@Z, __0JSWrapper@@QAE@I@Z, __0PerfMeasurement@JS@@QAE@W4EventMask@01@@Z, __1ArrayBuffer@js@@QAE@XZ, __1AutoEnterFrameCompartment@JS@@QAE@XZ, __1AutoEnterScriptCompartment@JS@@QAE@XZ, __1ForceFrame@js@@QAE@XZ, __1JSAutoEnterCompartment@@QAE@XZ, __1JSAutoStructuredCloneBuffer@@QAE@XZ, __1JSCompartment@@QAE@XZ, __1JSCrossCompartmentWrapper@@UAE@XZ, __1JSProxyHandler@js@@UAE@XZ, __1JSWrapper@@UAE@XZ, __1PerfMeasurement@JS@@QAE@XZ, __4ArrayBuffer@js@@QAEAAU01@ABU01@@Z, __4AutoEnterFrameCompartment@JS@@QAEAAV01@ABV01@@Z, __4AutoEnterScriptCompartment@JS@@QAEAAV01@ABV01@@Z, __4JSAutoEnterCompartment@@QAEAAV0@ABV0@@Z, __4JSCrossCompartmentWrapper@@QAEAAV0@ABV0@@Z, __4JSProxyHandler@js@@QAEAAV01@ABV01@@Z, __4JSWrapper@@QAEAAV0@ABV0@@Z, __4TypedArray@js@@QAEAAU01@ABU01@@Z, ___7JSCrossCompartmentWrapper@@6B@, ___7JSProxyHandler@js@@6B@, ___7JSWrapper@@6B@, _AllocGCChunk@js@@YAPAXXZ, _Call@JS@@YA_NPAUJSContext@@_K1IPA_K2@Z, _DeepBail@js@@YAXPAUJSContext@@@Z, _ExtractPerfMeasurement@JS@@YAPAVPerfMeasurement@1@_K@Z, _FixProxy@js@@YAHPAUJSContext@@PAUJSObject@@PAH@Z, _FreeGCChunk@js@@YAXPAX@Z, _FunctionProxyClass@js@@3UClass@1@A, _GCThingSizeMap@gc@js@@3QBEB, _GetPropertyNames@js@@YA_NPAUJSContext@@PAUJSObject@@IPAVAutoIdVector@1@@Z, _IsAboutToBeFinalized@@YA_NPAUJSContext@@PBX@Z, _IterateCompartmentsArenasCells@js@@YAXPAUJSContext@@PAXP6AX01PAUJSCompartment@@@ZP6AX01PAUArena@gc@1@II@ZP6AX011II@Z@Z, _JS_GetArrayBufferByteLength@@YAIPAUJSObject@@@Z, _JS_GetArrayBufferData@@YAPAEPAUJSObject@@@Z, _JS_GetTypedArrayBuffer@@YAPAUJSObject@@PAU1@@Z, _JS_GetTypedArrayByteLength@@YAIPAUJSObject@@@Z, _JS_GetTypedArrayByteOffset@@YAIPAUJSObject@@@Z, _JS_GetTypedArrayData@@YAPAXPAUJSObject@@@Z, _JS_GetTypedArrayLength@@YAIPAUJSObject@@@Z, _JS_GetTypedArrayType@@YAIPAUJSObject@@@Z, _LeaveTrace@js@@YAXPAUJSContext@@@Z, _MarkContext@js@@YAXPAUJSTracer@@PAUJSContext@@@Z, _NULLABLE_OBJ_TO_INNER_OBJECT@@YA_NPAUJSContext@@AAPAUJSObject@@@Z, _New@JSWrapper@@SAPAUJSObject@@PAUJSContext@@PAU2@11PAV1@@Z, _NewProxyObject@js@@YAPAUJSObject@@PAUJSContext@@PAVJSProxyHandler@1@ABVValue@1@PAU2@333@Z, _ObjectProxyClass@js@@3UClass@1@A, _OuterWindowProxyClass@js@@3UClass@1@A, _ParseJSONWithReviver@js@@YAHPAUJSContext@@PB_WIABVValue@1@PAV31@W4DecodingMode@@@Z, _RegisterPerfMeasurement@JS@@YAPAUJSObject@@PAUJSContext@@PAU2@@Z, _TriggerOperationCallback@js@@YAXPAUJSContext@@@Z, _addDebuggee@JSCompartment@@QAE_NPAUJSContext@@PAVGlobalObject@js@@@Z, _adopt@JSAutoStructuredCloneBuffer@@QAEXPA_KII@Z, _allocAndInitTraceMonitor@JSCompartment@@QAEPAUTraceMonitor@js@@PAUJSContext@@@Z, _allocMathCache@JSCompartment@@AAEPAVMathCache@js@@PAUJSContext@@@Z, _arenaListsAreEmpty@JSCompartment@@QAE_NXZ, _backEdgeCount@JSCompartment@@QBEIPAE@Z, _call@JSCrossCompartmentWrapper@@UAE_NPAUJSContext@@PAUJSObject@@IPAVValue@js@@@Z, _call@JSProxyHandler@js@@UAE_NPAUJSContext@@PAUJSObject@@IPAVValue@2@@Z, _call@JSWrapper@@UAE_NPAUJSContext@@PAUJSObject@@IPAVValue@js@@@Z, _canMeasureSomething@PerfMeasurement@JS@@SA_NXZ, _charsHeapSize@JSString@@QAEIXZ, _class_constructor@ArrayBuffer@js@@SAHPAUJSContext@@IPAVValue@2@@Z, _clear@JSAutoStructuredCloneBuffer@@QAEXXZ, _clearBreakpointsIn@JSCompartment@@QAEXPAUJSContext@@PAVDebugger@js@@PAUJSScript@@PAUJSObject@@@Z, _clearTraps@JSCompartment@@QAEXPAUJSContext@@PAUJSScript@@@Z, _clone@JSObject@@QAEPAU1@PAUJSContext@@PAU1@1@Z, _committedSize@StackSpace@js@@QAEIXZ, _construct@JSCrossCompartmentWrapper@@UAE_NPAUJSContext@@PAUJSObject@@IPAVValue@js@@2@Z, _construct@JSProxyHandler@js@@UAE_NPAUJSContext@@PAUJSObject@@IPAVValue@2@2@Z, _construct@JSWrapper@@UAE_NPAUJSContext@@PAUJSObject@@IPAVValue@js@@2@Z, _copy@JSAutoStructuredCloneBuffer@@QAE_NPB_KII@Z, _copyPropertiesFrom@JSObject@@QAE_NPAUJSContext@@PAU1@@Z, _create@ArrayBuffer@js@@SAPAUJSObject@@PAUJSContext@@H@Z, _data@JSAutoStructuredCloneBuffer@@QBEPA_KXZ, _debugMode@JSCompartment@@QBE_NXZ, _defaultValue@JSCrossCompartmentWrapper@@UAE_NPAUJSContext@@PAUJSObject@@W4JSType@@PAVValue@js@@@Z, _defaultValue@JSProxyHandler@js@@UAE_NPAUJSContext@@PAUJSObject@@W4JSType@@PAVValue@2@@Z, _defaultValue@JSWrapper@@UAE_NPAUJSContext@@PAUJSObject@@W4JSType@@PAVValue@js@@@Z, _defineProperty@JSCrossCompartmentWrapper@@UAE_NPAUJSContext@@PAUJSObject@@HPAUPropertyDescriptor@js@@@Z, _defineProperty@JSWrapper@@UAE_NPAUJSContext@@PAUJSObject@@HPAUPropertyDescriptor@js@@@Z, _delete_@JSCrossCompartmentWrapper@@UAE_NPAUJSContext@@PAUJSObject@@HPA_N@Z, _delete_@JSWrapper@@UAE_NPAUJSContext@@PAUJSObject@@HPA_N@Z, _drainMarkStack@GCMarker@js@@QAEXXZ, _ensureJaegerCompartmentExists@JSCompartment@@QAE_NPAUJSContext@@@Z, _ensureSpaceSlow@StackSpace@js@@ABE_NPAUJSContext@@W4MaybeReportError@2@PAVValue@2@H@Z, _enter@AutoEnterFrameCompartment@JS@@QAE_NPAUJSContext@@PAUJSStackFrame@@@Z, _enter@AutoEnterScriptCompartment@JS@@QAE_NPAUJSContext@@PAUJSScript@@@Z, _enter@ForceFrame@js@@QAE_NXZ, _enter@JSAutoEnterCompartment@@QAE_NPAUJSContext@@PAUJSObject@@@Z, _enter@JSWrapper@@UAE_NPAUJSContext@@PAUJSObject@@HW4Action@1@PA_N@Z, _enterAndIgnoreErrors@JSAutoEnterCompartment@@QAEXPAUJSContext@@PAUJSObject@@@Z, _entered@AutoEnterScriptCompartment@JS@@QBE_NXZ, _entered@JSAutoEnterCompartment@@QBE_NXZ, _enumerate@JSCrossCompartmentWrapper@@UAE_NPAUJSContext@@PAUJSObject@@AAVAutoIdVector@js@@@Z, _enumerate@JSWrapper@@UAE_NPAUJSContext@@PAUJSObject@@AAVAutoIdVector@js@@@Z, _family@JSProxyHandler@js@@QAEPAXXZ, _fastClass@ArrayBuffer@js@@2UClass@2@A, _fastClasses@TypedArray@js@@2PAUClass@2@A, _finalize@JSProxyHandler@js@@UAEXPAUJSContext@@PAUJSObject@@@Z, _finalizeObjectArenaLists@JSCompartment@@QAEXPAUJSContext@@@Z, _finalizeShapeArenaLists@JSCompartment@@QAEXPAUJSContext@@@Z, _finalizeStringArenaLists@JSCompartment@@QAEXPAUJSContext@@@Z, _finishArenaLists@JSCompartment@@QAEXXZ, _fix@JSWrapper@@UAE_NPAUJSContext@@PAUJSObject@@PAVValue@js@@@Z, _flags@JSWrapper@@QBEIXZ, _fun_toString@JSCrossCompartmentWrapper@@UAEPAVJSString@@PAUJSContext@@PAUJSObject@@I@Z, _fun_toString@JSProxyHandler@js@@UAEPAVJSString@@PAUJSContext@@PAUJSObject@@I@Z, _fun_toString@JSWrapper@@UAEPAVJSString@@PAUJSContext@@PAUJSObject@@I@Z, _get@JSCrossCompartmentWrapper@@UAE_NPAUJSContext@@PAUJSObject@@1HPAVValue@js@@@Z, _get@JSProxyHandler@js@@UAE_NPAUJSContext@@PAUJSObject@@1HPAVValue@2@@Z, _get@JSWrapper@@UAE_NPAUJSContext@@PAUJSObject@@1HPAVValue@js@@@Z, _getArrayBuffer@ArrayBuffer@js@@SAPAUJSObject@@PAU3@@Z, _getBreakpointSite@JSCompartment@@QAEPAVBreakpointSite@js@@PAE@Z, _getBuffer@TypedArray@js@@SAPAUJSObject@@PAU3@@Z, _getByteLength@ArrayBuffer@js@@SAIPAUJSObject@@@Z, _getByteLength@TypedArray@js@@SAIPAUJSObject@@@Z, _getByteOffset@TypedArray@js@@SAIPAUJSObject@@@Z, _getCodeAllocStats@TraceMonitor@js@@QBEXAAI00@Z, _getDataOffset@ArrayBuffer@js@@SAPAEPAUJSObject@@@Z, _getDataOffset@TypedArray@js@@SAPAXPAUJSObject@@@Z, _getDebuggees@JSCompartment@@QAEAAV_$HashSet@PAVGlobalObject@js@@U_$DefaultHasher@PAVGlobalObject@js@@@2@VSystemAllocPolicy@2@@js@@XZ, _getGlobal@JSObject@@QBEPAVGlobalObject@js@@XZ, _getLength@TypedArray@js@@SAIPAUJSObject@@@Z, _getMathCache@JSCompartment@@QAEPAVMathCache@js@@PAUJSContext@@@Z, _getMjitCodeSize@JSCompartment@@QBEIXZ, _getOrCreateBreakpointSite@JSCompartment@@QAEPAVBreakpointSite@js@@PAUJSContext@@PAUJSScript@@PAEPAUJSObject@@@Z, _getOwnPropertyDescriptor@JSCrossCompartmentWrapper@@UAE_NPAUJSContext@@PAUJSObject@@H_NPAUPropertyDescriptor@js@@@Z, _getOwnPropertyDescriptor@JSWrapper@@UAE_NPAUJSContext@@PAUJSObject@@H_NPAUPropertyDescriptor@js@@@Z, _getOwnPropertyNames@JSCrossCompartmentWrapper@@UAE_NPAUJSContext@@PAUJSObject@@AAVAutoIdVector@js@@@Z, _getOwnPropertyNames@JSWrapper@@UAE_NPAUJSContext@@PAUJSObject@@AAVAutoIdVector@js@@@Z, _getPropertyDescriptor@JSCrossCompartmentWrapper@@UAE_NPAUJSContext@@PAUJSObject@@H_NPAUPropertyDescriptor@js@@@Z, _getPropertyDescriptor@JSWrapper@@UAE_NPAUJSContext@@PAUJSObject@@H_NPAUPropertyDescriptor@js@@@Z, _getTraceMonitorSize@TraceMonitor@js@@QBEIXZ, _getType@TypedArray@js@@SAIPAUJSObject@@@Z, _getTypedArray@TypedArray@js@@SAPAUJSObject@@PAU3@@Z, _getVMAllocatorsMainSize@TraceMonitor@js@@QBEIXZ, _getVMAllocatorsReserveSize@TraceMonitor@js@@QBEIXZ, _getWrapperFamily@JSWrapper@@SAPAXXZ, _has@JSCrossCompartmentWrapper@@UAE_NPAUJSContext@@PAUJSObject@@HPA_N@Z, _has@JSProxyHandler@js@@UAE_NPAUJSContext@@PAUJSObject@@HPA_N@Z, _has@JSWrapper@@UAE_NPAUJSContext@@PAUJSObject@@HPA_N@Z, _hasInstance@JSCrossCompartmentWrapper@@UAE_NPAUJSContext@@PAUJSObject@@PBVValue@js@@PA_N@Z, _hasInstance@JSProxyHandler@js@@UAE_NPAUJSContext@@PAUJSObject@@PBVValue@2@PA_N@Z, _hasInstance@JSWrapper@@UAE_NPAUJSContext@@PAUJSObject@@PBVValue@js@@PA_N@Z, _hasJaegerCompartment@JSCompartment@@QAE_NXZ, _hasOwn@JSCrossCompartmentWrapper@@UAE_NPAUJSContext@@PAUJSObject@@HPA_N@Z, _hasOwn@JSProxyHandler@js@@UAE_NPAUJSContext@@PAUJSObject@@HPA_N@Z, _hasOwn@JSWrapper@@UAE_NPAUJSContext@@PAUJSObject@@HPA_N@Z, _hasScriptsOnStack@JSCompartment@@QAE_NPAUJSContext@@@Z, _hasTraceMonitor@JSCompartment@@QAE_NXZ, _incBackEdgeCount@JSCompartment@@QAEIPAE@Z, _init@JSCompartment@@QAE_NXZ, _isArrayIndex@TypedArray@js@@SA_NPAUJSContext@@PAUJSObject@@HPAI@Z, _isOuterWindow@JSProxyHandler@js@@UAE_NXZ, _isWrapper@JSObject@@QBE_NXZ, _iterate@JSCrossCompartmentWrapper@@UAE_NPAUJSContext@@PAUJSObject@@IPAVValue@js@@@Z, _iterate@JSProxyHandler@js@@UAE_NPAUJSContext@@PAUJSObject@@IPAVValue@2@@Z, _iterate@JSWrapper@@UAE_NPAUJSContext@@PAUJSObject@@IPAVValue@js@@@Z, _jaegerCompartment@JSCompartment@@QBEPAVJaegerCompartment@mjit@js@@XZ, _jitDataSize@JSScript@@QAEIXZ, _js_AnyNameClass@@3UClass@js@@A, _js_AttributeNameClass@@3UClass@js@@A, _js_CallClass@@3UClass@js@@A, _js_CallNewScriptHook@@YAXPAUJSContext@@PAUJSScript@@PAUJSFunction@@@Z, _js_CheckUndeclaredVarAssignment@@YA_NPAUJSContext@@PAVJSString@@@Z, _js_CloneRegExpObject@@YIPAUJSObject@@PAUJSContext@@PAU1@1@Z, _js_CloseIterator@@YAHPAUJSContext@@PAUJSObject@@@Z, _js_CreateArrayBuffer@@YAPAUJSObject@@PAUJSContext@@I@Z, _js_CreateTypedArray@@YAPAUJSObject@@PAUJSContext@@HI@Z, _js_CreateTypedArrayWithArray@@YAPAUJSObject@@PAUJSContext@@HPAU1@@Z, _js_CreateTypedArrayWithBuffer@@YAPAUJSObject@@PAUJSContext@@HPAU1@HH@Z, _js_DateGetDate@@YAHPAUJSContext@@PAUJSObject@@@Z, _js_DateGetHours@@YAHPAUJSContext@@PAUJSObject@@@Z, _js_DateGetMinutes@@YAHPAUJSContext@@PAUJSObject@@@Z, _js_DateGetMonth@@YAHPAUJSContext@@PAUJSObject@@@Z, _js_DateGetMsecSinceEpoch@@YANPAUJSContext@@PAUJSObject@@@Z, _js_DateGetSeconds@@YAHPAUJSContext@@PAUJSObject@@@Z, _js_DateGetYear@@YAHPAUJSContext@@PAUJSObject@@@Z, _js_DateIsValid@@YAHPAUJSContext@@PAUJSObject@@@Z, _js_DeclEnvClass@@3UClass@js@@A, _js_Enumerate@@YAHPAUJSContext@@PAUJSObject@@W4JSIterateOp@@PAVValue@js@@PAH@Z, _js_FindProperty@@YAHPAUJSContext@@HPAPAUJSObject@@1PAPAUJSProperty@@@Z, _js_FunctionClass@@3UClass@js@@A, _js_GCThingIsMarked@@YA_NPAXI@Z, _js_GetClassPrototype@@YAHPAUJSContext@@PAUJSObject@@W4JSProtoKey@@PAPAU2@PAUClass@js@@@Z, _js_GetErrorMessage@@YAPBUJSErrorFormatString@@PAXPBDI@Z, _js_GetGCThingTraceKind@@YAIPAX@Z, _js_GetSCOffset@@YA_KPAUJSStructuredCloneWriter@@@Z, _js_GetScriptLineExtent@@YAIPAUJSScript@@@Z, _js_GetterOnlyPropertyStub@@YAHPAUJSContext@@PAUJSObject@@HHPA_K@Z, _js_InitTypedArrayClasses@@YAPAUJSObject@@PAUJSContext@@PAU1@@Z, _js_IntervalNow@@YAIXZ, _js_IsArrayBuffer@@YAHPAUJSObject@@@Z, _js_IsTypedArray@@YAHPAUJSObject@@@Z, _js_LookupProperty@@YAHPAUJSContext@@PAUJSObject@@HPAPAU2@PAPAUJSProperty@@@Z, _js_NamespaceClass@@3UClass@js@@A, _js_NewDateObject@@YAPAUJSObject@@PAUJSContext@@HHHHHH@Z, _js_NewDateObjectMsec@@YAPAUJSObject@@PAUJSContext@@N@Z, _js_NextActiveContext@@YAPAUJSContext@@PAUJSRuntime@@PAU1@@Z, _js_ObjectIsRegExp@@YAHPAUJSObject@@@Z, _js_QNameClass@@3UClass@js@@A, _js_ReportAllocationOverflow@@YAXPAUJSContext@@@Z, _js_ReportErrorAgain@@YAXPAUJSContext@@PBDPAUJSErrorReport@@@Z, _js_ReportOverRecursed@@YAXPAUJSContext@@@Z, _js_ScriptClass@@3UClass@js@@A, _js_SetTraceableNativeFailed@@YAXPAUJSContext@@@Z, _js_ValueToIterator@@YAHPAUJSContext@@IPAVValue@js@@@Z, _js_ValueToSource@@YAPAVJSString@@PAUJSContext@@ABVValue@js@@@Z, _js_XMLClass@@3UClass@js@@A, _js_fgets@@YAHPADHPAU_iobuf@@@Z, _js_obj_defineGetter@@YAHPAUJSContext@@IPAVValue@js@@@Z, _js_obj_defineSetter@@YAHPAUJSContext@@IPAVValue@js@@@Z, _jsprops@ArrayBuffer@js@@2PAUJSPropertySpec@@A, _jsprops@TypedArray@js@@2PAUJSPropertySpec@@A, _keys@JSCrossCompartmentWrapper@@UAE_NPAUJSContext@@PAUJSObject@@AAVAutoIdVector@js@@@Z, _keys@JSProxyHandler@js@@UAE_NPAUJSContext@@PAUJSObject@@AAVAutoIdVector@2@@Z, _keys@JSWrapper@@UAE_NPAUJSContext@@PAUJSObject@@AAVAutoIdVector@js@@@Z, _leave@JSWrapper@@UAEXPAUJSContext@@PAUJSObject@@@Z, _markBreakpointsIteratively@JSCompartment@@QAE_NPAUJSTracer@@@Z, _markCrossCompartmentWrappers@JSCompartment@@QAEXPAUJSTracer@@@Z, _nbytes@JSAutoStructuredCloneBuffer@@QBEIXZ, _obj_defineProperty@ArrayBuffer@js@@SAHPAUJSContext@@PAUJSObject@@HPBVValue@2@P6AH01HPAV52@@ZP6AH01HH3@ZI@Z, _obj_deleteProperty@ArrayBuffer@js@@SAHPAUJSContext@@PAUJSObject@@HPAVValue@2@H@Z, _obj_enumerate@ArrayBuffer@js@@SAHPAUJSContext@@PAUJSObject@@W4JSIterateOp@@PAVValue@2@PAH@Z, _obj_getAttributes@ArrayBuffer@js@@SAHPAUJSContext@@PAUJSObject@@HPAI@Z, _obj_getAttributes@TypedArray@js@@SAHPAUJSContext@@PAUJSObject@@HPAI@Z, _obj_getProperty@ArrayBuffer@js@@SAHPAUJSContext@@PAUJSObject@@1HPAVValue@2@@Z, _obj_lookupProperty@ArrayBuffer@js@@SAHPAUJSContext@@PAUJSObject@@HPAPAU4@PAPAUJSProperty@@@Z, _obj_lookupProperty@TypedArray@js@@SAHPAUJSContext@@PAUJSObject@@HPAPAU4@PAPAUJSProperty@@@Z, _obj_setAttributes@ArrayBuffer@js@@SAHPAUJSContext@@PAUJSObject@@HPAI@Z, _obj_setAttributes@TypedArray@js@@SAHPAUJSContext@@PAUJSObject@@HPAI@Z, _obj_setProperty@ArrayBuffer@js@@SAHPAUJSContext@@PAUJSObject@@HPAVValue@2@H@Z, _obj_toString@JSCrossCompartmentWrapper@@UAEPAVJSString@@PAUJSContext@@PAUJSObject@@@Z, _obj_toString@JSProxyHandler@js@@UAEPAVJSString@@PAUJSContext@@PAUJSObject@@@Z, _obj_toString@JSWrapper@@UAEPAVJSString@@PAUJSContext@@PAUJSObject@@@Z, _obj_trace@ArrayBuffer@js@@SAXPAUJSTracer@@PAUJSObject@@@Z, _obj_typeOf@ArrayBuffer@js@@SA_AW4JSType@@PAUJSContext@@PAUJSObject@@@Z, _onOutOfMemory@JSRuntime@@QAEPAXPAXIPAUJSContext@@@Z, _onOutOfMemory@TempAllocPolicy@js@@AAEPAXPAXI@Z, _onTooMuchMalloc@JSRuntime@@QAEXXZ, _prop_getBuffer@TypedArray@js@@SAHPAUJSContext@@PAUJSObject@@HPAVValue@2@@Z, _prop_getByteLength@ArrayBuffer@js@@SAHPAUJSContext@@PAUJSObject@@HPAVValue@2@@Z, _prop_getByteLength@TypedArray@js@@SAHPAUJSContext@@PAUJSObject@@HPAVValue@2@@Z, _prop_getByteOffset@TypedArray@js@@SAHPAUJSContext@@PAUJSObject@@HPAVValue@2@@Z, _prop_getLength@TypedArray@js@@SAHPAUJSContext@@PAUJSObject@@HPAVValue@2@@Z, _purge@JSCompartment@@QAEXPAUJSContext@@@Z, _read@JSAutoStructuredCloneBuffer@@QBE_NPAUJSContext@@PA_KPBUJSStructuredCloneCallbacks@@PAX@Z, _reduceGCTriggerBytes@JSCompartment@@QAEXI@Z, _removeDebuggee@JSCompartment@@QAEXPAUJSContext@@PAVGlobalObject@js@@PAVEnum@_$HashTable@QAVGlobalObject@js@@USetOps@_$HashSet@PAVGlobalObject@js@@U_$ DefaultHasher@PAVGlobalObject@js@@@2@VSystemAllocPolicy@2@@2@VSystemAllocPolicy@2@@detail@4@@Z, _replenishAndFreeLater@GCHelperThread@js@@AAEXPAX@Z, _reportAllocOverflow@TempAllocPolicy@js@@QBEXXZ, _reset@PerfMeasurement@JS@@QAEXXZ, _set@JSCrossCompartmentWrapper@@UAE_NPAUJSContext@@PAUJSObject@@1H_NPAVValue@js@@@Z, _set@JSProxyHandler@js@@UAE_NPAUJSContext@@PAUJSObject@@1H_NPAVValue@2@@Z, _set@JSWrapper@@UAE_NPAUJSContext@@PAUJSObject@@1H_NPAVValue@js@@@Z, _setDebugModeFromC@JSCompartment@@QAE_NPAUJSContext@@_N@Z, _setGCLastBytes@JSCompartment@@QAEXIW4JSGCInvocationKind@@@Z, _sharedNonNative@Shape@js@@2U12@A, _singleton@JSCrossCompartmentWrapper@@2V1@A, _singleton@JSWrapper@@2V1@A, _slotWidth@TypedArray@js@@SAHPAUJSObject@@@Z, _slowClass@ArrayBuffer@js@@2UClass@2@A, _slowClasses@TypedArray@js@@2PAUClass@2@A, _start@PerfMeasurement@JS@@QAEXXZ, _steal@JSAutoStructuredCloneBuffer@@QAEXPAPA_KPAI1@Z, _stop@PerfMeasurement@JS@@QAEXXZ, _swap@JSAutoEnterCompartment@@QAEXAAV1@@Z, _swap@JSAutoStructuredCloneBuffer@@QAEXAAV1@@Z, _sweep@JSCompartment@@QAEXPAUJSContext@@I@Z, _sweepBreakpoints@JSCompartment@@AAEXPAUJSContext@@@Z, _thisForCtor@JSCompartment@@AAEPAU1@XZ, _totalSize@JSScript@@QAEIXZ, _trace@JSCrossCompartmentWrapper@@UAEXPAUJSTracer@@PAUJSObject@@@Z, _trace@JSProxyHandler@js@@UAEXPAUJSTracer@@PAUJSObject@@@Z, _trace@JSWrapper@@UAEXPAUJSTracer@@PAUJSObject@@@Z, _traceMonitor@JSCompartment@@QBEPAUTraceMonitor@js@@XZ, _typeOf@JSProxyHandler@js@@UAE_AW4JSType@@PAUJSContext@@PAUJSObject@@@Z, _typeOf@JSWrapper@@UAE_AW4JSType@@PAUJSContext@@PAUJSObject@@@Z, _unwrap@JSObject@@QAEPAU1@PAI@Z, _updateForDebugMode@JSCompartment@@AAEXPAUJSContext@@@Z, _wrap@JSCompartment@@QAE_NPAUJSContext@@AAVAutoIdVector@js@@@Z, _wrap@JSCompartment@@QAE_NPAUJSContext@@PAP6AH0PAUJSObject@@HHPAVValue@js@@@Z@Z, _wrap@JSCompartment@@QAE_NPAUJSContext@@PAP6AH0PAUJSObject@@HPAVValue@js@@@Z@Z, _wrap@JSCompartment@@QAE_NPAUJSContext@@PAPAUJSObject@@@Z, _wrap@JSCompartment@@QAE_NPAUJSContext@@PAPAVJSString@@@Z, _wrap@JSCompartment@@QAE_NPAUJSContext@@PAUPropertyDescriptor@js@@@Z, _wrap@JSCompartment@@QAE_NPAUJSContext@@PAVValue@js@@@Z, _wrapId@JSCompartment@@QAE_NPAUJSContext@@PAH@Z, _wrappedObject@JSWrapper@@SAPAUJSObject@@PBU2@@Z, _wrapperHandler@JSWrapper@@SAPAV1@PBUJSObject@@@Z, _write@JSAutoStructuredCloneBuffer@@QAE_NPAUJSContext@@_KPBUJSStructuredCloneCallbacks@@PAX@Z, @JS_DHashTableOperate@12, JS_AddArgumentFormatter, JS_AddExternalStringFinalizer, JS_AddGCThingRoot, JS_AddNamedGCThingRoot, JS_AddNamedObjectRoot, JS_AddNamedStringRoot, JS_AddNamedValueRoot, JS_AddObjectRoot, JS_AddStringRoot, JS_AddValueRoot, JS_AlreadyHasOwnElement, JS_AlreadyHasOwnProperty, JS_AlreadyHasOwnPropertyById, JS_AlreadyHasOwnUCProperty, JS_AnchorPtr, JS_ArenaAllocate, JS_ArenaFinish, JS_ArenaGrow, JS_ArenaRealloc, JS_ArenaRelease, JS_ArenaShutDown, JS_Assert, JS_AtomKey, JS_BeginRequest, JS_BufferIsCompilableUnit, JS_CStringsAreUTF8, JS_CallFunction, JS_CallFunctionName, JS_CallFunctionValue, JS_CallTracer, JS_CeilingLog2, JS_CheckAccess, JS_ClearAllTrapsForCompartment, JS_ClearAllWatchPoints, JS_ClearContextDebugHooks, JS_ClearContextThread, JS_ClearInterrupt, JS_ClearPendingException, JS_ClearRegExpStatics, JS_ClearScope, JS_ClearScriptTraps, JS_ClearTrap, JS_ClearWatchPoint, JS_ClearWatchPointsForObject, JS_CloneFunctionObject, JS_CompareStrings, JS_CompareValues, JS_CompartmentGC, JS_CompileFile, JS_CompileFileHandle, JS_CompileFileHandleForPrincipals, JS_CompileFileHandleForPrincipalsVersion, JS_CompileFunction, JS_CompileFunctionForPrincipals, JS_CompileScript, JS_CompileScriptForPrincipals, JS_CompileScriptForPrincipalsVersion, JS_CompileUCFunction, JS_CompileUCFunctionForPrincipals, JS_CompileUCFunctionForPrincipalsVersion, JS_CompileUCScript, JS_CompileUCScriptForPrincipals, JS_CompileUCScriptForPrincipalsVersion, JS_ComputeThis, JS_ConcatStrings, JS_ConstructObject, JS_ConstructObjectWithArguments, JS_ContextIterator, JS_ConvertArguments, JS_ConvertArgumentsVA, JS_ConvertStub, JS_ConvertValue, JS_DHashAllocTable, JS_DHashClearEntryStub, JS_DHashFinalizeStub, JS_DHashFreeStringKey, JS_DHashFreeTable, JS_DHashGetStubOps, JS_DHashMatchEntryStub, JS_DHashMatchStringKey, JS_DHashMoveEntryStub, JS_DHashStringKey, JS_DHashTableDestroy, JS_DHashTableEnumerate, JS_DHashTableFinish, JS_DHashTableInit, JS_DHashTableRawRemove, JS_DHashTableSetAlphaBounds, JS_DHashVoidPtrKeyStub, JS_DecodeBytes, JS_DecodeUTF8, JS_DecompileFunction, JS_DecompileFunctionBody, JS_DecompileScript, JS_DecompileScriptObject, JS_DeepFreezeObject, JS_DefaultValue, JS_DefineConstDoubles, JS_DefineDebuggerObject, JS_DefineElement, JS_DefineFunction, JS_DefineFunctionById, JS_DefineFunctions, JS_DefineObject, JS_DefineOwnProperty, JS_DefineProfilingFunctions, JS_DefineProperties, JS_DefineProperty, JS_DefinePropertyById, JS_DefinePropertyWithTinyId, JS_DefineUCFunction, JS_DefineUCProperty, JS_DefineUCPropertyWithTinyId, JS_DeleteElement, JS_DeleteElement2, JS_DeleteProperty, JS_DeleteProperty2, JS_DeletePropertyById, JS_DeletePropertyById2, JS_DeleteUCProperty2, JS_DestroyContext, JS_DestroyContextMaybeGC, JS_DestroyContextNoGC, JS_DestroyIdArray, JS_DoubleIsInt32, JS_DoubleToInt32, JS_DoubleToUint32, JS_DropExceptionState, JS_DropPrincipals, JS_DumpBytecode, JS_DumpCompartmentBytecode, JS_DumpProfile, JS_EncodeCharacters, JS_EncodeString, JS_EncodeStringToBuffer, JS_EndPC, JS_EndRequest, JS_EnterCrossCompartmentCall, JS_EnterCrossCompartmentCallScript, JS_EnterCrossCompartmentCallStackFrame, JS_Enumerate, JS_EnumerateDiagnosticMemoryRegions, JS_EnumerateResolvedStandardClasses, JS_EnumerateStandardClasses, JS_EnumerateStub, JS_ErrorFromException, JS_EvaluateInStackFrame, JS_EvaluateScript, JS_EvaluateScriptForPrincipals, JS_EvaluateScriptForPrincipalsVersion, JS_EvaluateUCInStackFrame, JS_EvaluateUCScript, JS_EvaluateUCScriptForPrincipals, JS_EvaluateUCScriptForPrincipalsVersion, JS_ExecuteRegExp, JS_ExecuteRegExpNoStatics, JS_ExecuteScript, JS_ExecuteScriptVersion, JS_FileEscapedString, JS_FinalizeStub, JS_FindCompilationScope, JS_Finish, JS_FinishArenaPool, JS_FlatStringEqualsAscii, JS_FlattenString, JS_FloorLog2, JS_FlushCaches, JS_FrameIterator, JS_FreeArenaPool, JS_FreezeObject, JS_FunctionHasLocalNames, JS_GC, JS_GCInfoFront, JS_GCInfoPopFront, JS_GetAnonymousString, JS_GetArrayLength, JS_GetClass, JS_GetClassObject, JS_GetCompartmentPrivate, JS_GetConstructor, JS_GetContextPrivate, JS_GetContextThread, JS_GetCustomIteratorCount, JS_GetDebugMode, JS_GetE4XObjectsCreated, JS_GetElement, JS_GetEmptyString, JS_GetEmptyStringValue, JS_GetExternalStringClosure, JS_GetFlatStringChars, JS_GetFrameAnnotation, JS_GetFrameCallObject, JS_GetFrameCalleeObject, JS_GetFrameFunction, JS_GetFrameFunctionObject, JS_GetFrameObject, JS_GetFramePC, JS_GetFramePrincipalArray, JS_GetFrameReturnValue, JS_GetFrameScopeChain, JS_GetFrameScopeChainRaw, JS_GetFrameScript, JS_GetFrameThis, JS_GetFunctionArgumentCount, JS_GetFunctionArity, JS_GetFunctionFlags, JS_GetFunctionId, JS_GetFunctionLocalNameArray, JS_GetFunctionNative, JS_GetFunctionObject, JS_GetFunctionScript, JS_GetFunctionTotalSize, JS_GetGCInfoEnabled, JS_GetGCParameter, JS_GetGCParameterForThread, JS_GetGlobalDebugHooks, JS_GetGlobalForObject, JS_GetGlobalForScopeChain, JS_GetGlobalObject, JS_GetImplementationVersion, JS_GetInstancePrivate, JS_GetInternedStringChars, JS_GetInternedStringCharsAndLength, JS_GetLinePCs, JS_GetLocaleCallbacks, JS_GetMethod, JS_GetMethodById, JS_GetNaNValue, JS_GetNegativeInfinityValue, JS_GetObjectId, JS_GetObjectTotalSize, JS_GetOperationCallback, JS_GetOptions, JS_GetOwnPropertyDescriptor, JS_GetParent, JS_GetPendingException, JS_GetPositiveInfinityValue, JS_GetPrivate, JS_GetProperty, JS_GetPropertyAttributes, JS_GetPropertyAttrsGetterAndSetter, JS_GetPropertyAttrsGetterAndSetterById, JS_GetPropertyById, JS_GetPropertyByIdDefault, JS_GetPropertyDefault, JS_GetPropertyDesc, JS_GetPropertyDescArray, JS_GetPropertyDescriptorById, JS_GetPrototype, JS_GetRegExpFlags, JS_GetRegExpSource, JS_GetReservedSlot, JS_GetRuntime, JS_GetRuntimePrivate, JS_GetRuntimeSecurityCallbacks, JS_GetScopeChain, JS_GetScriptBaseLineNumber, JS_GetScriptFilename, JS_GetScriptFromObject, JS_GetScriptLineExtent, JS_GetScriptPrincipals, JS_GetScriptSourceMap, JS_GetScriptTotalSize, JS_GetScriptVersion, JS_GetScriptedCaller, JS_GetSecurityCallbacks, JS_GetStringCharsAndLength, JS_GetStringCharsZ, JS_GetStringCharsZAndLength, JS_GetStringEncodingLength, JS_GetStringLength, JS_GetTrapOpcode, JS_GetTypeName, JS_GetUCProperty, JS_GetUCPropertyAttributes, JS_GetUCPropertyAttrsGetterAndSetter, JS_GetValidFrameCalleeObject, JS_GetVersion, JS_HasElement, JS_HasInstance, JS_HasProperty, JS_HasPropertyById, JS_HasUCProperty, JS_HashString, JS_HashTableAdd, JS_HashTableDestroy, JS_HashTableDump, JS_HashTableEnumerateEntries, JS_HashTableLookup, JS_HashTableRawAdd, JS_HashTableRawLookup, JS_HashTableRawRemove, JS_HashTableRemove, JS_HoldPrincipals, JS_IdToValue, JS_Init, JS_InitArenaPool, JS_InitCTypesClass, JS_InitClass, JS_InitReflect, JS_InitStandardClasses, JS_InstanceOf, JS_InternJSString, JS_InternString, JS_InternUCString, JS_InternUCStringN, JS_IsAboutToBeFinalized, JS_IsArrayObject, JS_IsBuiltinEvalFunction, JS_IsBuiltinFunctionConstructor, JS_IsConstructorFrame, JS_IsDebuggerFrame, JS_IsExceptionPending, JS_IsExtensible, JS_IsExternalString, JS_IsGCMarkingTracer, JS_IsGlobalFrame, JS_IsInRequest, JS_IsNative, JS_IsRunning, JS_IsScriptFrame, JS_IsSystemObject, JS_LeaveCrossCompartmentCall, JS_LineNumberToPC, JS_LocalNameToAtom, JS_Lock, JS_LockGCThing, JS_LockGCThingRT, JS_LookupElement, JS_LookupProperty, JS_LookupPropertyById, JS_LookupPropertyWithFlags, JS_LookupPropertyWithFlagsById, JS_LookupUCProperty, JS_LooselyEqual, JS_MakeStringImmutable, JS_MakeSystemObject, JS_MapGCRoots, JS_MaybeGC, JS_New, JS_NewArrayObject, JS_NewCompartmentAndGlobalObject, JS_NewContext, JS_NewDHashTable, JS_NewDateObject, JS_NewDateObjectMsec, JS_NewDependentString, JS_NewExternalString, JS_NewExternalStringWithClosure, JS_NewFunction, JS_NewFunctionById, JS_NewGlobalObject, JS_NewGrowableString, JS_NewHashTable, JS_NewNumberValue, JS_NewObject, JS_NewObjectForConstructor, JS_NewObjectWithGivenProto, JS_NewPropertyIterator, JS_NewRegExpObject, JS_NewRegExpObjectNoStatics, JS_NewStringCopyN, JS_NewStringCopyZ, JS_NewUCRegExpObject, JS_NewUCRegExpObjectNoStatics, JS_NewUCString, JS_NewUCStringCopyN, JS_NewUCStringCopyZ, JS_NextProperty, JS_Now, JS_ObjectIsCallable, JS_ObjectIsDate, JS_ObjectIsFunction, JS_ObjectIsRegExp, JS_PCToLineNumber, JS_ParseJSON, JS_ParseJSONWithReviver, JS_PauseProfilers, JS_PropertyIterator, JS_PropertyStub, JS_PutEscapedFlatString, JS_PutEscapedString, JS_PutPropertyDescArray, JS_ReadBytes, JS_ReadStructuredClone, JS_ReadUint32Pair, JS_ReleaseFunctionLocalNameArray, JS_RemoveArgumentFormatter, JS_RemoveExternalStringFinalizer, JS_RemoveGCThingRoot, JS_RemoveObjectRoot, JS_RemoveStringRoot, JS_RemoveValueRoot, JS_ReportAllocationOverflow, JS_ReportError, JS_ReportErrorFlagsAndNumber, JS_ReportErrorFlagsAndNumberUC, JS_ReportErrorNumber, JS_ReportErrorNumberUC, JS_ReportOutOfMemory, JS_ReportPendingException, JS_ReportWarning, JS_ResolveStandardClass, JS_ResolveStub, JS_RestoreExceptionState, JS_RestoreFrameChain, JS_ResumeProfilers, JS_ResumeRequest, JS_SameValue, JS_SaveExceptionState, JS_SaveFrameChain, JS_SetArrayLength, JS_SetCStringsAreUTF8, JS_SetCTypesCallbacks, JS_SetCallHook, JS_SetCompartmentCallback, JS_SetCompartmentPrivate, JS_SetContextCallback, JS_SetContextDebugHooks, JS_SetContextPrivate, JS_SetContextSecurityCallbacks, JS_SetContextThread, JS_SetDebugErrorHook, JS_SetDebugMode, JS_SetDebugModeForCompartment, JS_SetDebuggerHandler, JS_SetDestroyScriptHookProc, JS_SetElement, JS_SetErrorReporter, JS_SetExecuteHook, JS_SetExtraGCRoots, JS_SetFrameAnnotation, JS_SetFrameReturnValue, JS_SetGCCallback, JS_SetGCCallbackRT, JS_SetGCInfoEnabled, JS_SetGCParameter, JS_SetGCParameterForThread, JS_SetGlobalObject, JS_SetInterrupt, JS_SetLocaleCallbacks, JS_SetNativeStackQuota, JS_SetNewScriptHookProc, JS_SetOperationCallback, JS_SetOptions, JS_SetParent, JS_SetPendingException, JS_SetPrivate, JS_SetProperty, JS_SetPropertyAttributes, JS_SetPropertyById, JS_SetProtoCalled, JS_SetPrototype, JS_SetRegExpInput, JS_SetReservedSlot, JS_SetRuntimeDebugMode, JS_SetRuntimePrivate, JS_SetRuntimeSecurityCallbacks, JS_SetSingleStepMode, JS_SetSourceHandler, JS_SetStructuredCloneCallbacks, JS_SetThreadStackLimit, JS_SetThrowHook, JS_SetTrap, JS_SetTrustedPrincipals, JS_SetUCProperty, JS_SetUCPropertyAttributes, JS_SetVersion, JS_SetWatchPoint, JS_SetWrapObjectCallbacks, JS_ShutDown, JS_StartProfiling, JS_StopProfiling, JS_StrictPropertyStub, JS_StrictlyEqual, JS_StringEqualsAscii, JS_StringHasBeenInterned, JS_StringToVersion, JS_Stringify, JS_StructuredClone, JS_SuspendRequest, JS_ThrowReportedError, JS_ThrowStopIteration, JS_ToggleOptions, JS_TraceChildren, JS_TraceRuntime, JS_TransplantObject, JS_TriggerAllOperationCallbacks, JS_TriggerOperationCallback, JS_TypeOfValue, JS_UndependString, JS_Unlock, JS_UnlockGCThing, JS_UnlockGCThingRT, JS_UnsafeGetLastProfilingError, JS_UnwrapObject, JS_ValueToBoolean, JS_ValueToConstructor, JS_ValueToECMAInt32, JS_ValueToECMAUint32, JS_ValueToFunction, JS_ValueToId, JS_ValueToInt32, JS_ValueToNumber, JS_ValueToObject, JS_ValueToSource, JS_ValueToString, JS_ValueToUint16, JS_VersionToString, JS_WrapObject, JS_WrapValue, JS_WriteBytes, JS_WriteStructuredClone, JS_WriteUint32Pair, JS_XDRBytes, JS_XDRCString, JS_XDRCStringOrNull, JS_XDRDestroy, JS_XDRDouble, JS_XDRFindClassById, JS_XDRFindClassIdByName, JS_XDRInitBase, JS_XDRMemDataLeft, JS_XDRMemGetData, JS_XDRMemResetData, JS_XDRMemSetData, JS_XDRNewMem, JS_XDRRegisterClass, JS_XDRScriptObject, JS_XDRString, JS_XDRStringOrNull, JS_XDRUint16, JS_XDRUint32, JS_XDRUint8, JS_XDRValue, JS_YieldRequest, JS_free, JS_malloc, JS_realloc, JS_smprintf, JS_smprintf_free, JS_snprintf, JS_sprintf_append, JS_strdup, JS_sxprintf, JS_updateMallocCounter, JS_vsmprintf, JS_vsnprintf, JS_vsprintf_append, JS_vsxprintf, js_AddGCThingRootRT, js_AddRootRT, js_GetSrcNoteOffset, js_InitProxyClass, js_ObjectToOuterObject, js_RemoveRoot, js_RevertVersion, js_SetSingleStepMode, js_SrcNoteLength, js_SrcNoteSpec, js_TransplantObjectWithWrapper ExifTool: file metadata CodeSize: 1437696 EntryPoint: 0x15e4d0 FileSize: 1943 kB FileType: Win32 DLL ImageVersion: 0.0 InitializedDataSize: 544768 LinkerVersion: 8.0 MIMEType: application/octet-stream MachineType: Intel 386 or later, and compatibles OSVersion: 4.0 PEType: PE32 Subsystem: Windows GUI SubsystemVersion: 4.0 TimeStamp: 2011:11:05 02:55:40+01:00 UninitializedDataSize: 0 |
|
03.12.2011, 17:52
| #22 |
| | Sophos Scan hat Trojaner und Maleware gefunden C:\Windows\System32\bcmwlrc.dll Antivirus Version Last Update Result AhnLab-V3 2011.12.03.00 2011.12.03 - AntiVir 7.11.18.204 2011.12.02 - Antiy-AVL 2.0.3.7 2011.12.03 - Avast 6.0.1289.0 2011.12.03 - AVG 10.0.0.1190 2011.12.03 - BitDefender 7.2 2011.12.03 - ByteHero 1.0.0.1 2011.11.29 - ClamAV 0.97.3.0 2011.12.03 - Commtouch 5.3.2.6 2011.12.03 - Comodo 10827 2011.12.03 - DrWeb 5.0.2.03300 2011.12.03 - Emsisoft 5.1.0.11 2011.12.03 - eSafe 7.0.17.0 2011.12.01 - eTrust-Vet 37.0.9600 2011.12.02 - F-Secure 9.0.16440.0 2011.12.03 - Fortinet 4.3.388.0 2011.12.03 - GData 22.295/22.549 2011.12.03 - Jiangmin 13.0.900 2011.12.03 - K7AntiVirus 9.119.5589 2011.12.03 - Kaspersky 9.0.0.837 2011.12.03 - McAfee 5.400.0.1158 2011.12.03 - McAfee-GW-Edition 2010.1D 2011.12.03 - Microsoft 1.7903 2011.12.03 - NOD32 6668 2011.12.01 - Norman 6.07.13 2011.12.03 - nProtect 2011-12-03.01 2011.12.03 - Panda 10.0.3.5 2011.12.03 - PCTools 8.0.0.5 2011.12.03 - Rising 23.86.04.02 2011.12.02 - Sophos 4.71.0 2011.12.03 - SUPERAntiSpyware 4.40.0.1006 2011.12.03 - Symantec 20111.2.0.82 2011.12.03 - TrendMicro-HouseCall 9.500.0.1008 2011.12.03 - VBA32 3.12.16.4 2011.12.03 - VIPRE 11197 2011.12.03 - ViRobot 2011.12.3.4807 2011.12.03 - VirusBuster 14.1.97.0 2011.12.02 - Additional information MD5 : 87388cc03fb0da28aaffbd71711b0ed6 SHA1 : 983004f6fc925aa6d52f9f0aaec4f83aeff7701b SHA256: 76b420c55f2ae98daf03aaa3d591aa675ed97c683b18fc5cf776412daf9b140b ssdeep: 96:TaQJ3b7I/S7PitSdU2t2KXCzq555rqxtK3X2+RqGCVthcE+:rb7I67PiIzxyOrdOtK3X2EqG gf+ File size : 6656 bytes First seen: 2009-10-23 11:27:20 Last seen : 2011-12-03 16:39:16 sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x1319 timedatestamp....: 0x489344E4 (Fri Aug 01 17:16:20 2008) machinetype......: 0x14c (I386) [[ 5 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .text, 0x1000, 0x77C, 0x800, 5.87, 144d08d53c60379ca08b9acabdfdc905 .rdata, 0x2000, 0x506, 0x600, 4.25, c656a6f54f9e7e5279b89e4a98192a0b .data, 0x3000, 0x35C, 0x200, 0.28, 38a465ab13e516ac4d90e19854e125b5 .rsrc, 0x4000, 0x2BC, 0x400, 4.89, 193991aba564030644c235cba396d65b .reloc, 0x5000, 0x14C, 0x200, 3.80, f4a0829035d70828984b3b19a78b2a54 [[ 2 import(s) ]] MSVCR80.dll: _lock, __dllonexit, _except_handler4_common, _unlock, __clean_type_info_names_internal, _crt_debugger_hook, __CppXcptFilter, _adjust_fdiv, _amsg_exit, _initterm_e, _initterm, _decode_pointer, free, _encoded_null, _malloc_crt, _onexit, _encode_pointer KERNEL32.dll: GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, InterlockedCompareExchange, Sleep, InterlockedExchange, GetSystemTimeAsFileTime |
|
03.12.2011, 18:00
| #23 |
| | OTL All processes killed ========== OTL ========== Error: No service named RichVideo) Cyberlink RichVideo Service(CRVS was found to stop! Service\Driver key RichVideo) Cyberlink RichVideo Service(CRVS not found. File File not found not found. File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Vincenzo\AppData\Roaming\5051 not found. C:\USERS\VINCENZO\APPDATA\ROAMING\5051\components folder moved successfully. C:\USERS\VINCENZO\APPDATA\ROAMING\5051 folder moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Folder C:\Users\Vincenzo\AppData\Roaming\5051\ not found. C:\Users\Vincenzo\AppData\Local\PDF24\Favorites folder moved successfully. C:\Users\Vincenzo\AppData\Local\PDF24\Archive folder moved successfully. C:\Users\Vincenzo\AppData\Local\PDF24 folder moved successfully. C:\Users\Vincenzo\AppData\Roaming\5050\components folder moved successfully. C:\Users\Vincenzo\AppData\Roaming\5050 folder moved successfully. C:\Users\Vincenzo\AppData\Roaming\5049\components folder moved successfully. C:\Users\Vincenzo\AppData\Roaming\5049 folder moved successfully. C:\Users\Vincenzo\AppData\Roaming\xmldm folder moved successfully. C:\Users\Vincenzo\AppData\Roaming\kock folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Vincenzo ->Temp folder emptied: 2008 bytes ->Temporary Internet Files folder emptied: 15288305 bytes ->Java cache emptied: 12285286 bytes ->FireFox cache emptied: 204189559 bytes ->Flash cache emptied: 3578 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 155648 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3987228 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 225,00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public User: Vincenzo ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.31.0 log created on 12032011_175531 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
03.12.2011, 23:11
| #24 |
| | Sophos Scan hat Trojaner und Maleware gefunden Hi, bitte noch mal zur Sicherheit ein neues OLT-Log... chirs
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
03.12.2011, 23:32
| #25 |
| | Otl log OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.12.2011 23:25:19 - Run 4 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Vincenzo\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 52,62% Memory free 5,99 Gb Paging File | 4,42 Gb Available in Paging File | 73,74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,66 Gb Total Space | 338,36 Gb Free Space | 72,66% Space Free | Partition Type: NTFS Computer Name: VINCENZO-PC | User Name: Vincenzo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Vincenzo\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Vincenzo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Plc) PRC - C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc) PRC - C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Plc) PRC - C:\Programme\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc) PRC - C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc) PRC - C:\Programme\Windows Live\Mail\wlmail.exe (Microsoft Corporation) PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe (IDT, Inc.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - c:\Programme\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe (Andrea Electronics Corporation) PRC - c:\ElsaWin\bin\LcSvrAdm.exe (Volkswagen AG) PRC - c:\ElsaWin\bin\LcSvrHis.exe (Volkswagen AG) PRC - c:\ElsaWin\bin\LcSvrSaz.exe (Volkswagen AG) PRC - c:\ElsaWin\bin\LcSvrAuf.exe (Volkswagen AG) PRC - c:\ElsaWin\bin\LcSvrPas.exe (Volkswagen AG) PRC - c:\ElsaWin\bin\LcSvrDba.exe (Volkswagen AG) ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll () MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\plug_ins\PPKLITE.DEU () MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\plug_ins\EScript.DEU () MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\plug_ins\updater.DEU () MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\plug_ins\pddom.DEU () MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\plug_ins\Annots.DEU () MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\plug_ins\DigSig.DEU () MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\plug_ins\Acroform.DEU () MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapEngine.dll () MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLSchMgr.dll () MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll () MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLTinyDB.dll () ========== Win32 Services (SafeList) ========== SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- File not found SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (swi_service) -- C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Plc) SRV - (SAVAdminService) -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (Sophos AutoUpdate Service) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc) SRV - (SAVService) -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc) SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe (IDT, Inc.) SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (OpenVPNService) -- C:\Programme\OpenVPN\bin\openvpnserv.exe () SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe (Andrea Electronics Corporation) SRV - (LcSvrAdm) -- c:\ElsaWin\bin\LcSvrAdm.exe (Volkswagen AG) SRV - (LcSvrHis) -- c:\ElsaWin\bin\LcSvrHis.exe (Volkswagen AG) SRV - (LcSvrSaz) -- c:\ElsaWin\bin\LcSvrSaz.exe (Volkswagen AG) SRV - (LcSvrAuf) -- c:\ElsaWin\bin\LcSvrAuf.exe (Volkswagen AG) SRV - (LcSvrPAS) -- c:\ElsaWin\bin\LcSvrPas.exe (Volkswagen AG) SRV - (LcSvrDba) -- c:\ElsaWin\bin\LcSvrDba.exe (Volkswagen AG) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (SAVOnAccess) -- C:\Windows\System32\drivers\savonaccess.sys (Sophos Plc) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (SophosBootDriver) -- C:\Windows\System32\drivers\SophosBootDriver.sys (Sophos Plc) DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation) DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (hpdskflt) -- C:\Windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard) DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard) DRV - (iscFlash) -- C:\swsetup\sp45138\iscflash.sys (Insyde Software) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation) DRV - (LUMDriver) -- C:\Windows\System32\drivers\LUMDriver.sys (IBM) DRV - (PVUSB) -- C:\Windows\System32\drivers\CESG502.sys (Hitachi Semiconductor and Devices Sales Co.,Ltd.) DRV - (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) -- C:\Windows\System32\drivers\ssm_bus.sys (MCCI) DRV - (ssm_mdm) -- C:\Windows\System32\drivers\ssm_mdm.sys (MCCI) DRV - (ssm_mdfl) -- C:\Windows\System32\drivers\ssm_mdfl.sys (MCCI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB 77 EB E3 D1 AA CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..network.proxy.no_proxies_on: "local" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.16 20:22:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.16 20:22:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.09 16:11:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.30 14:16:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.30 14:16:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.09 16:11:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Vincenzo\AppData\Roaming\5051 [2011.09.16 16:31:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vincenzo\AppData\Roaming\mozilla\Extensions [2009.12.21 21:10:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vincenzo\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.09.28 19:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vincenzo\AppData\Roaming\mozilla\Firefox\Profiles\0sn3yrha.default\extensions [2011.11.12 18:17:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions () (No name found) -- C:\USERS\VINCENZO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0SN3YRHA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.11.11 20:04:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2009.12.21 06:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011.10.06 20:01:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.06 20:01:34 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.06 20:01:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.06 20:01:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.06 20:01:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.06 20:01:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Plc) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - Startup: C:\Users\Vincenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Vincenzo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office XP\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O13 - gopher Prefix: missing O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6254A1D2-3EED-44D2-9F3C-21F2525BB591}: DhcpNameServer = 134.108.34.5 134.108.34.6 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A8C7BF2-C42F-4BD7-852F-7AC3AD549007}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\vw-wi {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - c:\ElsaWin\bin\wiprot.dll (TODO: <Company name>) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (acaptuser32.dll) -C:\Windows\System32\acaptuser32.dll (Adobe Systems Incorporated) O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) -C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{625edd1c-ff76-11df-9d92-001e68f7211d}\Shell - "" = AutoRun O33 - MountPoints2\{625edd1c-ff76-11df-9d92-001e68f7211d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.03 17:55:31 | 000,000,000 | ---D | C] -- C:\_OTL [2011.12.02 16:53:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Vincenzo\Desktop\OTL.exe [2011.12.01 20:54:51 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\Malwarebytes [2011.12.01 20:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.01 20:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.01 20:54:35 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.12.01 20:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.12.01 13:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.12.01 13:03:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.12.01 12:42:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} [2011.12.01 12:42:05 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Local\PackageAware [2011.11.24 12:33:42 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Vincenzo\Desktop\TDSSKiller.exe [2011.11.17 22:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011.11.17 18:41:25 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\Desktop\A_Klasse [2011.11.16 20:25:24 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Local\Axialis [2011.11.09 17:34:03 | 002,341,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2009.12.20 00:27:03 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe [2009.12.20 00:27:03 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe [2009.12.20 00:27:03 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe [2009.12.20 00:27:03 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe [2009.12.20 00:27:03 | 002,231,606 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Games.exe [1 C:\Users\Vincenzo\AppData\Roaming\*.tmp files -> C:\Users\Vincenzo\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.03 23:24:12 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.03 23:24:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.03 18:05:35 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.03 18:05:35 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.03 17:59:07 | 000,000,987 | ---- | M] () -- C:\ProgramData\hpqp.ini [2011.12.03 17:58:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.03 17:57:32 | 2413,719,552 | -HS- | M] () -- C:\hiberfil.sys [2011.12.02 17:03:08 | 001,547,774 | ---- | M] () -- C:\Users\Vincenzo\Desktop\tdsskiller.zip [2011.12.02 16:53:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Vincenzo\Desktop\OTL.exe [2011.12.01 22:53:00 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.12.01 19:34:02 | 000,000,480 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Vincenzo.job [2011.12.01 13:16:01 | 003,690,976 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.12.01 13:12:04 | 000,000,036 | ---- | M] () -- C:\Users\Vincenzo\AppData\Roaming\blckdom.res [2011.12.01 13:03:12 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.11.27 10:03:59 | 000,664,634 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.11.27 10:03:59 | 000,624,776 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.11.27 10:03:59 | 000,134,770 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.11.27 10:03:59 | 000,110,414 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.11.24 12:33:42 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Vincenzo\Desktop\TDSSKiller.exe [2011.11.21 12:27:13 | 000,579,494 | ---- | M] () -- C:\Users\Vincenzo\Desktop\Deutschland testet.pdf [2011.11.15 20:50:03 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.11.13 19:20:47 | 000,620,234 | ---- | M] () -- C:\Users\Vincenzo\SHARK.INI [2011.11.08 16:17:05 | 006,028,664 | ---- | M] () -- C:\Users\Vincenzo\Desktop\GT-I9100_UM_Open_Ger_D04_110501-1.pdf [1 C:\Users\Vincenzo\AppData\Roaming\*.tmp files -> C:\Users\Vincenzo\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.02 17:02:52 | 001,547,774 | ---- | C] () -- C:\Users\Vincenzo\Desktop\tdsskiller.zip [2011.12.01 22:53:00 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.12.01 13:03:12 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.11.28 15:15:08 | 000,000,036 | ---- | C] () -- C:\Users\Vincenzo\AppData\Roaming\blckdom.res [2011.11.21 12:27:13 | 000,579,494 | ---- | C] () -- C:\Users\Vincenzo\Desktop\Deutschland testet.pdf [2011.11.08 16:17:04 | 006,028,664 | ---- | C] () -- C:\Users\Vincenzo\Desktop\GT-I9100_UM_Open_Ger_D04_110501-1.pdf [2011.10.09 16:07:42 | 000,180,988 | ---- | C] () -- C:\Windows\hpoins13.dat.temp [2011.10.09 16:07:42 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl13.dat.temp [2011.05.18 17:58:10 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.04.17 20:34:45 | 000,007,602 | ---- | C] () -- C:\Users\Vincenzo\AppData\Local\Resmon.ResmonCfg [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.03.05 18:34:42 | 000,000,056 | ---- | C] () -- C:\Windows\Acroread.ini [2011.01.10 13:25:34 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.11.30 14:13:23 | 000,000,616 | ---- | C] () -- C:\Windows\System32\NTS5CSET.INI [2010.06.15 16:16:35 | 000,000,928 | ---- | C] () -- C:\Windows\ODBC.INI [2010.01.14 16:54:23 | 000,000,096 | ---- | C] () -- C:\Users\Vincenzo\AppData\Local\fusioncache.dat [2009.12.24 22:11:33 | 000,005,120 | ---- | C] () -- C:\Users\Vincenzo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.12.24 21:34:53 | 002,729,472 | ---- | C] () -- C:\Windows\System32\fun_avcodec.dll [2009.12.24 20:19:39 | 000,181,013 | ---- | C] () -- C:\Windows\hpoins13.dat [2009.12.24 20:19:39 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl13.dat [2009.12.20 00:26:20 | 000,000,987 | ---- | C] () -- C:\ProgramData\hpqp.ini [2009.12.19 23:50:49 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll [2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2009.07.14 09:47:43 | 000,664,634 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 09:47:43 | 000,134,770 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 05:33:53 | 003,690,976 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,624,776 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,110,414 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat < End of report > |
|
05.12.2011, 08:16
| #26 |
| | Sophos Scan hat Trojaner und Maleware gefunden Hi, gefällt mir noch nicht ganz... Lade SystemLook von einem der folgenden Links und speichere das Tool auf dem Desktop. http://jpshortstuff.247fixes.com/SystemLook.exe - http://images.malwareremoval.com/jps...SystemLook.exe
Code:
ATTFilter
:filefind
chrome.manifest
install.rdf
:regfind
184AA5E6-741D-464a-820E-94B3ABC2F3B4
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert. Kennst Du diesen JOB? [2011.12.01 19:34:02 | 000,000,480 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Vincenzo.job chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
05.12.2011, 21:16
| #27 |
| | systemLook Also Norton habe ich nicht auf dem Rechner. Allerdings weiß ich nicht ob das im Zusammenhang mit den Onlineüberprüfungen von Virtustotal was zu tun. Habe ich nämlich alle am 1.12.2011 ausgeführt. Vom Datum her passt es also. Aber sonst ist mir der JOB nicht bekannt SystemLook: SystemLook 30.07.11 by jpshortstuff Log created at 21:01 on 05/12/2011 by Vincenzo Administrator - Elevation successful ========== filefind ========== Searching for "chrome.manifest" C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video\chrome.manifest --a---- 115 bytes [01:12 19/01/2011] [01:12 19/01/2011] 536D57E10BCCD6FE44CF40D1A26FB2B6 C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa\chrome.manifest --a---- 206 bytes [01:12 19/01/2011] [01:12 19/01/2011] 3388A0F6303F822BFFBE9DCEAFEC02EA C:\Program Files\HP\Digital Imaging\smart web printing\MozillaAddOn3\chrome.manifest --a---- 2420 bytes [10:15 20/09/2009] [10:15 20/09/2009] 1FDF107786AB015024F1591D52770D1B C:\Program Files\Java\jre6\lib\deploy\jqs\ff\chrome.manifest --a---- 108 bytes [06:25 02/06/2010] [06:25 02/06/2010] 7B43D30D4AE41144DE0BDF0DEC1CA287 C:\Program Files\Mozilla Firefox\chrome.manifest --a---- 36 bytes [15:34 16/09/2011] [19:01 06/10/2011] 8F2E87A15606DE2AD90C1E6DEAED4624 C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\chrome.manifest --a---- 143 bytes [19:25 20/10/2010] [19:25 20/10/2010] 851BC7C237EE80412DF31DAEE1AE49C9 C:\Users\All Users\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\chrome.manifest --a---- 143 bytes [19:25 20/10/2010] [19:25 20/10/2010] 851BC7C237EE80412DF31DAEE1AE49C9 C:\_OTL\MovedFiles\12032011_175531\C_USERS\VINCENZO\APPDATA\ROAMING\5049\chrome.manifest --a---- 349 bytes [17:58 24/11/2011] [20:45 25/11/2011] A7A648776A04413734B033D697113A0B C:\_OTL\MovedFiles\12032011_175531\C_USERS\VINCENZO\APPDATA\ROAMING\5050\chrome.manifest --a---- 364 bytes [20:46 25/11/2011] [14:15 28/11/2011] F8803E5A57211A3B8A6147761A627C99 C:\_OTL\MovedFiles\12032011_175531\C_USERS\VINCENZO\APPDATA\ROAMING\5051\chrome.manifest --a---- 350 bytes [19:40 28/11/2011] [22:15 29/11/2011] 00F14CA494F591C303A624904B6DA3A3 Searching for "install.rdf" C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video\install.rdf --a---- 3767 bytes [00:13 08/02/2011] [00:13 08/02/2011] 73699AF7C9194431C8792D2A873C4F0D C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa\install.rdf --a---- 4305 bytes [00:13 08/02/2011] [00:13 08/02/2011] 65CD4B591F3C58CE328D2B95F96B906B C:\Program Files\HP\Digital Imaging\smart web printing\MozillaAddOn3\install.rdf --a---- 1053 bytes [10:15 20/09/2009] [10:15 20/09/2009] 4B053F3E20432E72830C5E81DB22A891 C:\Program Files\Java\jre6\lib\deploy\jqs\ff\install.rdf --a---- 678 bytes [06:25 02/06/2010] [06:25 02/06/2010] 7D03B0EFE4414281DB2BD7BAA924BE7B C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\install.rdf --a---- 1103 bytes [15:34 16/09/2011] [19:04 11/11/2011] B302A0B54DFDAFDB97EDB29D42B2FBCA C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\install.rdf --a---- 882 bytes [19:25 20/10/2010] [19:25 20/10/2010] 2D71C407413626FBB26EB74AA7A3B029 C:\Users\All Users\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\install.rdf --a---- 882 bytes [19:25 20/10/2010] [19:25 20/10/2010] 2D71C407413626FBB26EB74AA7A3B029 C:\_OTL\MovedFiles\12032011_175531\C_USERS\VINCENZO\APPDATA\ROAMING\5049\install.rdf --a---- 539 bytes [17:58 24/11/2011] [20:45 25/11/2011] 7D0ED40837E73F52E488F79DAE253B27 C:\_OTL\MovedFiles\12032011_175531\C_USERS\VINCENZO\APPDATA\ROAMING\5050\install.rdf --a---- 539 bytes [20:46 25/11/2011] [14:15 28/11/2011] 7D0ED40837E73F52E488F79DAE253B27 C:\_OTL\MovedFiles\12032011_175531\C_USERS\VINCENZO\APPDATA\ROAMING\5051\install.rdf --a---- 539 bytes [19:40 28/11/2011] [22:15 29/11/2011] 7D0ED40837E73F52E488F79DAE253B27 ========== regfind ========== Searching for "184AA5E6-741D-464a-820E-94B3ABC2F3B4" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\task\0008AE48] "GUID"="{184AA5E6-741D-464a-820E-94B3ABC2F3B4}" [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{184AA5E6-741D-464a-820E-94B3ABC2F3B4}"="C:\Users\Vincenzo\AppData\Roaming\5051" [HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Mozilla\Firefox\Extensions] "{184AA5E6-741D-464a-820E-94B3ABC2F3B4}"="C:\Users\Vincenzo\AppData\Roaming\5051" [HKEY_USERS\S-1-5-21-473775901-2554046012-3309774047-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\task\0008AE48] "GUID"="{184AA5E6-741D-464a-820E-94B3ABC2F3B4}" [HKEY_USERS\S-1-5-21-473775901-2554046012-3309774047-1001\Software\Mozilla\Firefox\Extensions] "{184AA5E6-741D-464a-820E-94B3ABC2F3B4}"="C:\Users\Vincenzo\AppData\Roaming\5051" [HKEY_USERS\S-1-5-21-473775901-2554046012-3309774047-1001\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Mozilla\Firefox\Extensions] "{184AA5E6-741D-464a-820E-94B3ABC2F3B4}"="C:\Users\Vincenzo\AppData\Roaming\5051" [HKEY_USERS\S-1-5-21-473775901-2554046012-3309774047-1001_Classes\VirtualStore\MACHINE\SOFTWARE\Mozilla\Firefox\Extensions] "{184AA5E6-741D-464a-820E-94B3ABC2F3B4}"="C:\Users\Vincenzo\AppData\Roaming\5051" Searching for " " [HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\ASPEncoder] "Description"=" <h3>Das Kernstück Ihres HD-Videoerlebnisses</h3> <p>Der Codec, der die Videowelt revolutioniert hat, wurde weiter optimiert. Wir bezeichnen diese Version als „Pro“, da sie zudem fantastische fortschrittliche Encoding-Einstellungen bietet, mit denen Sie mit Drittanbietersoftware hochwertige DivX-Video generieren können, die auf jedem beliebigen DivX Certified®-Gerät wiedergegeben werden können.</p> <h3>Gute Gründe für den DivX Codec</h3> <ul> <li>Erstellen Sie mit Drittanbietersoftware oder mit dem DivX Converter hochwertige, stark komprimierte DivX-Videos.</li> <li>Wir garantieren, dass Ihre Videos abgesehen von Deinem PC auch auf DivX Certified-DVD-Playern, Mobiltelefonen, Spielekonsolen uvm. abgespielt werden können.</li> <li>Optimieren Sie Ihre Videos mit den fortschrittlichen Encoding-Einstellungen, um hochwertigere Dateien zu erhalten.</li> </ul>" [HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Converter] "Description"=" <p>Der DivX Plus Converter nimmt gängige Videoformate und erstellt auf einfache Weise DivX- oder DivX Plus-Dateien für Ihre DivX Certified®-Geräte.</p> <ul> <li>Konvertieren Sie die Formate per Drag-&-Drop in .divx (DivX-Video) und .mkv (DivX Plus-Video)</li> <li>Erstellen Sie fortschrittliche DivX Plus-Features, wie den schnellen und gleichmäßigen Vor- und Rücklauf</li> <li>Steuern Sie Ihre Dateien mit den fortschrittlichen Encoding-Optionen</li> <li>Vereinen Sie mehrere Videos zu einer .divx- oder .mkv-Datei</li> <li>Konvertieren Sie Video-Batches - selbst mit Videos unterschiedlicher Formate - in einer einzigen Sitzung</li> </ul> " [HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Player] "Description"=" <p>Der DivX Plus Player ist für das beste Wiedergabeerlebnis auf Deinem PC optimiert.</p> <ul> <li>Sehen Sie sich ruckelfreie High-Definition-Videos auf Deinem PC an (bis zu 1080 p)</li> <li>Einfacher Transfer von Videos an DivX-Geräte</li> <li>Erleben Sie die DivX Plus-Features, wie den schnellen und gleichmäßigen Vor- und Rücklauf und das Überspringen von Szenen</li> </ul> " [HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\BundleGroups\divx.com] "BundleGroupDescription"=" <p>Die DivX Plus-Software enthält alles, was Du für ein kinoähnliches Erlebnis auf Deinem Computer, in Deinem Wohnzimmer und unterwegs benötigst. Für ein optimales Erlebnis mit DivX-Videos <b>empfehlen wir die Komplettinstallation aller Komponenten</b>.</p> <h3>Mit DivX Plus-Software kannst Du:</h3> <ul> <li>Ruckelfreie HD-Videos auf Deinem Computer ansehen</li> <li>Videos mühelos an DivX Certified®-Geräte übertragen</li> <li>Die fortschrittlichen DivX Plus-Features, wie den schnellen und gleichmäßigen Vor- und Rücklauf und das Überspringen von Szenen, genießen</li> <li>DivX-Videos auf Deiner Website oder in Deinen Blog integrieren</li> <li>Dateien platzsparend in ein DivX-Video umwandeln oder auf DivX-Geräten wiedergeben</li> </ul> " [HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\InstallGroups\FiltersAndCodecs] "Description"=" <p>Mit dem DivX Plus Codec Pack können Sie sich DivX-Videos in Deiner bevorzugten Drittanbieteranwendung ansehen.</p> <ul> <li>Geben Sie die Formate .divx, .avi und .mkv (DivX- und DivX Plus-Video) auf gängigen Media-Playern (wie beispielsweise dem Windows Media Player, QuickTime, Media Player Classic) wieder</li> <li>Erstellen Sie mit Drittanbietersoftware (beispielsweise Virtual Dub) .avi-Dateien (DivX-Video) </li> </ul> " [HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\InstallGroups\Player] "Description"=" <p>Der DivX Plus Player ist für das beste Wiedergabeerlebnis auf Deinem PC optimiert.</p> <ul> <li>Sehen Sie sich ruckelfreie High-Definition-Videos auf Deinem PC an (bis zu 1080 p)</li> <li>Einfacher Transfer von Videos an DivX-Geräte</li> <li>Erleben Sie die DivX Plus-Features, wie den schnellen und gleichmäßigen Vor- und Rücklauf und das Überspringen von Szenen</li> </ul> " [HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\InstallGroups\SharedLibraries] "Description"=" <ul> <li>The DivX VOD Plug-in enables a better user experience for customers purchasing or renting content from DivX VOD retail stores.</li> </ul> " [HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\WebPlayer] "Description"=" <h3>Neue Funktionen in dieser Beta-Version:</h3> <ul> <li>DivX HiQ™ - benutze DivX Plus Web Player auf populären Video-Webseiten wie YouTube</li> <li>Unterstützung neuer Formate – MP4 & MOV</li> <li>Unterstützung von HTML5 <VIDEO> Tag</li> <li>DXVA Hardwarebeschleunigung (Direct-X)</li> </ul> " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}] "RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1"> <Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{7A53B0BE-B92D-4e8a-A11F-8E6F9F3C575B}"> <Descriptor descriptorID="{E04AAEE8-950C-43c4-B75C-D87736A7FAFD}"/> </Rating> <Rating ratingSystemID="{EC290BBB-D618-4cb9-9963-1CAAE515443E}" ratingID="{5098B1DF-486F-4e79-A6D6-6E0879A63811}"/> <Rating ratingSystemID="{7F2A4D3A-23A8-4123-90E7-D986BF1D9718}" ratingID="{464299D0-6D57-47e8-AA53-A849CBEA12CB}"/> <Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{464299D0-6D57-47e8-AA53-A849CBEA12CB}"/> <Rating ratingSystemID="{9AAFBACD-EAB9-4946-8BE8-C4D997927C81}" ratingID="{BB63F1DB-83FB-4790-ABE5-920E0AC864BD}"/> <Rating ratingSystemID="{5B39D1B8-ED49-4055-8A47-04B29A579AD6}" r [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell] "ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> <Capability Type="Shell"/> </Resource> </Res [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_SCSI#DISK&VEN_JMCR&PROD_MS&REV_#5&159C3AE4&0&000000#] "DeviceDesc"="MS " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_SCSI#DISK&VEN_JMCR&PROD_SD#MMC&REV_#5&15DC9CEA&0&000000 #] "DeviceDesc"="SD/MMC " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#08082482463695&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_7.01#000101811 1D01406&0#] "DeviceDesc"="Cruzer " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_8.01#35149113C 7036232&0#] "DeviceDesc"="Cruzer " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SMI&PROD_&REV_0100#AA00000000002536&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_SCSI#DISK&VEN_JMCR&PROD_MS&REV_#5&159C3AE4&0&000000#] "DeviceDesc"="MS " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_SCSI#DISK&VEN_JMCR&PROD_SD#MMC&REV_#5&15DC9CEA&0&000000 #] "DeviceDesc"="SD/MMC " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#08082482463695&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_7.01#000101811 1D01406&0#] "DeviceDesc"="Cruzer " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_8.01#35149113C 7036232&0#] "DeviceDesc"="Cruzer " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SMI&PROD_&REV_0100#AA00000000002536&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_SCSI#DISK&VEN_JMCR&PROD_MS&REV_#5&159C3AE4&0&000000 #] "DeviceDesc"="MS " [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_SCSI#DISK&VEN_JMCR&PROD_SD#MMC&REV_#5&15DC9CEA&0&00 0000#] "DeviceDesc"="SD/MMC " [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#08082482463695&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_7.01#00010 18111D01406&0#] "DeviceDesc"="Cruzer " [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_8.01#35149 113C7036232&0#] "DeviceDesc"="Cruzer " [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SMI&PROD_&REV_0100#AA0000000000253 6&0#] "DeviceDesc"=" " -= EOF =- |
|
06.12.2011, 07:43
| #28 |
| | Sophos Scan hat Trojaner und Maleware gefunden Hi, hat sich in der Reg verewigt, mal sehen was so drin steht...
:reg HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\task /s HKEY_USERS\S-1-5-21-473775901-2554046012-3309774047-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\task /s
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert. Führe dann CCleaner aus: http://www.trojaner-board.de/51464-a...-ccleaner.html chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
06.12.2011, 12:20
| #29 |
| | Sophos Scan hat Trojaner und Maleware gefunden SystemLook 30.07.11 by jpshortstuff Log created at 12:19 on 06/12/2011 by Vincenzo Administrator - Elevation successful ========== reg ========== [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\task] "time"=ce da d3 e8 1b b0 cc 01 (REG_QWORD) [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\task\0008ACB2] "TASK"="dl/AcroIEHelpe.dll" "GUID"="{C689C99E-3A8C-4c87-A79C-C80DC9C81632}" "VERS"="054" "FILE"="AcroIEHelpe054.dll" "OLD"="C:\Users\Vincenzo\AppData\Roaming\AcroIEHelpe053.dll" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\task\0008AE48] "TASK"="dl/AcroFF.dll" "GUID"="{184AA5E6-741D-464a-820E-94B3ABC2F3B4}" "PATH"="5051\components" "VERS"="051" "FILE"="AcroFF051.dll" "PAL"="" [HKEY_USERS\S-1-5-21-473775901-2554046012-3309774047-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\task] "time"=ce da d3 e8 1b b0 cc 01 (REG_QWORD) [HKEY_USERS\S-1-5-21-473775901-2554046012-3309774047-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\task\0008ACB2] "TASK"="dl/AcroIEHelpe.dll" "GUID"="{C689C99E-3A8C-4c87-A79C-C80DC9C81632}" "VERS"="054" "FILE"="AcroIEHelpe054.dll" "OLD"="C:\Users\Vincenzo\AppData\Roaming\AcroIEHelpe053.dll" [HKEY_USERS\S-1-5-21-473775901-2554046012-3309774047-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\task\0008AE48] "TASK"="dl/AcroFF.dll" "GUID"="{184AA5E6-741D-464a-820E-94B3ABC2F3B4}" "PATH"="5051\components" "VERS"="051" "FILE"="AcroFF051.dll" "PAL"="" -= EOF =- |
|
06.12.2011, 12:23
| #30 |
| | Sophos Scan hat Trojaner und Maleware gefunden Ich hab jetzt noch ein kleines Problem mit Firefox. Wenn ich meinen Rechner hochfahre und anschließend Firefox starte, dann hängt sich der Rechner komplett auf, sodass nur noch ein ausschalten per Startknopf hilft. Kann es an der Prozedur liegen, die wir bis jetzt gemacht haben?? |
|
| Themen zu Sophos Scan hat Trojaner und Maleware gefunden |
| antivirenprogramm, appdata, c:\windows, cache, control, ergebnis, firefox, komplette, laptop, laufen, maleware, maleware gefunden, neuinstallieren, programm, rechner, roaming, scan, schließe, security, sophos, starte, starten, system32, trojaner, version, öffnen |
Linear-Darstellung
