| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Online-Banking gesperrt : Verdacht auf TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.02.2012, 13:26
| #1 |
 |  Online-Banking gesperrt : Verdacht auf Trojaner Hallo, und zwar geht es darum dass meine Bank (Sparkasse) mir einen Brief geschrieben hat, worin steht, dass mein online-banking gesperrt wurde, da verdacht auf "trojaner torpig_v6" besteht  Ich habe den brief mal hochgeladen : hxxp://img7.imagebanana.com/img/urq1ofu0/2012020113.05.54.jpg Kann mir das jemand erklären? Wie kann die Sparkasse auf einen "derartigen" Server zugreifen, auf den meine Zugangsdaten gesendet wurden? Ein Freund hat mir gesagt dass meine bankdaten evtl von einem händler geknackt wurden und die bank dahinter kommt, da diese händler daten erkaufen oder erpressen - Dass es aber nicht heisst, dass mein pc infiziert war Was sagt ihr dazu? mfg |
|
01.02.2012, 13:34
| #2 |
| /// Malware-holic   | Online-Banking gesperrt : Verdacht auf Trojaner hi,
__________________naja die banken arbeiten teilweise mit ermittlungsbehörden zusammen, wenn diese auf zugangsdaten stoßen wird da informiert. auch wenn bekannte ips auf deinen account zugreifen wird da alarm geschlagen. die banken liegen da meistens richtig mit ihrer vermutung, also sei schon mal froh das sie dich informiert haben. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
01.02.2012, 14:42
| #3 |
| | Online-Banking gesperrt : Verdacht auf Trojaner vielen dank schonmal für deine hilfe
__________________hier die kopien : OTL.txt OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 01.02.2012 14:21:35 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Daniel\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,91 Gb Total Physical Memory | 6,31 Gb Available Physical Memory | 79,74% Memory free 15,83 Gb Paging File | 13,82 Gb Available in Paging File | 87,31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 259,33 Gb Free Space | 55,69% Space Free | Partition Type: NTFS Drive D: | 25,01 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.01 14:18:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Downloads\OTL.exe PRC - [2011.12.08 20:41:40 | 000,102,712 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Linkury\Application\Linkury.exe PRC - [2011.08.22 08:48:44 | 003,346,032 | ---- | M] (Babylon Ltd.) -- C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe PRC - [2011.08.01 13:35:42 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe PRC - [2011.07.01 17:14:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.05.17 18:40:52 | 000,395,240 | ---- | M] (Search-Results) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.28 15:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.11.21 10:49:24 | 000,247,608 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.10.14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe PRC - [2009.10.14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe PRC - [2009.10.07 00:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe PRC - [2004.10.08 10:52:32 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\Windows\SysWOW64\LVCOMSX.EXE ========== Modules (No Company Name) ========== MOD - [2011.12.09 16:42:22 | 008,013,664 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll MOD - [2011.12.09 16:42:22 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll MOD - [2011.12.08 20:43:08 | 000,016,184 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Linkury\Application\Smartbar.Resources.Utilities.dll MOD - [2011.12.08 20:43:00 | 000,024,888 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Linkury\Application\Smartbar.Resources.SocialNetsSharer.dll MOD - [2011.12.08 20:42:58 | 000,019,256 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Linkury\Application\Smartbar.Resources.SideBySide.dll MOD - [2011.12.08 20:42:54 | 000,034,104 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Linkury\Application\Smartbar.Resources.SetBrowsersSettingsAutoUpdater.dll MOD - [2011.12.08 20:42:50 | 000,013,112 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Linkury\Application\Smartbar.Resources.ProcessDownMonitor.dll MOD - [2011.12.08 20:42:42 | 000,066,872 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Linkury\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll MOD - [2011.12.08 20:42:40 | 000,330,040 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Linkury\Application\Smartbar.Resources.FilesManager.dll MOD - [2011.12.08 20:42:36 | 000,033,592 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Linkury\Application\Smartbar.Resources.AutomaticUpdates.dll MOD - [2011.12.08 20:42:30 | 000,015,672 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Linkury\Application\Smartbar.Personalization.Common.dll MOD - [2011.12.08 20:42:26 | 000,076,600 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Linkury\Application\Smartbar.Personalization.BusinessLogic.dll MOD - [2011.12.08 20:42:12 | 000,018,232 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Linkury\Application\Smartbar.Infrastructure.Utilities.dll MOD - [2011.12.08 20:42:08 | 000,052,024 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Linkury\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll MOD - [2011.12.08 20:41:56 | 000,024,376 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Linkury\Application\Smartbar.Infrastructure.Core.dll MOD - [2011.12.08 20:41:54 | 000,012,088 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Linkury\Application\Smartbar.Infrastructure.BusinessEntities.dll MOD - [2011.12.08 20:41:52 | 000,013,112 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Linkury\Application\Smartbar.GUI.Multimedia.Loader.dll MOD - [2011.12.08 20:41:48 | 000,899,384 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Linkury\Application\Smartbar.GUI.MainClient.dll MOD - [2011.12.08 20:41:44 | 000,080,184 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Linkury\Application\Smartbar.GUI.Docking.dll MOD - [2011.12.08 20:41:42 | 000,541,496 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Linkury\Application\Smartbar.GUI.Controls.dll MOD - [2011.12.08 20:41:40 | 000,102,712 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Linkury\Application\Linkury.exe MOD - [2011.12.08 20:40:10 | 000,025,400 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Linkury\Application\de\Smartbar.GUI.MainClient.resources.dll MOD - [2011.12.08 20:39:22 | 000,040,960 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Linkury\Application\MACTrackBarLib.dll MOD - [2011.06.20 10:36:25 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\2e8bbdf2a971ffe1ba403c620989954c\CustomMarshalers.ni.dll MOD - [2011.06.20 10:26:26 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\77631b8c99bc572962e558cdac417477\System.Web.Services.ni.dll MOD - [2011.06.20 10:26:09 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\933baa29f5feba3093ba81c5b9b82b1c\System.Windows.Forms.ni.dll MOD - [2011.06.20 10:26:06 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e979f76558e7e1f7127a5244fb5a0347\System.Drawing.ni.dll MOD - [2011.06.20 10:25:57 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\682572c507ea7552c3db1842c21bf9c8\System.Xml.ni.dll MOD - [2011.06.20 10:25:55 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e8add38eb4f9c07790b5be549c5f0dae\System.Configuration.ni.dll MOD - [2011.06.20 10:25:54 | 007,949,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f7048e198c963fa189cff3aea17dfee3\System.ni.dll MOD - [2011.06.20 10:25:51 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll MOD - [2009.07.14 18:58:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.06.10 22:22:50 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.05.25 04:03:38 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.10.07 00:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64) SRV - [2012.01.09 15:03:12 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.07.01 17:14:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.11.21 10:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.07.26 05:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.07.01 17:14:56 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.07.01 17:14:56 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.06.20 15:21:16 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.06.20 15:21:15 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.05.25 05:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2011.05.25 05:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.05.25 03:25:42 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.03.30 19:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.03.26 00:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.02.22 07:21:54 | 000,404,584 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2010.11.09 14:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135) DRV:64bit: - [2010.07.01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc) DRV:64bit: - [2009.10.07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon) DRV:64bit: - [2009.10.07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64) DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.linkury.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6D 63 63 12 B0 39 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.06.20 11:49:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.5.1\FF [2011.09.05 15:31:49 | 000,000,000 | ---D | M] [2011.06.20 11:49:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions [2011.06.20 11:49:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.07.16 21:28:02 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml ========== Chrome ========== CHR - default_search_provider: Linkury Smartbar Search (Enabled) CHR - default_search_provider: search_url = hxxp://search-us.linkury.com/results.htm?cx=partner-pub-7890126930977991:5731629158&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\pdf.dll CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.1_0\BabylonChromePI.dll CHR - plugin: GoogleChromeRemotePlugin (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: PriceGong = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.5.0_0\ CHR - Extension: YouTube = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\ CHR - Extension: Google-Suche = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\ CHR - Extension: AutocompletePro plugin for chrome = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk\1.0_0\ CHR - Extension: Babylon Translator = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.3_0\ CHR - Extension: Facemoods = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.6_0\ CHR - Extension: Google Mail = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.) O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen) O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.5.1\PriceGongIE.dll (PriceGong) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (ICQ Sparberater) - {5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results) O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Search-Results) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.) O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [LogitechGalleryRepair] C:\Program Files (x86)\Logitech\ImageStudio\ISStart.exe (Logitech Inc.) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [LVCOMSX] C:\Windows\SysWOW64\LVCOMSX.EXE (Logitech Inc.) O4 - HKLM..\Run: [QCDriverInstaller] C:\PROGRA~2\COMMON~1\Logitech\QCDRIV~2\Lqdsw.exe /addrun /l 1033 /LaunchAtStart File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [Linkury Chrome Smartbar] C:\Users\Daniel\AppData\Local\Linkury\Application\Linkury.exe () O4 - HKCU..\Run: [Steam] C:\dd\Steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O8:64bit: - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O8 - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html () O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EC55AD3-0253-44EA-9E38-7C7C7DF49347}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.09.15 08:29:50 | 000,000,028 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{0d89b22f-9a06-11e0-a779-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{0d89b22f-9a06-11e0-a779-806e6f6e6963}\Shell\AutoRun\command - "" = D:\HS233H.exe -- [2009.07.20 09:34:38 | 002,031,609 | R--- | M] (Macromedia, Inc.) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.02.01 13:27:59 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{0E435D38-FFD4-42FC-88AE-AB94B4593F01} [2012.02.01 13:27:47 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{D5FC6017-8765-4971-83BC-4FB221C7E0AD} [2012.01.31 18:07:16 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{463289D4-9792-4116-AD5B-EAC7D64DA9FC} [2012.01.31 18:07:05 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{AB5FF891-E004-41FF-8177-56668CB0DC06} [2012.01.31 10:30:07 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{B09E342C-4849-46AD-9BB5-5E6123374AD4} [2012.01.30 14:05:17 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{BCB921BE-6F7E-41DB-B41A-46EF0A9F535E} [2012.01.30 14:05:05 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{D0FA2515-F844-445D-93DF-1B05CF9320F1} [2012.01.29 14:31:42 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{7E0EC180-E6C1-4572-BDD3-1EDE1B98724A} [2012.01.29 14:31:30 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{DDDFE4AD-D996-4384-9BED-EC334D3A216C} [2012.01.28 12:27:57 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{90B4AC65-1720-404F-8036-A2DC574EAC54} [2012.01.28 12:27:33 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{C5C12F86-794B-44C8-94EF-D02A5148CD92} [2012.01.27 17:02:57 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{317E617A-B05D-4573-834A-E25E7184AD65} [2012.01.27 17:02:46 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{03C077B3-A0D0-4561-A300-E8C4EBA5E236} [2012.01.26 12:23:13 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{B5984232-E60A-4425-9515-2FB42A95E0CA} [2012.01.26 12:23:00 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{B5B8B965-038E-4A08-A63E-B0662171A32E} [2012.01.25 13:06:34 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{5A956513-8732-4C34-B17B-354123663953} [2012.01.25 13:06:23 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{09541B85-809A-45CF-9101-85DF4818FE02} [2012.01.24 13:11:13 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{04A81AA5-C5EA-431B-BEBD-9F0881BC93A0} [2012.01.24 13:10:59 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{7BD806E1-2FC8-4FF0-8F15-ABF4DC0CD113} [2012.01.23 13:41:12 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{36FF25B7-D98E-4914-A86B-9D3B1C0AF68B} [2012.01.23 13:41:01 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{0392EAA0-FA11-410E-B00A-0D9F5D5E60B0} [2012.01.22 13:15:09 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{2022FA00-A3C0-43FB-B68F-72F08DD60126} [2012.01.22 00:52:31 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{5BC70450-A2AD-4907-A9F8-04CB5FF2BBD4} [2012.01.21 12:52:07 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{BE27C782-AA41-4665-BDF0-4C57EB4C3F32} [2012.01.21 12:51:55 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{F995302E-320E-4109-ACAA-675C1328B9D1} [2012.01.20 16:20:35 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{862B65C5-BB1A-4F8E-995C-37029BD7CAB1} [2012.01.20 16:20:23 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{6F7635DA-1C2F-4D3E-B2ED-5A0A2EE2EA37} [2012.01.19 21:14:15 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{E01B9093-7A96-49A0-8905-80B7FBFB45C1} [2012.01.19 21:13:53 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{9793B190-E688-451C-BD9C-09D3EEFCFCB3} [2012.01.19 09:13:27 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{1B4B1C4C-FA43-49E2-8452-FDB44034024B} [2012.01.19 09:13:16 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{EAEE6723-F009-4187-8AB3-687C604C866F} [2012.01.18 11:44:09 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{A8C50466-33C4-48BF-8E51-584BEDC253C3} [2012.01.18 11:43:46 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{78233483-109A-4EAB-9B81-F61E07427201} [2012.01.17 13:08:03 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{98AFCF4D-507B-4919-AC92-9F1FE59031D4} [2012.01.17 13:07:51 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{984800FC-9324-4083-B37B-91682A51E642} [2012.01.16 14:46:22 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{7F7D6133-0B24-4296-933D-D5D653A23CC9} [2012.01.16 14:46:11 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{22D4F43B-8D84-4C5E-8F01-9FC0F4EB9FF8} [2012.01.15 14:33:15 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{030C2044-A1D6-48FC-BDA2-6DF7E5CE3E7A} [2012.01.15 14:32:53 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{8F3A3D76-0BEE-47BD-850B-03E90E44CECC} [2012.01.15 02:32:28 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{2504584E-32A2-4800-A6B8-57876D334EB1} [2012.01.15 02:32:06 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{BA7A9D3E-0D50-4677-ADEC-948055344D54} [2012.01.14 12:19:03 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{4FA75877-44FE-4AB8-8AC8-7A21511EAE7F} [2012.01.14 12:18:52 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{9D5DD44C-43AB-4DCA-8A4F-04D0E34A8EA8} [2012.01.13 16:50:34 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{E7DC3ABC-ADAE-4555-8C15-5B0A77B801E2} [2012.01.13 16:50:11 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{43F594A4-3FCF-4E7C-A21F-5500B1CDE30C} [2012.01.12 12:21:22 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{C4CAEF12-E2CD-4326-A708-AE6ECE72A1B0} [2012.01.12 12:21:10 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{697456FC-5B8C-4A30-8696-FCAAB2AA403F} [2012.01.11 20:42:42 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{4F3BA745-5288-4162-A3F3-5D07600C347E} [2012.01.11 08:42:07 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{C33EDA5B-07C5-4C46-B1F6-37A486B49E79} [2012.01.11 08:41:44 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{3F9A2A2A-8B50-4195-8F8D-EF43DE3ECAA6} [2012.01.10 18:07:41 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{D782432B-08E4-4CCE-BF1E-99413207B0DA} [2012.01.10 18:07:30 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{DAFA4140-ABC6-4B31-9048-A85BBBC63D03} [2012.01.09 15:04:31 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{70966437-8ECD-4FD5-A7F7-5610146FDF55} [2012.01.09 15:04:10 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{0312B0C6-39C9-44C1-8BF9-A0AD2CC7379C} [2012.01.08 13:30:18 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{C4C2BFFE-BA9A-432C-B029-3E1DC1686186} [2012.01.08 13:30:06 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{BBE41149-5ACD-4007-BE7E-8784A3DE1B98} [2012.01.08 00:35:08 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{147EE604-5DAE-47A7-80C1-F8C6860B047C} [2012.01.07 12:34:20 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{B78B146B-BECC-4C49-8604-3DD1EA1FA7E9} [2012.01.07 12:34:09 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{3EE1E8C4-FBC0-4277-A191-FC485A5E43B4} [2012.01.06 19:20:59 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{A03F1FAA-810C-4688-B983-6D31E45AEAFE} [2012.01.06 19:20:36 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{FFAF0C8C-628C-4EC7-AAA3-42CB166132A9} [2012.01.06 02:32:56 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{01C3AACE-1A23-4A10-BDFE-EF450B6387EC} [2012.01.05 14:32:19 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{15882C31-C485-4034-BFEC-AAD3EF6B8C99} [2012.01.05 14:31:57 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{8FA1E6B6-CA44-4944-A849-DFF435A904DA} [2012.01.05 01:59:37 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{E3943CC6-9CF8-476B-97E5-21AC016257A9} [2012.01.05 01:59:15 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{2883C5C5-DD52-40F5-8313-AEB59D337771} [2012.01.04 13:58:36 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{FDAADC81-E50D-4B9E-9C5A-C605425BCAA4} [2012.01.04 13:58:23 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{C5A8AC74-F519-40E7-9595-82938989B680} [2012.01.03 21:57:03 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{084AEAF0-C9A8-4F27-A4A4-CB64BD6F8B55} [2012.01.03 21:56:41 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{D047B9B1-ACD0-4909-88F0-A1514EA7CD79} [2012.01.03 09:56:04 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{8C6B220C-1AC8-4CEE-BC40-24237D28306B} [2012.01.03 09:55:53 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{1815AC2B-EC50-4A0D-BAE3-BFD67B64B437} [2012.01.02 14:32:15 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{187F1A34-81A8-43DA-B5B3-4A6A74B509EA} [2012.01.02 14:31:53 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{667D4BC6-222F-4E34-BF51-82F6774873CF} ========== Files - Modified Within 30 Days ========== [2012.02.01 13:49:14 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.02.01 13:39:11 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.01 13:39:11 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.01 13:27:28 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.01 08:44:45 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.02.01 08:44:45 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.02.01 08:44:45 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.02.01 08:44:45 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.02.01 08:44:45 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.02.01 08:39:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.01 08:38:57 | 2078,793,727 | -HS- | M] () -- C:\hiberfil.sys [2012.01.25 14:02:38 | 000,117,191 | ---- | M] () -- C:\Users\Daniel\Desktop\iiikkkk.jpg [2012.01.25 13:50:16 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk ========== Files Created - No Company Name ========== [2012.01.25 14:02:30 | 000,117,191 | ---- | C] () -- C:\Users\Daniel\Desktop\iiikkkk.jpg [2011.09.19 11:39:17 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011.09.19 11:34:56 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2011.09.06 17:23:34 | 000,053,248 | R--- | C] () -- C:\Windows\SysWow64\InstMed.exe [2011.09.05 15:41:46 | 000,000,241 | ---- | C] () -- C:\Windows\QSync.INI [2011.09.05 15:34:18 | 000,002,176 | ---- | C] () -- C:\Windows\_delis32.ini [2011.06.19 00:54:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.05.24 22:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.03.26 00:16:12 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.03.26 00:16:10 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.03.26 00:16:10 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll ========== LOP Check ========== [2011.12.24 22:37:42 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Amazon [2011.09.21 13:44:28 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Babylon [2011.08.27 23:28:54 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\GrabIt [2012.02.01 14:20:49 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ICQ [2011.08.29 20:54:47 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\IrfanView [2011.09.05 18:48:26 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Leadertech [2011.11.20 02:11:18 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LolClient [2011.09.19 11:34:50 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\OpenCandy [2011.10.20 16:16:03 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Origin [2011.11.08 22:21:37 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Screaming Bee [2011.06.20 11:49:08 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Thunderbird [2011.08.21 19:09:09 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TS3Client [2011.12.28 13:55:28 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.01.25 23:29:26 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.06.19 19:26:57 | 000,000,000 | ---D | M] -- C:\ATI [2012.02.01 13:27:36 | 000,000,000 | ---D | M] -- C:\dd [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.06.19 19:10:39 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.07.31 23:43:22 | 000,000,000 | ---D | M] -- C:\Firefox [2011.06.19 19:29:43 | 000,000,000 | ---D | M] -- C:\Intel [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.09.19 11:35:23 | 000,000,000 | R--D | M] -- C:\Program Files [2011.11.24 21:01:25 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.11.08 22:20:59 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.06.19 19:10:39 | 000,000,000 | -HSD | M] -- C:\Programme [2011.06.19 19:10:40 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.11.13 22:15:44 | 000,000,000 | ---D | M] -- C:\Riot Games [2012.02.01 14:22:32 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.01.25 23:29:20 | 000,000,000 | R--D | M] -- C:\Users [2011.12.31 16:20:14 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2011.04.22 20:31:23 | 010,990,080 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll < %USERPROFILE%\*.* > [2012.02.01 14:27:20 | 001,835,008 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT [2012.02.01 14:27:20 | 000,262,144 | -HS- | M] () -- C:\Users\Daniel\ntuser.dat.LOG1 [2011.06.19 19:10:44 | 000,000,000 | -HS- | M] () -- C:\Users\Daniel\ntuser.dat.LOG2 [2011.06.19 19:58:57 | 000,065,536 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011.06.19 19:58:57 | 000,524,288 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011.06.19 19:58:57 | 000,524,288 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2011.06.19 19:10:44 | 000,000,020 | -HS- | M] () -- C:\Users\Daniel\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > Extras.txt : OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.02.2012 14:21:35 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Daniel\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,91 Gb Total Physical Memory | 6,31 Gb Available Physical Memory | 79,74% Memory free
15,83 Gb Paging File | 13,82 Gb Available in Paging File | 87,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 259,33 Gb Free Space | 55,69% Space Free | Partition Type: NTFS
Drive D: | 25,01 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{495ADF2E-6DDD-7C45-E02A-F9B4AF6F2175}" = AMD Drag and Drop Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{54E192A6-AA33-1963-C96A-26AA7A3B41B4}" = ccc-utility64
"{5857E7BE-2F6F-D41A-42B2-B668B19A5F30}" = AMD Media Foundation Decoders
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{CFF9D801-1EC4-B8F5-2CAB-4A1790C95A18}" = ATI Catalyst Install Manager
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57.1
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{058AF8C6-E4DE-4D91-9879-B72860E9F615}" = MorphVOX Pro
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{30D659E4-4405-6925-CDCF-EB8CD0C80DAC}" = Catalyst Control Center Graphics Previews Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24}" = ICQ Sparberater
"{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}" = Logitech ImageStudio
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{60DE7978-4F13-5584-5E53-DCEE1CB115A5}" = Catalyst Control Center
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85268C72-C609-E50A-7AB3-9B3582DFEE66}" = CCC Help English
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Search-Results Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}" = SweetIM Toolbar for Internet Explorer 4.2
"{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AFF8C8F4-E4BB-891F-8636-5E71F946C5B6}" = Catalyst Control Center InstallProxy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{C165DADA-6524-4C25-9B00-EC1C5270F538}" = Linkury Smartbar
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 12.0.750.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Alt.Binz" = Alt.Binz 0.25.0
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AutocompletePro3_is1" = AutocompletePro
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Babylon" = Babylon
"BabylonToolbar" = Babylon toolbar on IE
"facemoods" = Facemoods Toolbar
"Google Chrome" = Google Chrome
"GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"Guild Wars" = GUILD WARS
"ICQToolbar" = ICQ Toolbar
"IrfanView" = IrfanView (remove only)
"KaloMa_is1" = KaloMa 4.92
"Logitech Vid" = Logitech Vid HD
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"Origin" = Origin
"PriceGong" = PriceGong 2.5.1
"QcDrv" = Logitech® Camera-Treiber
"QuickPar" = QuickPar 0.9
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 1.1.10
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"World of Warcraft" = World of Warcraft
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 28.01.2012 07:26:53 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Lqdsw.exe, Version: 7.3.0.1113, Zeitstempel:
0x3df6a424 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695, Zeitstempel:
0x4cc7ab86 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00022262 ID des fehlerhaften Prozesses:
0xc28 Startzeit der fehlerhaften Anwendung: 0x01ccddafb72cb4f1 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Common Files\Logitech\QCDriver3\Lqdsw.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: f9f1c18f-49a2-11e1-89f5-002522c30056
Error - 29.01.2012 09:31:16 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Lqdsw.exe, Version: 7.3.0.1113, Zeitstempel:
0x3df6a424 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695, Zeitstempel:
0x4cc7ab86 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00022262 ID des fehlerhaften Prozesses:
0x9ec Startzeit der fehlerhaften Anwendung: 0x01ccde8a43ce11e6 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Common Files\Logitech\QCDriver3\Lqdsw.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 84952bb0-4a7d-11e1-afd2-002522c30056
Error - 30.01.2012 09:04:28 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Lqdsw.exe, Version: 7.3.0.1113, Zeitstempel:
0x3df6a424 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695, Zeitstempel:
0x4cc7ab86 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00022262 ID des fehlerhaften Prozesses:
0xc74 Startzeit der fehlerhaften Anwendung: 0x01ccdf4faca2f3b4 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Common Files\Logitech\QCDriver3\Lqdsw.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: f081407d-4b42-11e1-89c8-002522c30056
Error - 30.01.2012 09:05:10 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Babylon.exe, Version: 9.0.3.23, Zeitstempel:
0x4e51f2eb Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695, Zeitstempel:
0x4cc7ab86 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00032a85 ID des fehlerhaften Prozesses:
0xd0c Startzeit der fehlerhaften Anwendung: 0x01ccdf4fad7df24d Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe Pfad des fehlerhaften
Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 0969c59c-4b43-11e1-89c8-002522c30056
Error - 30.01.2012 13:23:24 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Lqdsw.exe, Version: 7.3.0.1113, Zeitstempel:
0x3df6a424 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695, Zeitstempel:
0x4cc7ab86 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00022262 ID des fehlerhaften Prozesses:
0xfcc Startzeit der fehlerhaften Anwendung: 0x01ccdf73df4a56c8 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Common Files\Logitech\QCDriver3\Lqdsw.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 1cfd8119-4b67-11e1-8526-002522c30056
Error - 31.01.2012 05:29:51 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Lqdsw.exe, Version: 7.3.0.1113, Zeitstempel:
0x3df6a424 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695, Zeitstempel:
0x4cc7ab86 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00022262 ID des fehlerhaften Prozesses:
0x84c Startzeit der fehlerhaften Anwendung: 0x01ccdffae104b1fe Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Common Files\Logitech\QCDriver3\Lqdsw.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 1f7a51d2-4bee-11e1-9ce8-002522c30056
Error - 31.01.2012 09:04:07 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Babylon.exe, Version: 9.0.3.23, Zeitstempel:
0x4e51f2eb Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695, Zeitstempel:
0x4cc7ab86 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00032a85 ID des fehlerhaften Prozesses:
0xf00 Startzeit der fehlerhaften Anwendung: 0x01ccdffae10acc95 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe Pfad des fehlerhaften
Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 0eb622b4-4c0c-11e1-9ce8-002522c30056
Error - 31.01.2012 13:06:51 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Lqdsw.exe, Version: 7.3.0.1113, Zeitstempel:
0x3df6a424 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695, Zeitstempel:
0x4cc7ab86 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00022262 ID des fehlerhaften Prozesses:
0x1f94 Startzeit der fehlerhaften Anwendung: 0x01cce03ab9a9f3cc Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Common Files\Logitech\QCDriver3\Lqdsw.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: f7730f30-4c2d-11e1-9ce8-002522c30056
Error - 31.01.2012 18:14:11 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Lqdsw.exe, Version: 7.3.0.1113, Zeitstempel:
0x3df6a424 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695, Zeitstempel:
0x4cc7ab86 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00022262 ID des fehlerhaften Prozesses:
0x1fa0 Startzeit der fehlerhaften Anwendung: 0x01cce065a7c35e52 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Common Files\Logitech\QCDriver3\Lqdsw.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: e6481af7-4c58-11e1-9ce8-002522c30056
Error - 01.02.2012 08:27:37 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Lqdsw.exe, Version: 7.3.0.1113, Zeitstempel:
0x3df6a424 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695, Zeitstempel:
0x4cc7ab86 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00022262 ID des fehlerhaften Prozesses:
0x228 Startzeit der fehlerhaften Anwendung: 0x01cce0dcdf996984 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Common Files\Logitech\QCDriver3\Lqdsw.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 1f56471c-4cd0-11e1-a2ad-002522c30056
[ System Events ]
Error - 27.01.2012 04:12:53 | Computer Name = Daniel-PC | Source = DCOM | ID = 10010
Description =
Error - 27.01.2012 06:22:00 | Computer Name = Daniel-PC | Source = DCOM | ID = 10010
Description =
Error - 27.01.2012 14:24:18 | Computer Name = Daniel-PC | Source = DCOM | ID = 10010
Description =
Error - 27.01.2012 19:38:40 | Computer Name = Daniel-PC | Source = DCOM | ID = 10010
Description =
Error - 28.01.2012 18:09:06 | Computer Name = Daniel-PC | Source = DCOM | ID = 10010
Description =
Error - 29.01.2012 18:19:30 | Computer Name = Daniel-PC | Source = DCOM | ID = 10010
Description =
Error - 30.01.2012 10:47:34 | Computer Name = Daniel-PC | Source = DCOM | ID = 10010
Description =
Error - 30.01.2012 18:16:18 | Computer Name = Daniel-PC | Source = DCOM | ID = 10010
Description =
Error - 31.01.2012 04:31:54 | Computer Name = Daniel-PC | Source = DCOM | ID = 10010
Description =
Error - 31.01.2012 19:01:01 | Computer Name = Daniel-PC | Source = DCOM | ID = 10010
Description =
< End of report >
|
|
01.02.2012, 15:39
| #4 |
| /// Malware-holic | Online-Banking gesperrt : Verdacht auf Trojaner 1. gab es mal avira fundmeldungen, bitte prüfe das unter avira, ereignisse, bzw gucke unter avira, berichte, ob es scans mit funden gab, bitte die jeweiligen berichte posten. 2. ist das der einzige pc von dem aus banking gemacht wurde? 3. Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
01.02.2012, 20:19
| #5 |
| | Online-Banking gesperrt : Verdacht auf Trojaner es gab keinerlei meldungen oder funde online-banking wurde auch von einem anderen pc betrieben, der ist aber seit ca 1 woche defekt (netzteil durchgebrannt) Ich habe combofix laufen lassen, hier der log : Combofix Logfile: Code:
ATTFilter ComboFix 12-02-01.01 - Daniel 01.02.2012 19:08:30.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.8105.6230 [GMT 1:00]
ausgeführt von:: c:\users\Daniel\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\AutocompletePro
c:\program files (x86)\AutocompletePro\AutocompletePro.dll
c:\program files (x86)\AutocompletePro\chrome\autocompleteprochrome.crx
c:\program files (x86)\AutocompletePro\FireFoxExtension.exe
c:\program files (x86)\AutocompletePro\InstTracker.exe
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files (x86)\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files (x86)\AutocompletePro\support@predictad.com\install.rdf
c:\program files (x86)\AutocompletePro\unins000.dat
c:\program files (x86)\AutocompletePro\unins000.exe
c:\program files (x86)\facemoods.com
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoods.crx
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoods.png
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsApp.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsEng.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\faCEmoodstlbr.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\uninstall.exe
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setup.dll
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.dat
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.exe
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.ico
c:\windows\IsUn0407.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Nicht in der Lage zu löschen
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-01-01 bis 2012-02-01 ))))))))))))))))))))))))))))))
.
.
2012-02-01 18:11 . 2012-02-01 18:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-25 22:29 . 2012-01-25 22:29 -------- d-----w- c:\users\Gast
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-05-03 10:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2009-11-25 10:47 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24}]
2011-06-30 12:27 50240 ----a-w- c:\program files (x86)\icq\Internet Explorer\icq.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 17:40 1492456 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2011-08-24 16:21 1299248 ----a-w- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-09-07 18:34 194848 ----a-w- c:\program files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-05-17 1492456]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-03 39408]
"Steam"="c:\dd\Steam.exe" [2011-11-06 1242448]
"Linkury Chrome Smartbar"="c:\users\Daniel\AppData\Local\Linkury\Application\Linkury.exe" [2011-12-08 102712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-05-17 395240]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2011-08-01 114992]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"QCDriverInstaller"="c:\progra~2\COMMON~1\Logitech\QCDRIV~2\Lqdsw.exe" [2002-12-10 638976]
"LogitechGalleryRepair"="c:\program files (x86)\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
"LogitechImageStudioTray"="c:\program files (x86)\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Babylon Client"="c:\program files (x86)\Babylon\Babylon-Pro\Babylon.exe" [2011-08-22 3346032]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-03 136176]
R3 ALSysIO;ALSysIO;c:\users\Daniel\AppData\Local\Temp\ALSysIO64.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-03 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-06 191000]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-03 18:28]
.
2012-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-03 18:28]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2009-11-25 10:47 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-03 11842152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-25 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-25 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-25 418840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.linkury.com
mStart Page = hxxp://home.sweetim.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: Web-Suche - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-ICQ - ~c:\program files (x86)\ICQ7.6\ICQ.exe
Wow6432Node-HKLM-Run-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
AddRemove-AutocompletePro3_is1 - c:\program files (x86)\AutocompletePro\unins000.exe
AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\uninstall.exe
AddRemove-QcDrv - c:\program files (x86)\Common Files\Logitech\QCDRV\BIN\SETUP.EXE
AddRemove-Steam App 42700 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 42710 - c:\program files (x86)\Steam\steam.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\windows\SysWOW64\LVCOMSX.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-01 19:18:37 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-02-01 18:18
.
Vor Suchlauf: 11 Verzeichnis(se), 279.838.056.448 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 280.843.026.432 Bytes frei
.
- - End Of File - - 1D36EF27529911CCD38192786EA8CE9D
|
|
01.02.2012, 20:22
| #6 |
| /// Malware-holic | Online-Banking gesperrt : Verdacht auf Trojaner trotzdem gucken wir mal weiter. also könnte auch der andere pc betroffen sein. malwarebytes: Downloade Dir bitte Malwarebytes
__________________ --> Online-Banking gesperrt : Verdacht auf Trojaner |
|
01.02.2012, 21:42
| #7 |
| | Online-Banking gesperrt : Verdacht auf Trojaner Ich habe es durchlaufen lassen und es wurden keine ergebnisse gefunden konnte auch nirgendwo auf "ergebnisse anzeigen" klicken mfg |
|
02.02.2012, 12:40
| #8 |
| /// Malware-holic | Online-Banking gesperrt : Verdacht auf Trojaner öffne malwarebytes, logdateien, dort den bericht raussuchen und posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.02.2012, 15:43
| #9 |
| | Online-Banking gesperrt : Verdacht auf Trojaner unter logdateien stehen nur diese beiden txt dokumente : 2012/02/01 21:03:58 +0100 DANIEL-PC Daniel MESSAGE Starting protection 2012/02/01 21:03:59 +0100 DANIEL-PC Daniel MESSAGE Protection started successfully 2012/02/01 21:04:02 +0100 DANIEL-PC Daniel MESSAGE Starting IP protection 2012/02/01 21:04:03 +0100 DANIEL-PC Daniel MESSAGE IP Protection started successfully 2012/02/01 21:19:20 +0100 DANIEL-PC Daniel MESSAGE Executing scheduled update: Daily 2012/02/01 21:19:23 +0100 DANIEL-PC Daniel MESSAGE Starting database refresh 2012/02/01 21:19:23 +0100 DANIEL-PC Daniel MESSAGE Scheduled update executed successfully: database updated from version v2012.02.01.05 to version v2012.02.01.06 2012/02/01 21:19:23 +0100 DANIEL-PC Daniel MESSAGE Stopping IP protection 2012/02/01 21:19:44 +0100 DANIEL-PC Daniel MESSAGE IP Protection stopped 2012/02/01 21:19:45 +0100 DANIEL-PC Daniel MESSAGE Database refreshed successfully 2012/02/01 21:19:45 +0100 DANIEL-PC Daniel MESSAGE Starting IP protection 2012/02/01 21:19:46 +0100 DANIEL-PC Daniel MESSAGE IP Protection started successfully 2012/02/02 08:03:04 +0100 DANIEL-PC Gast MESSAGE Starting protection 2012/02/02 08:03:05 +0100 DANIEL-PC Gast MESSAGE Protection started successfully 2012/02/02 08:03:08 +0100 DANIEL-PC Gast MESSAGE Starting IP protection 2012/02/02 08:03:08 +0100 DANIEL-PC Gast MESSAGE IP Protection started successfully 2012/02/02 10:27:34 +0100 DANIEL-PC Gast MESSAGE Starting protection 2012/02/02 10:27:35 +0100 DANIEL-PC Gast MESSAGE Protection started successfully 2012/02/02 10:27:38 +0100 DANIEL-PC Gast MESSAGE Starting IP protection 2012/02/02 10:27:39 +0100 DANIEL-PC Gast MESSAGE IP Protection started successfully 2012/02/02 11:22:25 +0100 DANIEL-PC Gast MESSAGE Starting protection 2012/02/02 11:22:26 +0100 DANIEL-PC Gast MESSAGE Protection started successfully 2012/02/02 11:22:29 +0100 DANIEL-PC Gast MESSAGE Starting IP protection 2012/02/02 11:22:30 +0100 DANIEL-PC Gast MESSAGE IP Protection started successfully 2012/02/02 14:14:43 +0100 DANIEL-PC Gast MESSAGE Starting protection 2012/02/02 14:14:44 +0100 DANIEL-PC Gast MESSAGE Protection started successfully 2012/02/02 14:14:47 +0100 DANIEL-PC Gast MESSAGE Starting IP protection 2012/02/02 14:14:47 +0100 DANIEL-PC Gast MESSAGE IP Protection started successfully |
|
02.02.2012, 15:47
| #10 |
| /// Malware-holic | Online-Banking gesperrt : Verdacht auf Trojaner dann war der scan evtl. nicht erfolgreich, denn normalerweise werden alle logs gespeichert, bitte sicherheitshalber updaten und noch mal.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.02.2012, 16:23
| #11 |
| | Online-Banking gesperrt : Verdacht auf Trojaner ok, habe es nocheinmal durchlaufen lassen, und jetzt gibts auch eine log datei : Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.01.06 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Gast :: DANIEL-PC [limitiert] Schutz: Aktiviert 02.02.2012 15:44:33 mbam-log-2012-02-02 (15-44-33).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 322050 Laufzeit: 36 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
02.02.2012, 16:31
| #12 |
| /// Malware-holic | Online-Banking gesperrt : Verdacht auf Trojaner bitte downloade mbr check: http://ad13.geekstogo.com/MBRCheck.exe doppelklicken, durchlaufen lassen, und die mbr check.txt die auf dem desktop liegen sollte öffnen, und inhalt posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.02.2012, 16:39
| #13 |
| | Online-Banking gesperrt : Verdacht auf Trojaner also das programm läuft durch und am ende steht "done! press enter to exit", aber eine logdatei wird nicht erstellt |
|
02.02.2012, 16:42
| #14 |
| | Online-Banking gesperrt : Verdacht auf Trojaner entschuldige, habe die logdatei übersehen : MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Home Premium Edition Windows Information: (build 7600), 64-bit Base Board Manufacturer: ASRock BIOS Manufacturer: American Megatrends Inc. System Manufacturer: To Be Filled By O.E.M. System Product Name: To Be Filled By O.E.M. Logical Drives Mask: 0x0000000c Kernel Drivers (total 185): 0x02C60000 \SystemRoot\system32\ntoskrnl.exe 0x02C17000 \SystemRoot\system32\hal.dll 0x00B96000 \SystemRoot\system32\kdcom.dll 0x00C6C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00CB0000 \SystemRoot\system32\PSHED.dll 0x00CC4000 \SystemRoot\system32\CLFS.SYS 0x00D22000 \SystemRoot\system32\CI.dll 0x00E2A000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00ECE000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x00EDD000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x00F34000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x00F3D000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x00F47000 \SystemRoot\system32\DRIVERS\pci.sys 0x00F7A000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x00F87000 \SystemRoot\System32\drivers\partmgr.sys 0x00F9C000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys 0x00FB1000 \SystemRoot\System32\drivers\mountmgr.sys 0x00FCB000 \SystemRoot\system32\DRIVERS\atapi.sys 0x00FD4000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x00E00000 \SystemRoot\system32\DRIVERS\msahci.sys 0x00E0B000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x00E1B000 \SystemRoot\system32\DRIVERS\amdxata.sys 0x010B1000 \SystemRoot\system32\drivers\fltmgr.sys 0x010FD000 \SystemRoot\system32\drivers\fileinfo.sys 0x0122A000 \SystemRoot\System32\Drivers\Ntfs.sys 0x01111000 \SystemRoot\System32\Drivers\msrpc.sys 0x013CD000 \SystemRoot\System32\Drivers\ksecdd.sys 0x0116F000 \SystemRoot\System32\Drivers\cng.sys 0x013E7000 \SystemRoot\System32\drivers\pcw.sys 0x01200000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x014D1000 \SystemRoot\system32\drivers\ndis.sys 0x01400000 \SystemRoot\system32\drivers\NETIO.SYS 0x01460000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x01601000 \SystemRoot\System32\drivers\tcpip.sys 0x01000000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x0104A000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x0148B000 \SystemRoot\System32\Drivers\spldr.sys 0x01493000 \SystemRoot\System32\drivers\rdyboost.sys 0x015C3000 \SystemRoot\System32\Drivers\mup.sys 0x015D5000 \SystemRoot\System32\drivers\hwpolicy.sys 0x01848000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x01882000 \SystemRoot\system32\DRIVERS\disk.sys 0x01898000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x01900000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x0192A000 \SystemRoot\System32\Drivers\Null.SYS 0x01933000 \SystemRoot\System32\Drivers\Beep.SYS 0x0193A000 \SystemRoot\System32\drivers\vga.sys 0x01948000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x0196D000 \SystemRoot\System32\drivers\watchdog.sys 0x0197D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x01986000 \SystemRoot\system32\drivers\rdpencdd.sys 0x0198F000 \SystemRoot\system32\drivers\rdprefmp.sys 0x01998000 \SystemRoot\System32\Drivers\Msfs.SYS 0x019A3000 \SystemRoot\System32\Drivers\Npfs.SYS 0x019B4000 \SystemRoot\system32\DRIVERS\tdx.sys 0x019D2000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x02CDE000 \SystemRoot\system32\drivers\afd.sys 0x02D67000 \SystemRoot\System32\DRIVERS\netbt.sys 0x02DAC000 \SystemRoot\system32\drivers\ws2ifsl.sys 0x02DB7000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x02DC0000 \SystemRoot\system32\DRIVERS\pacer.sys 0x02DE6000 \SystemRoot\system32\DRIVERS\netbios.sys 0x02C00000 \SystemRoot\system32\DRIVERS\serial.sys 0x02C1D000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x02C38000 \SystemRoot\system32\DRIVERS\termdd.sys 0x02C4C000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x02C9D000 \SystemRoot\system32\drivers\nsiproxy.sys 0x02CA9000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x02CB4000 \SystemRoot\System32\drivers\discache.sys 0x019DF000 \SystemRoot\System32\Drivers\dfsc.sys 0x02CC3000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x01800000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x03E70000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x03E96000 \SystemRoot\system32\DRIVERS\atikmpag.sys 0x04853000 \SystemRoot\system32\DRIVERS\atikmdag.sys 0x03EE7000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x05192000 \SystemRoot\System32\drivers\dxgmms1.sys 0x051D8000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x0563D000 \SystemRoot\system32\DRIVERS\igdkmd64.sys 0x061EF000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x03E00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x04072000 \SystemRoot\system32\DRIVERS\Rtlh64.sys 0x040D7000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x040F5000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x04104000 \SystemRoot\system32\DRIVERS\serenum.sys 0x04110000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x04126000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x04136000 \SystemRoot\system32\drivers\ScreamingBAudio64.sys 0x04144000 \SystemRoot\system32\drivers\portcls.sys 0x04181000 \SystemRoot\system32\drivers\drmk.sys 0x041A3000 \SystemRoot\system32\drivers\ks.sys 0x041E6000 \SystemRoot\system32\drivers\ksthunk.sys 0x04000000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x04016000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x0403A000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x05600000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x04046000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x04800000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x04821000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x04061000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x04070000 \SystemRoot\system32\DRIVERS\swenum.sys 0x041EC000 \SystemRoot\system32\DRIVERS\umbus.sys 0x04409000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x04463000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x04478000 \SystemRoot\system32\drivers\AtihdW76.sys 0x06AD3000 \SystemRoot\system32\drivers\RTKVHD64.sys 0x00070000 \SystemRoot\System32\win32k.sys 0x06D8B000 \SystemRoot\System32\drivers\Dxapi.sys 0x06D97000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x06DB4000 \SystemRoot\System32\Drivers\crashdmp.sys 0x06DC2000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x06DCE000 \SystemRoot\System32\Drivers\dump_msahci.sys 0x06DD9000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x06DEC000 \SystemRoot\system32\DRIVERS\monitor.sys 0x06A00000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x06A0E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x06A27000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x06A30000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x06A32000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x00470000 \SystemRoot\System32\TSDDD.dll 0x06A3F000 \SystemRoot\system32\drivers\luafv.sys 0x06A62000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x06A81000 \SystemRoot\system32\drivers\WudfPf.sys 0x06AA2000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x06AB7000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x04499000 \SystemRoot\system32\drivers\HTTP.sys 0x04561000 \SystemRoot\system32\DRIVERS\bowser.sys 0x0457F000 \SystemRoot\System32\drivers\mpsdrv.sys 0x04597000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x06EBA000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x06F08000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x06F2B000 \SystemRoot\system32\DRIVERS\atksgt.sys 0x06F7A000 \??\C:\Windows\system32\drivers\cpuz135_x64.sys 0x06F83000 \SystemRoot\system32\DRIVERS\lirsgt.sys 0x06E00000 \SystemRoot\system32\drivers\peauth.sys 0x06EA6000 \SystemRoot\System32\Drivers\secdrv.SYS 0x06F90000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x06FBD000 \SystemRoot\System32\drivers\tcpipreg.sys 0x0746D000 \SystemRoot\System32\DRIVERS\srv2.sys 0x074D4000 \SystemRoot\System32\DRIVERS\srv.sys 0x07569000 \SystemRoot\system32\DRIVERS\LVPr2M64.sys 0x07573000 \SystemRoot\system32\drivers\spsys.sys 0x075E4000 \??\C:\Windows\system32\drivers\mbam.sys 0x00790000 \SystemRoot\System32\cdd.dll 0x777B0000 \Windows\System32\ntdll.dll 0x47E90000 \Windows\System32\smss.exe 0xFFAD0000 \Windows\System32\apisetschema.dll 0xFF290000 \Windows\System32\autochk.exe 0xFFA20000 \Windows\System32\comdlg32.dll 0xFF9B0000 \Windows\System32\gdi32.dll 0xFF880000 \Windows\System32\rpcrt4.dll 0xFF860000 \Windows\System32\imagehlp.dll 0xFF7E0000 \Windows\System32\difxapi.dll 0xFEA50000 \Windows\System32\shell32.dll 0xFEA40000 \Windows\System32\nsi.dll 0xFE9F0000 \Windows\System32\ws2_32.dll 0xFE920000 \Windows\System32\usp10.dll 0x77980000 \Windows\System32\normaliz.dll 0xFE8D0000 \Windows\System32\Wldap32.dll 0xFE830000 \Windows\System32\msvcrt.dll 0xFE5D0000 \Windows\System32\iertutil.dll 0xFE450000 \Windows\System32\urlmon.dll 0xFE420000 \Windows\System32\imm32.dll 0xFE2F0000 \Windows\System32\wininet.dll 0xFE1E0000 \Windows\System32\msctf.dll 0xFE100000 \Windows\System32\oleaut32.dll 0x776B0000 \Windows\System32\user32.dll 0xFE0E0000 \Windows\System32\sechost.dll 0x77970000 \Windows\System32\psapi.dll 0xFDF00000 \Windows\System32\setupapi.dll 0xFDCF0000 \Windows\System32\ole32.dll 0xFDC10000 \Windows\System32\advapi32.dll 0xFDB70000 \Windows\System32\clbcatq.dll 0xFDAF0000 \Windows\System32\shlwapi.dll 0xFDAE0000 \Windows\System32\lpk.dll 0x77590000 \Windows\System32\kernel32.dll 0xFDAA0000 \Windows\System32\wintrust.dll 0xFD930000 \Windows\System32\crypt32.dll 0xFD910000 \Windows\System32\devobj.dll 0xFD8D0000 \Windows\System32\cfgmgr32.dll 0xFD830000 \Windows\System32\comctl32.dll 0xFD7C0000 \Windows\System32\KernelBase.dll 0xFD7B0000 \Windows\System32\msasn1.dll 0x764A0000 \Windows\SysWOW64\normaliz.dll Processes (total 75): 0 System Idle Process 4 System 276 C:\Windows\System32\smss.exe 428 csrss.exe 544 C:\Windows\System32\wininit.exe 576 csrss.exe 600 C:\Windows\System32\services.exe 616 C:\Windows\System32\lsass.exe 624 C:\Windows\System32\lsm.exe 728 C:\Windows\System32\svchost.exe 816 C:\Windows\System32\svchost.exe 876 C:\Windows\System32\atiesrxx.exe 920 C:\Windows\System32\winlogon.exe 960 C:\Windows\System32\svchost.exe 1000 C:\Windows\System32\svchost.exe 292 C:\Windows\System32\svchost.exe 668 C:\Windows\System32\svchost.exe 1096 C:\Windows\System32\atieclxx.exe 1208 C:\Windows\System32\svchost.exe 1360 C:\Windows\System32\spoolsv.exe 1388 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 1416 C:\Windows\System32\svchost.exe 1560 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 1584 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 1628 C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe 1680 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe 1744 LVPrS64H.exe 1836 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 1948 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe 1956 C:\Windows\System32\conhost.exe 1976 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE 2372 C:\Windows\System32\taskhost.exe 2632 C:\Windows\System32\sppsvc.exe 2832 C:\Windows\System32\svchost.exe 2948 C:\Windows\System32\dwm.exe 2976 C:\Windows\explorer.exe 2460 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 1056 C:\Windows\System32\igfxpers.exe 2260 C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe 2300 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe 2968 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 2128 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 2112 C:\Program Files (x86)\Ask.com\Updater\Updater.exe 2108 C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe 2360 C:\Windows\SysWOW64\LVCOMSX.EXE 2508 C:\Program Files (x86)\Logitech\ImageStudio\LogiTray.exe 2528 C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe 1132 C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe 2908 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe 3196 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 3264 COCIManager.exe 3600 C:\Windows\System32\SearchIndexer.exe 3996 BabylonHelper64.exe 3876 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe 2432 C:\Windows\System32\svchost.exe 1736 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 1596 C:\Program Files (x86)\Skype\Phone\Skype.exe 1404 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 3660 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 4068 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 3388 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 2036 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 1368 C:\Windows\SysWOW64\rundll32.exe 1452 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 1740 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 496 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe 5140 C:\Windows\System32\notepad.exe 5836 C:\Windows\System32\mspaint.exe 5692 C:\Windows\SysWOW64\notepad.exe 1064 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 5508 C:\Windows\System32\SearchProtocolHost.exe 1912 C:\Windows\System32\SearchFilterHost.exe 5520 C:\Windows\System32\audiodg.exe 4688 C:\Users\Gast\Downloads\MBRCheck.exe 3204 C:\Windows\System32\conhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS) PhysicalDrive0 Model Number: ST3500413AS, Rev: JC45 Size Device Name MBR Status -------------------------------------------- 465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79 Done! |
|
02.02.2012, 16:45
| #15 |
| /// Malware-holic | Online-Banking gesperrt : Verdacht auf Trojaner der pc sieht bisher io aus. lade den CCleaner standard: http://filepony.de/download-ccleaner/ falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Online-Banking gesperrt : Verdacht auf Trojaner |
| bankdaten, brief, dahinter, e-banking, erklären, erpressen, freund, geknackt, gesendet, gesperrt, heiss, infiziert, online-banking, pc infiziert, server, sparkasse, torpig, troja, trojane, trojaner, verdacht, verdacht auf trojaner, zugangsdaten, zugreife, zugreifen |
Linear-Darstellung
