|
Plagegeister aller Art und deren Bekämpfung: Bundespolizei Paypal VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
23.01.2012, 19:53 | #1 |
| Bundespolizei Paypal Virus Guten Abend liebes Trojaner-Board, vor 2 Tagen hat mich der Trojaner/Virus der angeblichen „Bundespolizei“ erwischt und ich wurde aufgefordert, per Paypal (ich glaube) 100 Euro zu überweisen. Das System reagierte nicht mehr. Darum habe ich meinen Computer schnell im abgesicherten Modus neugestartet und Avast, Spybot sowie Malwarebytes Anti-Malware gestartet. Sowohl Avast als auch Spybot fanden keine Fehler, Malwarebytes allerdings hat 2 Trojaner gefunden, welche das Programm dann auch entfernt hat. Im Anschluss daran konnte ich meinen Computer wieder normal neustarten. Seitdem habe ich meinen PC im normalen Modus diverse Male durchsuchen lassen (ebenfalls wieder von Avast, Spybot und Malwarebytes), mittlerweile kann aber nichts mehr gefunden werden, mein System scheint in Ordnung zu sein. ich habe allerdings Angst, dass vielleicht doch noch Überreste des Trojaners/der Trojaner vorhanden sein könnten und wollte daher fragen, ob ihr vielleicht mal über meine Logdateien von Malwarebytes und OTL drüberschauen könntet? Damit kenne ich mich nämlich überhaupt nicht aus… Die sind allerdings extrem lang (besonders die beiden OTL Logdateien). Könnte dies daran liegen, dass ich hiermit einen Komplettscan gemacht habe? Würde nämlich nur sehr ungern mein Windows System neu aufsetzen. Mit besten Grüßen und vielen Dank, Flow1988 |
24.01.2012, 21:26 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Paypal VirusZitat:
Alles von Malwarebytes und den anderen Scannern muss hier gepostet werden. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
24.01.2012, 21:54 | #3 |
| Bundespolizei Paypal Virus Danke für die Hilfe.
__________________Hier das Log von Malwarebytes (habe allerdings nur einen nach dem Entfernen der Trojaner, vorm Entfernen wusste ich leider noch nicht von der Existenz von eurem Trojaner-Board und hab das Log darum auch nicht gespeichert Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.23.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 User :: Flow-PC [Administrator] 23.01.2012 16:41:17 mbam-log-2012-01-23 (16-41-17).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 451062 Laufzeit: 1 Stunde(n), 43 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Danke. |
24.01.2012, 21:57 | #4 |
| Bundespolizei Paypal Virus Nunja, meine Logdatei ist anscheinend zu groß, ich packs dann dochmal in einen Code-Tag. [code] OTL by Oldtimer:OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.01.2012 18:30:06 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\User\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 52,72% Memory free 7,98 Gb Paging File | 6,23 Gb Available in Paging File | 78,02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 244,04 Gb Total Space | 188,47 Gb Free Space | 77,23% Space Free | Partition Type: NTFS Drive D: | 221,62 Gb Total Space | 84,54 Gb Free Space | 38,14% Space Free | Partition Type: NTFS Drive H: | 232,89 Gb Total Space | 49,07 Gb Free Space | 21,07% Space Free | Partition Type: NTFS Computer Name: Flow-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.22 17:29:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe PRC - [2011.11.28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files (x86)\Antivir Avast\AvastUI.exe PRC - [2011.11.09 20:01:38 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe PRC - [2011.03.28 08:48:46 | 004,726,358 | ---- | M] () -- D:\University\Latein\Vokabeltrainer\Anki\anki.exe PRC - [2010.02.25 17:53:00 | 001,254,400 | ---- | M] (Chicony) -- C:\Program Files (x86)\Thermaltake Ttesports\Ttsystray.exe ========== Modules (No Company Name) ========== MOD - [2011.03.28 08:48:46 | 004,726,358 | ---- | M] () -- D:\University\Latein\Vokabeltrainer\Anki\anki.exe MOD - [2011.02.22 13:16:36 | 000,023,552 | ---- | M] () -- D:\University\Latein\Vokabeltrainer\Anki\qt4_plugins\imageformats\qsvg4.dll MOD - [2011.02.22 13:16:30 | 000,198,144 | ---- | M] () -- D:\University\Latein\Vokabeltrainer\Anki\qt4_plugins\imageformats\qjpeg4.dll MOD - [2011.02.22 13:16:26 | 000,286,208 | ---- | M] () -- D:\University\Latein\Vokabeltrainer\Anki\qt4_plugins\imageformats\qtiff4.dll MOD - [2011.02.22 13:16:18 | 000,028,160 | ---- | M] () -- D:\University\Latein\Vokabeltrainer\Anki\qt4_plugins\imageformats\qgif4.dll MOD - [2010.11.25 21:19:18 | 000,016,384 | ---- | M] () -- D:\University\Latein\Vokabeltrainer\Anki\simplejson._speedups.pyd MOD - [2010.11.25 21:19:10 | 000,247,296 | ---- | M] () -- D:\University\Latein\Vokabeltrainer\Anki\pysqlite2._sqlite.pyd MOD - [2010.11.25 21:19:10 | 000,032,768 | ---- | M] () -- D:\University\Latein\Vokabeltrainer\Anki\win32api.pyd MOD - [2010.11.25 20:52:24 | 000,110,080 | ---- | M] () -- D:\University\Latein\Vokabeltrainer\Anki\pythoncom27.dll MOD - [2010.11.25 20:43:22 | 000,052,224 | ---- | M] () -- D:\University\Latein\Vokabeltrainer\Anki\PyWinTypes27.dll MOD - [2010.10.22 15:07:20 | 000,054,784 | ---- | M] () -- D:\University\Latein\Vokabeltrainer\Anki\PyQt4.QtWebKit.pyd MOD - [2010.10.22 15:06:38 | 000,021,504 | ---- | M] () -- D:\University\Latein\Vokabeltrainer\Anki\PyQt4.QtSvg.pyd MOD - [2010.10.22 15:05:34 | 000,071,680 | ---- | M] () -- D:\University\Latein\Vokabeltrainer\Anki\PyQt4.QtNetwork.pyd MOD - [2010.10.22 15:04:32 | 000,583,680 | ---- | M] () -- D:\University\Latein\Vokabeltrainer\Anki\PyQt4.QtGui.pyd MOD - [2010.10.22 14:56:40 | 000,241,152 | ---- | M] () -- D:\University\Latein\Vokabeltrainer\Anki\PyQt4.QtCore.pyd MOD - [2010.10.22 14:51:50 | 000,030,720 | ---- | M] () -- D:\University\Latein\Vokabeltrainer\Anki\sip.pyd MOD - [2010.10.20 07:21:38 | 000,028,672 | ---- | M] () -- D:\University\Latein\Vokabeltrainer\Anki\qt4_plugins\imageformats\qico4.dll MOD - [2010.10.20 07:21:22 | 000,220,672 | ---- | M] () -- D:\University\Latein\Vokabeltrainer\Anki\qt4_plugins\imageformats\qmng4.dll MOD - [2010.10.20 07:21:02 | 000,077,824 | ---- | M] () -- D:\University\Latein\Vokabeltrainer\Anki\qt4_plugins\codecs\qkrcodecs4.dll MOD - [2010.10.20 07:21:00 | 000,155,136 | ---- | M] () -- D:\University\Latein\Vokabeltrainer\Anki\qt4_plugins\codecs\qtwcodecs4.dll MOD - [2010.10.20 07:20:56 | 000,167,936 | ---- | M] () -- D:\University\Latein\Vokabeltrainer\Anki\qt4_plugins\codecs\qjpcodecs4.dll MOD - [2010.10.20 07:20:52 | 000,141,824 | ---- | M] () -- D:\University\Latein\Vokabeltrainer\Anki\qt4_plugins\codecs\qcncodecs4.dll MOD - [2010.10.20 07:18:32 | 002,813,952 | ---- | M] () -- D:\University\Latein\Vokabeltrainer\Anki\QtWebKit4.dll MOD - [2010.10.20 06:01:30 | 000,090,624 | ---- | M] () -- D:\University\Latein\Vokabeltrainer\Anki\QtSvg4.dll MOD - [2010.10.20 06:00:52 | 000,100,864 | ---- | M] () -- D:\University\Latein\Vokabeltrainer\Anki\phonon4.dll MOD - [2010.10.20 05:55:44 | 003,064,320 | ---- | M] () -- D:\University\Latein\Vokabeltrainer\Anki\QtGui4.dll MOD - [2010.10.20 05:46:58 | 000,286,720 | ---- | M] () -- D:\University\Latein\Vokabeltrainer\Anki\QtNetwork4.dll MOD - [2010.10.20 05:46:08 | 000,126,976 | ---- | M] () -- D:\University\Latein\Vokabeltrainer\Anki\QtXml4.dll MOD - [2010.10.20 05:45:56 | 000,820,736 | ---- | M] () -- D:\University\Latein\Vokabeltrainer\Anki\QtCore4.dll MOD - [2010.09.21 11:28:42 | 000,027,136 | ---- | M] () -- D:\University\Latein\Vokabeltrainer\Anki\_portaudio.pyd MOD - [2010.07.04 01:04:30 | 000,107,008 | ---- | M] () -- D:\University\Latein\Vokabeltrainer\Anki\_hashlib.pyd MOD - [2010.07.04 01:03:54 | 000,033,280 | ---- | M] () -- D:\University\Latein\Vokabeltrainer\Anki\_ctypes.pyd MOD - [2010.07.04 01:03:46 | 000,182,272 | ---- | M] () -- D:\University\Latein\Vokabeltrainer\Anki\unicodedata.pyd MOD - [2010.07.04 01:03:42 | 000,270,336 | ---- | M] () -- D:\University\Latein\Vokabeltrainer\Anki\_ssl.pyd MOD - [2010.07.04 01:03:30 | 000,020,480 | ---- | M] () -- D:\University\Latein\Vokabeltrainer\Anki\_socket.pyd MOD - [2009.10.09 17:50:22 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Thermaltake Ttesports\WMINPUT.DLL ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.11.03 15:44:42 | 000,827,520 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc) SRV - [2011.11.28 19:15:32 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files (x86)\Antivir Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2011.11.09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2011.06.17 08:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2011.01.06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2010.10.22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd) SRV - [2010.09.01 14:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.11.28 18:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2011.11.28 18:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2011.11.28 18:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr) DRV:64bit: - [2011.11.28 18:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2011.11.28 18:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2011.11.28 18:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2011.08.02 16:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.06.18 12:20:29 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.05.07 17:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant) DRV:64bit: - [2011.04.30 12:59:32 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2011.04.30 12:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.04.30 12:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.15 11:24:18 | 000,058,448 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PWFilterUsb.sys -- (PorscheWheelFilterUsb) DRV:64bit: - [2010.12.08 04:12:36 | 000,308,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.12 13:19:38 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2010.09.13 15:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH) DRV:64bit: - [2010.09.07 03:48:56 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2010.09.07 03:48:50 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2010.08.19 20:42:38 | 000,157,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV:64bit: - [2010.08.19 20:42:38 | 000,035,920 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV:64bit: - [2010.04.27 15:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid) DRV:64bit: - [2010.04.27 15:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum) DRV:64bit: - [2010.04.27 13:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore) DRV:64bit: - [2010.04.07 11:14:50 | 000,446,304 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr6164.sys -- (rt61x64) DRV:64bit: - [2009.11.27 22:35:43 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2009.11.25 14:36:30 | 001,235,968 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.17 17:18:52 | 000,716,800 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dnetr7364.sys -- (Dnetr7364) DRV:64bit: - [2009.06.10 21:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.03.06 18:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf) DRV:64bit: - [2008.09.17 14:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64) DRV:64bit: - [2008.01.30 18:30:48 | 000,743,936 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2011.11.03 15:44:22 | 000,033,672 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2004.03.09 11:18:09 | 000,065,504 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02) DRV - [2004.03.09 10:45:49 | 000,077,184 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06) DRV - [2003.12.01 16:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01) DRV - [2003.09.06 13:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1) DRV - [2002.07.17 15:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (ASPI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 27 E3 71 AF A7 6D CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Ecosia" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "fcb.de" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {99999999-73df-4e76-b66c-87d3db104b03}:1.3.5 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.5.3.4 FF - prefs.js..extensions.enabledItems: {7E77F5DF-8022-40e3-9122-F03DEBEFC43B}:1.0.25 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101 FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 9666 FF - prefs.js..network.proxy.socks: "localhost" FF - prefs.js..network.proxy.socks_port: 9050 FF - prefs.js..network.proxy.socks_remote_dns: true FF - prefs.js..network.proxy.ssl: "localhost" FF - prefs.js..network.proxy.ssl_port: 9666 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adoobe Reader\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012.01.18 12:43:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2010.12.28 08:17:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files (x86)\Antivir Avast\WebRep\FF [2011.11.29 09:50:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011.11.12 00:47:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.30 15:15:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.13 14:47:33 | 000,000,000 | ---D | M] [2009.11.26 14:57:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2012.01.09 00:19:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\zqe3t1dt.default\extensions [2012.01.09 00:19:10 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\zqe3t1dt.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.12.23 21:42:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\zqe3t1dt.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.05.01 12:21:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\zqe3t1dt.default\extensions\nostmp [2011.03.12 12:44:24 | 000,000,000 | ---D | M] (Personas) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\zqe3t1dt.default\extensions\personas@christopher.beard [2010.06.20 18:26:28 | 000,002,361 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqe3t1dt.default\searchplugins\ecosia.xml [2011.12.30 15:15:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.11.29 09:50:44 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES (X86)\ANTIVIR AVAST\WEBREP\FF () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZQE3T1DT.DEFAULT\EXTENSIONS\{7E77F5DF-8022-40E3-9122-F03DEBEFC43B}.XPI () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZQE3T1DT.DEFAULT\EXTENSIONS\{9D1F059C-CADA-4111-9696-41A62D64E3BA}.XPI () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZQE3T1DT.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZQE3T1DT.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI [2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.01.18 12:30:15 | 000,440,328 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 123haustiereundmehr.com O1 - Hosts: 15137 more lines... O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files (x86)\Antivir Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL (Microsoft Corporation) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files (x86)\Antivir Avast\aswWebRepIE.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files (x86)\Antivir Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files (x86)\Antivir Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [avast] C:\Program Files (x86)\Antivir Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [ChallengerPro] C:\Program Files (x86)\Thermaltake Ttesports\Ttsystray.exe (Chicony) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38917099-64E7-48F0-8DB4-55A6C7DAA3E5}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GRA32A~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{209a28d3-e042-11e0-9a02-90e6baca0285}\Shell - "" = AutoRun O33 - MountPoints2\{209a28d3-e042-11e0-9a02-90e6baca0285}\Shell\AutoRun\command - "" = G:\Startme.exe O33 - MountPoints2\{91abed29-d9c2-11de-be60-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{91abed29-d9c2-11de-be60-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe O33 - MountPoints2\{9c6bab32-9986-11e0-8a6c-90e6baca0285}\Shell - "" = AutoRun O33 - MountPoints2\{9c6bab32-9986-11e0-8a6c-90e6baca0285}\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\{f074f9b9-ea4e-11de-85c8-90e6baca0285}\Shell - "" = AutoRun O33 - MountPoints2\{f074f9b9-ea4e-11de-85c8-90e6baca0285}\Shell\AutoRun\command - "" = G:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found O37 - HKLM\...exe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2012.01.22 17:29:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2012.01.13 14:47:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adoobe Reader [2012.01.13 14:47:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.01.11 13:25:59 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2012.01.11 13:25:58 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2012.01.11 13:25:58 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2012.01.11 13:25:58 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll [2012.01.11 13:25:58 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll [2012.01.11 13:25:58 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll [2012.01.11 13:25:57 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2012.01.11 13:25:56 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2012.01.11 13:25:55 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2012.01.11 13:25:55 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2012.01.11 13:25:55 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2012.01.11 13:25:54 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll [2012.01.11 13:25:54 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll [2012.01.03 20:55:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.01.03 20:55:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012.01.03 20:55:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2011.12.28 19:29:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\xp-AntiSpy [2011.12.28 19:29:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\xp-AntiSpy [2011.12.26 19:48:04 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Ttesport [2011.12.26 19:40:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Thermaltake Ttesports [2011.12.26 19:40:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tt eSPORTS Challenger Pro [29 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.23 16:41:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012.01.23 16:05:50 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.23 16:05:50 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.23 15:58:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.23 15:58:10 | 3214,188,544 | -HS- | M] () -- C:\hiberfil.sys [2012.01.22 17:29:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2012.01.21 20:29:27 | 000,014,306 | ---- | M] () -- C:\Users\User\Documents\2009-12-01.hrf [2012.01.18 12:30:15 | 000,440,328 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.01.11 13:21:09 | 000,440,178 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120118-123015.backup [2012.01.06 18:01:53 | 000,430,263 | ---- | M] () -- C:\Users\User\Documents\Komplet Festplatte H.m3u [2012.01.02 16:47:14 | 501,063,079 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.12.30 15:15:33 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.12.29 13:10:41 | 000,440,051 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120111-132109.backup [2011.12.28 11:12:55 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011.12.26 19:52:04 | 000,016,928 | ---- | M] () -- C:\Users\User\Documents\Dokument schreiben.TT1 [2011.12.26 19:40:10 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\Challenge Avenger.lnk [29 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.13 14:47:33 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2011.12.28 11:12:55 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011.12.26 19:50:40 | 000,016,928 | ---- | C] () -- C:\Users\User\Documents\Dokument schreiben.TT1 [2011.12.26 19:40:10 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\Challenge Avenger.lnk [2011.11.01 00:34:34 | 000,005,282 | ---- | C] () -- C:\Windows\Sandboxie.ini [2011.06.05 14:51:02 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll [2011.06.05 14:50:43 | 000,000,009 | ---- | C] () -- C:\Windows\Sierra.ini [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.09.26 16:28:14 | 000,108,992 | ---- | C] () -- C:\Windows\SysWow64\SH34W32.DLL [2010.09.26 16:28:13 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\IFORCE2.dll [2010.07.23 13:07:24 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.02.18 18:18:12 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2010.02.18 18:18:12 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2010.01.30 15:19:04 | 000,001,471 | ---- | C] () -- C:\Users\User\AppData\Local\RecConfig.xml [2010.01.23 22:52:46 | 000,047,104 | ---- | C] () -- C:\Windows\SysWow64\KMVIDC32.DLL [2010.01.21 14:15:18 | 000,007,605 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg [2010.01.11 20:35:02 | 000,024,064 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.10 18:29:27 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009.12.25 21:53:46 | 000,000,336 | ---- | C] () -- C:\Windows\game.ini [2009.11.28 16:27:06 | 000,000,549 | ---- | C] () -- C:\Windows\eReg.dat [2009.11.26 15:12:23 | 000,004,940 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe [2009.11.26 14:57:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.11.25 14:37:09 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat < End of report > Und extras.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.01.2012 18:30:06 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\User\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 52,72% Memory free 7,98 Gb Paging File | 6,23 Gb Available in Paging File | 78,02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 244,04 Gb Total Space | 188,47 Gb Free Space | 77,23% Space Free | Partition Type: NTFS Drive D: | 221,62 Gb Total Space | 84,54 Gb Free Space | 38,14% Space Free | Partition Type: NTFS Drive H: | 232,89 Gb Total Space | 49,07 Gb Free Space | 21,07% Space Free | Partition Type: NTFS Computer Name: Flow-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .bat [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .chm [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .cmd [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .com [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .cpl [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .exe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .hlp [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .hta [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .inf [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .ini [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .url [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .js [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .jse [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .pif [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .reg [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .scr [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .txt [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .vbe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .vbs [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .wsf [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .wsh [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [edit] -- Reg Error: Key error. batfile [open] -- Reg Error: Key error. batfile [print] -- Reg Error: Key error. chm.file [open] -- Reg Error: Key error. cmdfile [edit] -- Reg Error: Key error. cmdfile [open] -- Reg Error: Key error. cmdfile [print] -- Reg Error: Key error. comfile [open] -- Reg Error: Key error. cplfile [cplopen] -- Reg Error: Key error. exefile [open] -- Reg Error: Key error. helpfile [open] -- Reg Error: Key error. hlpfile [open] -- Reg Error: Key error. htafile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- Reg Error: Key error. htmlfile [opennew] -- Reg Error: Key error. htmlfile [print] -- Reg Error: Key error. http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- Reg Error: Key error. inffile [open] -- Reg Error: Key error. inffile [print] -- Reg Error: Key error. inifile [open] -- Reg Error: Key error. inifile [print] -- Reg Error: Key error. InternetShortcut [open] -- Reg Error: Key error. InternetShortcut [print] -- Reg Error: Key error. jsfile [edit] -- Reg Error: Key error. jsfile [open] -- Reg Error: Key error. jsfile [print] -- Reg Error: Key error. jsefile [edit] -- Reg Error: Key error. jsefile [open] -- Reg Error: Key error. jsefile [print] -- Reg Error: Key error. piffile [open] -- Reg Error: Key error. regfile [edit] -- Reg Error: Key error. regfile [open] -- Reg Error: Key error. regfile [merge] -- Reg Error: Key error. regfile [print] -- Reg Error: Key error. scrfile [config] -- Reg Error: Key error. scrfile [install] -- Reg Error: Key error. scrfile [open] -- Reg Error: Key error. txtfile [edit] -- Reg Error: Key error. txtfile [open] -- Reg Error: Key error. txtfile [print] -- Reg Error: Key error. txtfile [printto] -- Reg Error: Key error. vbefile [edit] -- Reg Error: Key error. vbefile [open] -- Reg Error: Key error. vbefile [print] -- Reg Error: Key error. vbsfile [edit] -- Reg Error: Key error. vbsfile [open] -- Reg Error: Key error. vbsfile [print] -- Reg Error: Key error. wsffile [edit] -- Reg Error: Key error. wsffile [open] -- Reg Error: Key error. wsffile [print] -- Reg Error: Key error. wshfile [open] -- Reg Error: Key error. Unknown [openas] -- Reg Error: Key error. Folder [open] -- Reg Error: Key error. Folder [explore] -- Reg Error: Key error. Drive [find] -- Reg Error: Key error. Applications\iexplore.exe [open] -- Reg Error: Key error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{5298B904-0A34-403F-9669-FE7D7BEBBE86}" = AVG 2011 "{544974E3-D015-401C-900C-E5D137BC930E}" = AVG 2011 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{A7EEF79E-06B2-4382-9D2E-39DBA0F72D50}" = Eraser 6.0.8.2273 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{C88ED293-4EC7-4C6C-B105-B8DE4199AFAB}" = Porsche Wheel "{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes "{E4C703FE-7F5C-475D-9458-8E2FD7110790}" = AVG 2011 "{E92F43E9-D190-474E-8EAC-769E804D36C7}" = AVG 2011 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "AVG" = AVG 2011 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "sp6" = Logitech SetPoint 6.30 "WinRAR archiver" = WinRAR "ZoneAlarm Toolbar" = ZoneAlarm Toolbar [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26 "{2B120B1D-1908-4FB3-8C9D-72128A74E80A}" = ZoneAlarm Security "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64) "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3 "{434D0FA1-3E0C-4D03-A5D4-5E1000008100}" = F1 2011 "{434D0FA1-A4CC-401A-9E74-621000028101}" = F1 2011 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{91591AEF-F2AB-45DF-9BAA-4288B5EC8032}" = Tt eSPORTS Challenger Pro "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A347C572-F7B4-43A3-BD51-FFC99184F70D}" = Jurassic Park Operation Genesis "{A386CC19-1E79-4D4C-A54B-C8747871E4AD}" = ZoneAlarm Firewall "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{C245F926-664E-40B6-ADC6-D5CD4922EA30}" = ASUS RT-G31 Wireless Card "{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}" = FlatOut2 "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.9 Game "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Anki" = Anki "avast" = avast! Free Antivirus "CCleaner" = CCleaner "EA Installer.2008885637" = EA Installer "ENTERPRISE" = Microsoft Office Enterprise 2007 "FUSSBALL MANAGER 11" = FUSSBALL MANAGER 11 "FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12 "GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3 "GFWL_{434D0FA1-3E0C-4D03-A5D4-5E1000008100}" = F1 2011 "Hattrick Organizer" = Hattrick Organizer (remove only) "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800 "Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de) "OpenAL" = OpenAL "Steam App 24740" = Burnout Paradise: The Ultimate Box "SystemRequirementsLab" = System Requirements Lab "Tropico3" = Tropico 3 1.00 "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.1.11 "Winamp" = Winamp "Worms2" = Worms2 "xp-AntiSpy" = xp-AntiSpy 3.98-1 "ZoneAlarm Free" = ZoneAlarm Free ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > |
24.01.2012, 22:18 | #5 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Paypal VirusZitat:
Dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ Logfiles bitte immer in CODE-Tags posten |
24.01.2012, 22:33 | #6 |
| Bundespolizei Paypal Virus Achso, okay habs auch grad gesehen, danke ;-) Das ist der Log, bei dem die trojaner gefunden wurden: Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.21.02 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus) Internet Explorer 9.0.8112.16421 User :: Flow-PC [Administrator] 22.01.2012 03:53:21 mbam-log-2012-01-22 (03-53-21).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 442171 Laufzeit: 1 Stunde(n), 11 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\4bcafa04-13992d6d (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\User\AppData\Roaming\0.4177976024923796.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2011.12.29.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 User :: Flow-PC [Administrator] 29.12.2011 13:19:19 mbam-log-2011-12-29 (13-19-19).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 437576 Laufzeit: 1 Stunde(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.22.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 User :: Flow-PC [Administrator] 22.01.2012 16:08:25 mbam-log-2012-01-22 (16-08-25).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 442718 Laufzeit: 1 Stunde(n), 38 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
25.01.2012, 09:34 | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Paypal Virus Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
25.01.2012, 19:31 | #8 |
| Bundespolizei Paypal Virus Sorry fürs späte melden! Hab den Scan gemacht und war erschrocken, dass so viel Mist gefunden wurde... Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=7dadef5372c60e408e7d62a351d00e5b # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-01-25 06:14:09 # local_time=2012-01-25 07:14:09 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1032 16777214 100 87 25763556 85189714 0 0 # compatibility_mode=5893 16776574 100 94 29049932 79141510 0 0 # compatibility_mode=8192 67108863 100 0 3725 3725 0 0 # compatibility_mode=9217 16777214 75 4 6460004 6460004 0 0 # scanned=222691 # found=6 # cleaned=6 # scan_time=3589 C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\549768f-6d9e7c25 Java/Exploit.CVE-2011-3544.AC trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\295a0c2-3ad9aad8 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\7477e2a3-77f9bc11 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\7c0bc965-4bce4aed a variant of Java/Agent.DP trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\19cd8f72-644ed309 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\de40546-28ccc826 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C |
25.01.2012, 20:04 | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Paypal Virus Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
25.01.2012, 20:36 | #10 |
| Bundespolizei Paypal Virus Hier der OTL.txt Code:
ATTFilter OTL logfile created on: 25.01.2012 20:15:50 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\User\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 65,11% Memory free 7,98 Gb Paging File | 6,47 Gb Available in Paging File | 81,11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 244,04 Gb Total Space | 189,96 Gb Free Space | 77,84% Space Free | Partition Type: NTFS Drive D: | 221,62 Gb Total Space | 96,05 Gb Free Space | 43,34% Space Free | Partition Type: NTFS Computer Name: Flow-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.22 17:29:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe PRC - [2011.11.28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files (x86)\Antivir Avast\AvastUI.exe PRC - [2011.11.09 20:01:38 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe PRC - [2010.02.25 17:53:00 | 001,254,400 | ---- | M] (Chicony) -- C:\Program Files (x86)\Thermaltake Ttesports\Ttsystray.exe ========== Modules (No Company Name) ========== MOD - [2009.10.09 17:50:22 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Thermaltake Ttesports\WMINPUT.DLL ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.11.03 15:44:42 | 000,827,520 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc) SRV - [2011.11.28 19:15:32 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files (x86)\Antivir Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2011.11.09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2011.06.17 08:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2011.01.06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2010.10.22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd) SRV - [2010.09.01 14:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.11.28 18:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2011.11.28 18:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2011.11.28 18:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr) DRV:64bit: - [2011.11.28 18:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2011.11.28 18:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2011.11.28 18:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2011.08.02 16:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.05.07 17:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant) DRV:64bit: - [2011.04.30 12:59:32 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2011.04.30 12:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.04.30 12:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.15 11:24:18 | 000,058,448 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PWFilterUsb.sys -- (PorscheWheelFilterUsb) DRV:64bit: - [2010.12.08 04:12:36 | 000,308,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.12 13:19:38 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2010.09.13 15:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH) DRV:64bit: - [2010.09.07 03:48:56 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2010.09.07 03:48:50 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2010.08.19 20:42:38 | 000,157,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV:64bit: - [2010.08.19 20:42:38 | 000,035,920 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV:64bit: - [2010.04.27 15:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid) DRV:64bit: - [2010.04.27 15:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum) DRV:64bit: - [2010.04.27 13:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore) DRV:64bit: - [2010.04.07 11:14:50 | 000,446,304 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr6164.sys -- (rt61x64) DRV:64bit: - [2009.11.27 22:35:43 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2009.11.25 14:36:30 | 001,235,968 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.17 17:18:52 | 000,716,800 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dnetr7364.sys -- (Dnetr7364) DRV:64bit: - [2009.06.10 21:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.03.06 18:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf) DRV:64bit: - [2008.09.17 14:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64) DRV:64bit: - [2008.01.30 18:30:48 | 000,743,936 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2011.11.03 15:44:22 | 000,033,672 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2004.03.09 11:18:09 | 000,065,504 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02) DRV - [2004.03.09 10:45:49 | 000,077,184 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06) DRV - [2003.12.01 16:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01) DRV - [2003.09.06 13:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1) DRV - [2002.07.17 15:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (ASPI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 27 E3 71 AF A7 6D CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Ecosia" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "fcb.de" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {99999999-73df-4e76-b66c-87d3db104b03}:1.3.5 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.5.3.4 FF - prefs.js..extensions.enabledItems: {7E77F5DF-8022-40e3-9122-F03DEBEFC43B}:1.0.25 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101 FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 9666 FF - prefs.js..network.proxy.socks: "localhost" FF - prefs.js..network.proxy.socks_port: 9050 FF - prefs.js..network.proxy.socks_remote_dns: true FF - prefs.js..network.proxy.ssl: "localhost" FF - prefs.js..network.proxy.ssl_port: 9666 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adoobe Reader\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012.01.18 12:43:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2010.12.28 08:17:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files (x86)\Antivir Avast\WebRep\FF [2011.11.29 09:50:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011.11.12 00:47:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.30 15:15:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.13 14:47:33 | 000,000,000 | ---D | M] [2009.11.26 14:57:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2012.01.09 00:19:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\zqe3t1dt.default\extensions [2012.01.09 00:19:10 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\zqe3t1dt.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.12.23 21:42:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\zqe3t1dt.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.05.01 12:21:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\zqe3t1dt.default\extensions\nostmp [2011.03.12 12:44:24 | 000,000,000 | ---D | M] (Personas) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\zqe3t1dt.default\extensions\personas@christopher.beard [2010.06.20 18:26:28 | 000,002,361 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqe3t1dt.default\searchplugins\ecosia.xml [2011.12.30 15:15:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.11.29 09:50:44 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES (X86)\ANTIVIR AVAST\WEBREP\FF () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZQE3T1DT.DEFAULT\EXTENSIONS\{7E77F5DF-8022-40E3-9122-F03DEBEFC43B}.XPI () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZQE3T1DT.DEFAULT\EXTENSIONS\{9D1F059C-CADA-4111-9696-41A62D64E3BA}.XPI () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZQE3T1DT.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZQE3T1DT.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI [2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.01.25 16:01:27 | 000,441,141 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 123haustiereundmehr.com O1 - Hosts: 15161 more lines... O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files (x86)\Antivir Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL (Microsoft Corporation) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files (x86)\Antivir Avast\aswWebRepIE.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files (x86)\Antivir Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files (x86)\Antivir Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adoobe Reader\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast] C:\Program Files (x86)\Antivir Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [ChallengerPro] C:\Program Files (x86)\Thermaltake Ttesports\Ttsystray.exe (Chicony) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38917099-64E7-48F0-8DB4-55A6C7DAA3E5}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GRA32A~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{209a28d3-e042-11e0-9a02-90e6baca0285}\Shell - "" = AutoRun O33 - MountPoints2\{209a28d3-e042-11e0-9a02-90e6baca0285}\Shell\AutoRun\command - "" = G:\Startme.exe O33 - MountPoints2\{91abed29-d9c2-11de-be60-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{91abed29-d9c2-11de-be60-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe O33 - MountPoints2\{9c6bab32-9986-11e0-8a6c-90e6baca0285}\Shell - "" = AutoRun O33 - MountPoints2\{9c6bab32-9986-11e0-8a6c-90e6baca0285}\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\{f074f9b9-ea4e-11de-85c8-90e6baca0285}\Shell - "" = AutoRun O33 - MountPoints2\{f074f9b9-ea4e-11de-85c8-90e6baca0285}\Shell\AutoRun\command - "" = G:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found O37 - HKLM\...exe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found MsConfig:64bit - StartUpFolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.) MsConfig:64bit - StartUpFolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk - - File not found MsConfig:64bit - StartUpReg: AppleSyncNotifier - hkey= - key= - File not found MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: AVG_TRAY - hkey= - key= - C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) MsConfig:64bit - StartUpReg: Eraser - hkey= - key= - File not found MsConfig:64bit - StartUpReg: EvtMgr6 - hkey= - key= - C:\Program Files (x86)\Logitech MX518\SetPointP\SetPoint.exe (Logitech, Inc.) MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: Lwinst Run Profiler - hkey= - key= - File not found MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: SandboxieControl - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found MsConfig:64bit - State: "services" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: vsmon - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L) Drivers32: VIDC.MKVC - C:\Windows\SysWow64\KMVIDC32.DLL () Drivers32: vidc.XVID - xvidvfw.dll File not found Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.01.25 18:12:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.01.23 19:33:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.01.23 19:33:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.01.23 19:33:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.01.23 19:33:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.01.22 17:29:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2012.01.13 14:47:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adoobe Reader [2012.01.03 20:55:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.01.03 20:55:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012.01.03 20:55:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2011.12.28 19:29:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\xp-AntiSpy [2011.12.28 19:29:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\xp-AntiSpy [29 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.25 19:47:38 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.25 19:47:38 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.25 19:40:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.25 19:39:56 | 3214,188,544 | -HS- | M] () -- C:\hiberfil.sys [2012.01.25 16:01:27 | 000,441,141 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.01.25 16:00:56 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012.01.24 21:45:28 | 000,014,302 | ---- | M] () -- C:\Users\User\Documents\2009-12-01.hrf [2012.01.24 10:12:39 | 000,434,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.01.23 19:33:26 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.01.22 23:37:28 | 000,268,152 | ---- | M] () -- C:\Users\User\Desktop\Joss_Stone_HagenU.jpg [2012.01.22 17:29:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2012.01.18 12:30:15 | 000,440,328 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120125-160127.backup [2012.01.11 13:21:09 | 000,440,178 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120118-123015.backup [2012.01.06 18:01:53 | 000,430,263 | ---- | M] () -- C:\Users\User\Documents\Komplet Festplatte H.m3u [2011.12.30 15:15:33 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.12.29 13:10:41 | 000,440,051 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120111-132109.backup [2011.12.28 11:12:55 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [29 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.23 19:33:26 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.01.22 23:37:27 | 000,268,152 | ---- | C] () -- C:\Users\User\Desktop\Joss_Stone_HagenU.jpg [2012.01.13 14:47:33 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2011.12.28 11:12:55 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011.11.01 00:34:34 | 000,005,282 | ---- | C] () -- C:\Windows\Sandboxie.ini [2011.06.05 14:51:02 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll [2011.06.05 14:50:43 | 000,000,009 | ---- | C] () -- C:\Windows\Sierra.ini [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.09.26 16:28:14 | 000,108,992 | ---- | C] () -- C:\Windows\SysWow64\SH34W32.DLL [2010.09.26 16:28:13 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\IFORCE2.dll [2010.07.23 13:07:24 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.02.18 18:18:12 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2010.02.18 18:18:12 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2010.01.30 15:19:04 | 000,001,471 | ---- | C] () -- C:\Users\User\AppData\Local\RecConfig.xml [2010.01.23 22:52:46 | 000,047,104 | ---- | C] () -- C:\Windows\SysWow64\KMVIDC32.DLL [2010.01.21 14:15:18 | 000,007,605 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg [2010.01.11 20:35:02 | 000,024,064 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.10 18:29:27 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009.12.25 21:53:46 | 000,000,336 | ---- | C] () -- C:\Windows\game.ini [2009.11.28 16:27:06 | 000,000,549 | ---- | C] () -- C:\Windows\eReg.dat [2009.11.26 15:12:23 | 000,004,940 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe [2009.11.26 14:57:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.11.25 14:37:09 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2012.01.25 20:10:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.anki [2010.12.23 12:37:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AVG10 [2011.06.23 19:58:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Canneverbe Limited [2011.11.12 00:47:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\CheckPoint [2009.11.27 22:39:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite [2011.11.02 11:25:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Dropbox [2011.08.28 01:31:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoft [2011.04.12 14:55:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers [2010.01.10 18:28:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GetRightToGo [2011.08.23 22:44:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ICQ [2011.08.15 10:40:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech [2009.12.08 17:30:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\med2 [2009.11.26 23:16:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org [2010.07.23 13:17:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SmartSoftVideoConverter [2011.06.05 21:44:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Tropico 3 [2009.11.25 14:20:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ubisoft [2011.11.30 19:29:09 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.01.25 20:10:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.anki [2009.12.01 07:14:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Adobe [2010.07.23 13:05:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ahead [2011.11.22 15:41:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Apple Computer [2010.12.23 12:37:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AVG10 [2011.06.23 19:58:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Canneverbe Limited [2011.11.12 00:47:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\CheckPoint [2009.11.27 22:39:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite [2010.01.08 16:30:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DivX [2011.11.02 11:25:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Dropbox [2011.04.08 20:43:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\dvdcss [2011.08.28 01:31:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoft [2011.04.12 14:55:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers [2010.01.10 18:28:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GetRightToGo [2011.08.23 22:44:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ICQ [2009.11.24 18:54:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Identities [2011.08.15 10:40:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech [2011.08.15 10:37:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Logishrd [2011.08.15 10:40:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Logitech [2009.11.25 09:18:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Macromedia [2011.04.02 13:17:57 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Malwarebytes [2009.12.08 17:30:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\med2 [2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Media Center Programs [2011.12.29 13:09:04 | 000,000,000 | --SD | M] -- C:\Users\User\AppData\Roaming\Microsoft [2009.11.26 14:57:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla [2010.08.27 20:19:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\NVIDIA [2009.11.26 23:16:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org [2009.11.27 17:01:42 | 000,000,000 | RH-D | M] -- C:\Users\User\AppData\Roaming\SecuROM [2010.07.23 13:17:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SmartSoftVideoConverter [2011.06.05 21:44:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Tropico 3 [2009.11.25 14:20:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ubisoft [2012.01.13 20:03:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\vlc [2010.01.07 23:24:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Winamp [2009.11.26 13:57:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.05.25 21:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011.05.25 21:07:18 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\User\AppData\Roaming\Dropbox\bin\Uninstall.exe [2011.08.15 10:40:19 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe [2011.08.06 22:56:38 | 000,011,502 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}\ARPPRODUCTICON.exe [2011.08.06 22:56:38 | 000,053,248 | R--- | M] (InstallShield Software Corp.) -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}\FlatOut2.exe1_C884B05AF5D94AE49D84E6BD9F6E7890.exe [2011.08.06 22:56:38 | 000,053,248 | R--- | M] (InstallShield Software Corp.) -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}\FlatOut2.exe_C884B05AF5D94AE49D84E6BD9F6E7890.exe [2011.08.06 22:56:38 | 000,015,086 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}\NewShortcut5_C884B05AF5D94AE49D84E6BD9F6E7890.exe [2011.08.06 22:56:38 | 000,008,854 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}\Uninstall_FlatOut2_C884B05AF5D94AE49D84E6BD9F6E7890.exe [2010.09.01 14:52:56 | 000,032,032 | ---- | M] (NOS Microsystems Ltd.) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zqe3t1dt.default\extensions\nostmp\content\getPlusPlus_Adobe_reg.exe < %SYSTEMDRIVE%\*.exe > [2007.11.07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [29 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < End of report > Vielen Dank ;-) |
25.01.2012, 20:41 | #11 | ||
/// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Paypal Virus Du kannst nicht einfach planlos das System mit irgendwelcher Software zuklatschen und hoffen, dass das das dann irgendwie sicher ist nur weil Softwarehersteller irgendwas versprechen Zitat:
Bitte umgehend deinstallieren, Windows danach neustarten und sicherstellen, dass die Windows-Firewall aktiv ist und keine gefährlichen "Löcher" (siehe Ausnahmeliste) hat. Zitat:
Umgehend eins der beiden deinstallieren. Falls aber noch vorhanden, poste alle Logs der Scanner wenn da Funde waren.
__________________ Logfiles bitte immer in CODE-Tags posten |
25.01.2012, 21:00 | #12 |
| Bundespolizei Paypal Virus Okay, Zonealarm habe ich deinstalliert. Ich dachten eine solche Software wäre besser als die Windows-Forewall, da man damit mehr Kontrolle über eingehende und ausgeh ende Verbindungen hat. Naja, die Windows Firewall ist aber nun wieder eingeschaltet und Zone Alarm nicht mehr vorhanden ;-) Nutzen tue ich lediglich Avast, AVG war das Antiviren Programm, welches ich vorher benutzt habe. Es ist nicht aktiv, leider kann ich es aber auch nicht löschen bzw. deinstallieren. Weder kann ich es über Systemsteuerung deinstallieren noch die Ordner manuell löschen. Versuche ich das Programm zu deinstallieren kommt folgende Meldung: Fehler des Installationsprogramms Schweregrad. Fehler Fehlercode: 0xE001D02B Fehlermeldung: Das AVG-Produkt wurde nicht installiert, die deinstallationsanfrage wurde ignoriert. Zusätzliche Nachricht: AVG-Installationsprogramm- Das Produkt wurde nicht installiert, die deinstallationsanfrage ignoriert. Kontext: Initialisierung |
26.01.2012, 10:54 | #13 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Paypal Virus Um AVG zu deinstallieren, benötigt man manchmal einen entsprechenden Uninstaller => AVG - Download tools and utilities
__________________ Logfiles bitte immer in CODE-Tags posten |
26.01.2012, 17:07 | #14 |
| Bundespolizei Paypal Virus Super, das wäre auch erledigt. Die Reste von AVG sind auch endlich vom System verschwunden, danke! |
26.01.2012, 17:19 | #15 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Paypal Virus Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Bundespolizei Paypal Virus |
abgesicherten, anschluss, anti-malware, avast, besten, computer, diverse, ebenfalls, erwischt, euro, fehler, frage, fragen, logdateien, malwarebytes, modus, nichts, paypal, programm, scan, schnell, spybot, system, system neu, trojaner gefunden, trojaner-board, trojaner/virus, virus, windows |