Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
/Users/Standardbenutzer/AppData/Local/Temp/kes309523.exe <<< Is the Trojan horse TR/Reveton.A.165

/Users/Standardbenutzer/AppData/Local/Temp/kes309523.exe <<< Is the Trojan horse TR/Reveton.A.165


Log-Analyse und Auswertung: /Users/Standardbenutzer/AppData/Local/Temp/kes309523.exe <<< Is the Trojan horse TR/Reveton.A.165

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 22.04.2012, 03:27   #1
martinz
 
/Users/Standardbenutzer/AppData/Local/Temp/kes309523.exe <<< Is the Trojan horse TR/Reveton.A.165 - Ausrufezeichen

/Users/Standardbenutzer/AppData/Local/Temp/kes309523.exe <<< Is the Trojan horse TR/Reveton.A.165


-) Vor einigen Tagen bat mich mein Vater um Hilfe bei seinem Notebook, beim Schliessen von Firefox bemerkte ich, dass eine "Ihr Rechner wurde gesperrt, wegen Download... -- Gegen Überweisung von 100.- per PaySafe wird er wieder entsperrt" - Anzeige über den ganzen Schirm angezeigt wurde.
-) da ich per Teamviewer zum Rechner verbunden war, versuchte ich eine Taskmanager zu öffnen, um die laufenden Prozesse zu sehen, das mißlang aber
-) vor 2 Tagen habe ich den Win7-Rechner abgeholt, schon mit dem Verdacht das sich trotz AVAST Malware oder ein Virus eingenistet haben könnte
-) Eine Inbetriebnahme ohne Internet startete den IE (der nie verwendet wurde, immer nur Firefox) mit der Fehlermeldung, dass die Seite hxxp://police13.true-about-abs.com/?958fdf3ea6b16cfdf2dab09be008bd13 nicht geöffnet werden könne
-) in einer der letzten CT-Ausgaben war eine Desinfect-CD dabei, ein Kaltstart des Rechners mit nachfolgendem Scan mit 3 Scannern brachte folgende Ergebnisse:

Code:
ATTFilter
Avira.Log:
/media/WINDOWS/Users/Standardbenutzer/AppData/Local/Temp/kes309523.exe
 Date: 18.04.2012 Time: 15:51:41  Size: 216672
 ALERT: [TR/Reveton.A.165] /media/WINDOWS/Users/Standardbenutzer/AppData/Local/Temp/kes309523.exe <<< Is the Trojan horse TR/Reveton.A.165

Bitdefender.log:
/media/WINDOWS/Users/Standardbenutzer/AppData/Local/Temp/kes309523.exe	infected: Trojan.Generic.KD.603320

Clamav.log:
/media/WINDOWS/Windows/SysWOW64/DevicePairingWizard.exe: Trojan.TDSS-8065 FOUND
/media/WINDOWS/Windows/SysWOW64/LocationNotifications.exe: Trojan.TDSS-8047 FOUND
/media/WINDOWS/Windows/winsxs/x86_microsoft-windows-devicepairingapp_31bf3856ad364e35_6.1.7600.16385_none_6f74b7d163601da2/DevicePairingWizard.exe: Trojan.TDSS-8065 FOUND
/media/WINDOWS/Windows/winsxs/x86_microsoft-windows-m..cationnotifications_31bf3856ad364e35_6.1.7600.16385_none_175ab6276b721d6a/LocationNotifications.exe: Trojan.TDSS-8047 FOUND
-) Das erstgenannte File wurde verschlüsselt und entfernt, die letzten 4 Meldungen von ClamAV erscheinen mir Fehlalarme zu sein

-) um auf Nummer sicher zu gehen, habe ich einige Threads im Trojaner-Board studiert, mir auch die Beispiel-Screenshots auf hxxp://bka-trojaner.de angesehen
--> der Bildschirm entsprach einer der Abmanhnungen, die gefragte Summe waren 100€, es war auf österreichische Behördennamen zugeschnitten

-) ein Neustart des Rechners ergab leider keine Fehlermeldung über eine nicht zu öffnende Seite vom IE, sondern er verhielt sich ganz normal, nichts poppte auf.

-) Nachdem im trojaner-board immer auf einen Scan im geschützten Modus Wert gelegt wird, habe ich den Computer mehrmals vergeblich neu gestartet und dann die F8 Taste gedrückt, nützte nichts, Windows wurde immer normal gestartet

-) Also habe ich heute die Anleitungen für dieses Schadensbild befolgt, eine CD mit OTLPENET gebrannt, damit den Rechner gestartet und einen Suchlauf durchgeführt:

Die OTL.Txt Datei ist hier:
Code:
ATTFilter
OTL logfile created on: 4/22/2012 3:48:09 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 108.90 Gb Free Space | 73.07% Space Free | Partition Type: NTFS
Drive E: | 148.65 Gb Total Space | 140.98 Gb Free Space | 94.84% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/09/24 11:39:45 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/09/28 06:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 12:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/05 11:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 08:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/03/30 08:38:09 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/09/27 17:56:42 | 002,480,048 | ---- | M] (Acronis) [Auto] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011/08/30 12:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/03/01 15:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 04:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/11 07:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/02/10 03:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [Auto] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2011/01/14 05:55:14 | 000,572,712 | ---- | M] (Nero AG) [Auto] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @c:\Program Files (x86)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/27 11:20:14 | 001,811,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/04/12 04:45:00 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 10:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/11/12 00:25:16 | 000,894,152 | ---- | M] (Acronis) [Auto] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 12:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/03/06 19:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System] -- C:\Windows\System32\Drivers\aswrdr2.sys -- (aswRdr)
DRV:64bit: - [2012/03/06 19:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/09/27 17:56:43 | 000,251,488 | ---- | M] (Acronis) [File_System | On_Demand] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2011/09/27 17:56:41 | 001,477,728 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV:64bit: - [2011/09/27 17:56:37 | 000,943,712 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011/09/27 17:56:23 | 000,257,120 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/10 00:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/13 20:01:46 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/05/13 19:54:20 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2011/02/08 13:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/09/01 04:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/06/18 10:45:00 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2010/03/22 04:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2010/03/02 08:59:32 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2010/03/02 08:59:32 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010/03/02 08:59:32 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2010/02/22 04:09:10 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2010/02/20 18:24:36 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/01/07 03:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/30 13:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 09:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV - [2010/07/04 15:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable] -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba.msn.com
IE - HKU\Admin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba.msn.com
 
 
 
IE - HKU\Standardbenutzer_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
IE - HKU\Standardbenutzer_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Standardbenutzer_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba.msn.com
IE - HKU\Standardbenutzer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_2_202_228.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/28 09:11:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/26 10:51:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011/08/12 02:55:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2012/01/17 12:53:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xzm6xn47.default\extensions
[2012/01/26 10:51:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- 
[2012/03/28 09:11:40 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XZM6XN47.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XZM6XN47.DEFAULT\EXTENSIONS\{7F57CF46-4467-4C2D-ADFA-0CBA7C507E54}.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XZM6XN47.DEFAULT\EXTENSIONS\{CF47767D-5F3A-4E32-9FCE-5D79565C9702}.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XZM6XN47.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XZM6XN47.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2012/01/26 10:51:34 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/26 10:51:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/01/26 10:51:31 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/26 10:51:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/01/26 10:51:31 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/01/26 10:51:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/01/26 10:51:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\Admin_ON_C..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\Admin_ON_C..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\Admin_ON_C..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\Administrator_ON_C..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\RunOnce: [aswAhAScr.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software)
O4 - HKLM..\RunOnce: [aswasOutExt.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software)
O4 - HKLM..\RunOnce: [aswasOutExt64.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr64.exe (AVAST Software)
O4 - HKLM..\RunOnce: [aswaswOtl.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software)
O4 - HKLM..\RunOnce: [aswaswOtl64.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr64.exe (AVAST Software)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ()
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ()
O4 - Startup: C:\Users\Standardbenutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Firefox.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <???>)
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <???>)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <???>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <???>)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <???>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <???>)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.3.96.67 195.3.96.68
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{e2166154-d001-11e0-ac35-b870f45fd82c}\Shell - "" = AutoRun
O33 - MountPoints2\{e2166154-d001-11e0-ac35-b870f45fd82c}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/04/13 13:33:20 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2012/04/13 13:33:20 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/13 13:33:18 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/04/13 13:33:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/04/13 13:33:17 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/04/13 13:33:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/13 13:33:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/13 13:33:16 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2012/04/13 13:33:16 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/13 13:33:15 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012/04/13 13:33:14 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/04/13 13:33:14 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/13 13:32:58 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/04/13 13:32:56 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/13 13:32:55 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/13 13:28:55 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fs_rec.sys
[2012/04/13 13:28:54 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imagehlp.dll
[2012/04/13 13:28:54 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imagehlp.dll
[2012/04/13 13:28:52 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2012/04/13 13:28:50 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wintrust.dll
[2012/03/30 08:38:09 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/03/30 08:38:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2012/03/28 09:11:42 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/04/21 19:43:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/21 19:14:08 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/21 19:03:54 | 000,025,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/21 19:03:54 | 000,025,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/21 18:56:39 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/21 18:54:15 | 1504,346,112 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/20 20:51:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/20 20:46:15 | 002,474,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/04/20 20:46:15 | 001,197,500 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/20 20:46:15 | 000,717,462 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/04/20 20:46:15 | 000,633,364 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/30 08:38:09 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/03/30 08:38:09 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/03/28 09:11:42 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/03/30 08:38:12 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011/09/25 14:16:53 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/09/25 13:39:22 | 000,006,458 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/25 13:30:56 | 000,000,146 | ---- | C] () -- C:\Windows\UEDIT32.INI
[2011/09/14 14:35:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/05/13 20:12:24 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2010/11/20 23:24:49 | 000,252,928 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2010/06/08 09:19:24 | 000,692,224 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll
[2010/06/08 09:19:24 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ssleay32.dll
[2010/04/20 10:31:43 | 000,936,832 | ---- | C] () -- C:\Windows\SysWow64\M2ElevatedCalls.dll
[2010/02/20 18:22:26 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/02/20 18:22:26 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/02/20 18:22:26 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/02/20 17:27:38 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/02/20 17:27:38 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/27 22:37:00 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll
 
========== LOP Check ==========
 
[2011/09/27 18:01:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Acronis
[2012/01/17 11:40:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Foxit Software
[2011/09/25 15:35:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Free Download Manager
[2011/09/26 11:23:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\go
[2011/08/21 08:23:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LolClient
[2011/09/25 15:42:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SoftGrid Client
[2011/08/12 07:22:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Toshiba
[2011/08/12 06:52:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TOSHIBA Online Product Information
[2011/09/25 13:40:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TP
[2011/09/24 10:21:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinBatch
[2011/09/26 13:03:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Toshiba
[2011/09/26 14:59:06 | 000,000,000 | ---D | M] -- C:\Users\Standardbenutzer\AppData\Roaming\LolClient
[2011/09/24 10:08:16 | 000,000,000 | ---D | M] -- C:\Users\Standardbenutzer\AppData\Roaming\Toshiba
[2011/09/24 11:37:50 | 000,000,000 | ---D | M] -- C:\ProgramData\!SASCORE
[2011/09/27 17:59:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Acronis
[2011/08/11 16:46:27 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011/08/12 03:09:08 | 000,000,000 | ---D | M] -- C:\ProgramData\AVAST Software
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011/08/11 16:46:27 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011/09/26 12:38:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Easybits GO
[2011/08/11 16:46:27 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/08/12 10:34:27 | 000,000,000 | ---D | M] -- C:\ProgramData\FreeDownloadManager.ORG
[2011/09/24 09:54:05 | 000,000,000 | ---D | M] -- C:\ProgramData\IsolatedStorage
[2011/08/26 14:59:27 | 000,000,000 | ---D | M] -- C:\ProgramData\mquadr.at
[2011/08/25 14:31:21 | 000,000,000 | ---D | M] -- C:\ProgramData\PMB Files
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/08/11 16:46:27 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/05/13 20:10:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Toshiba
[2011/09/24 09:54:05 | 000,000,000 | ---D | M] -- C:\ProgramData\TOSHIBA Tempro
[2011/08/11 16:46:50 | 000,000,000 | ---D | M] -- C:\ProgramData\ToshibaEurope
[2011/05/13 19:54:33 | 000,000,000 | ---D | M] -- C:\ProgramData\vista32
[2011/05/13 19:54:33 | 000,000,000 | ---D | M] -- C:\ProgramData\vista64
[2011/08/11 16:46:27 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2011/09/25 16:01:41 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
[2011/05/13 19:57:44 | 000,000,000 | ---D | M] -- C:\ProgramData\win7_32
[2011/05/13 19:57:44 | 000,000,000 | ---D | M] -- C:\ProgramData\win7_64
[2011/05/13 19:54:33 | 000,000,000 | ---D | M] -- C:\ProgramData\xp
[2011/08/26 14:58:38 | 000,000,000 | -H-D | M] -- C:\ProgramData\{92809A0D-A823-4253-90B2-7D5F59F20E10}
[2012/02/13 13:12:08 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
Bitte um Unterstützung beim weiteren Vorgehen.

 

Themen zu /Users/Standardbenutzer/AppData/Local/Temp/kes309523.exe <<< Is the Trojan horse TR/Reveton.A.165
0x00000001, antivirus, application/pdf, application/pdf:, bho, bildschirm, bingbar, computer, error, firefox, flash player, format, free download, google earth, helper, home, internet, logfile, malware, ohne internet, pando media booster, performance, plug-in, prozesse, realtek, registry, scan, secunia psi, software, taskmanager, trojan, trojaner-board, usb, usb 2.0, version=1.0, virus, vista, wildtangent games


« GMEMA-BKA Trojaner | Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€ »


Ähnliche Themen: /Users/Standardbenutzer/AppData/Local/Temp/kes309523.exe <<< Is the Trojan horse TR/Reveton.A.165


  1. TR/Agent.7375 in C:\Users\HerrTest\AppData\Local\Temp\nscA085.tmp\temp\5FT.zip
    Log-Analyse und Auswertung - 18.10.2015 (13)
  2. C:\Users\****\AppData\Local\Temp\jrscpls.exe
    Plagegeister aller Art und deren Bekämpfung - 30.09.2013 (39)
  3. C:\Users\Helmut\AppData\Local\Temp\wpbt0.dll' enthielt einen Virus oder unerwünschtes Programm 'TR/Reveton.N.370' [trojan].
    Log-Analyse und Auswertung - 25.09.2013 (11)
  4. C:\Users\***\AppData\Local\Temp\addlyrics1030.exe (Trojan.StartPage)
    Log-Analyse und Auswertung - 09.04.2013 (9)
  5. C:\Users\*****\AppData\Local\Temp\jrscpls.exe
    Plagegeister aller Art und deren Bekämpfung - 23.02.2013 (3)
  6. Online- Banking gesperrt! Trojan.FakeAlert.Gen & Trojan.ZbotR.Gen in (C:\Users\\AppData\Temp & C:\Users\\AppData\Roaming\Osje\rutaap.exe)
    Log-Analyse und Auswertung - 06.02.2013 (1)
  7. C:\Users\Name\AppData\Local\Temp\g7i0ol_kaz.exe, was ist das??
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (15)
  8. TR.Dropper.gen in C:\Users\Christina\AppData\Local\Temp, Trojan/Zaccess, Trojan.Agent, ...
    Log-Analyse und Auswertung - 19.06.2012 (29)
  9. c:\users\***\appdata\local\temp\vcplt.dll
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (21)
  10. C:\Users\***\AppData\Local\Temp!
    Plagegeister aller Art und deren Bekämpfung - 26.03.2012 (1)
  11. Trojan.MulDrop1.45351 in C:\Users\Darkshadow\AppData\Local\Temp\mexe.com
    Log-Analyse und Auswertung - 22.12.2011 (26)
  12. C:/Users/Appdata/Local/Temp/WAB.log
    Log-Analyse und Auswertung - 21.04.2011 (3)
  13. Trojan.Dropper in C:\Users\*****\AppData\Local\Temp\0.7247057717775541.exe
    Plagegeister aller Art und deren Bekämpfung - 14.01.2011 (12)
  14. TR/FraudPack.kvb.76 in C:\Users\***\AppData\Local\Temp\Fj0.exe
    Plagegeister aller Art und deren Bekämpfung - 31.12.2010 (4)
  15. XxX.xXx Malware in C:\Users\***\AppData\Local\Temp\XxX.xXx
    Plagegeister aller Art und deren Bekämpfung - 11.05.2010 (10)
  16. 'TR/Vundo.Gen' [trojan] in 'C:\Users\Nobby\AppData\Local\Temp\spool.exe'
    Plagegeister aller Art und deren Bekämpfung - 30.11.2009 (2)
  17. BDS/Bredavi.azd in C:\Users\****\AppData\Local\Temp\****.exe
    Plagegeister aller Art und deren Bekämpfung - 29.11.2009 (8)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema /Users/Standardbenutzer/AppData/Local/Temp/kes309523.exe <<< Is the Trojan horse TR/Reveton.A.165 - -) Vor einigen Tagen bat mich mein Vater um Hilfe bei seinem Notebook, beim Schliessen von Firefox bemerkte ich, dass eine "Ihr Rechner wurde gesperrt, wegen Download... -- Gegen Überweisung - /Users/Standardbenutzer/AppData/Local/Temp/kes309523.exe <<< Is the Trojan horse TR/Reveton.A.165...
Archiv
Du betrachtest: /Users/Standardbenutzer/AppData/Local/Temp/kes309523.exe <<< Is the Trojan horse TR/Reveton.A.165 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19