| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Starker Verdacht auf Virus/TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
30.04.2012, 12:13
| #1 |
 |  Starker Verdacht auf Virus/Trojaner Hallo! Mir ist aufgefallen das mein PC in den letzten Tagen deutlich langsamer wurde. Ebenfalls hat mein Antivirus (Avast) vor ca. 2 Wochen einen Trojaner gefunden, der aber gelöscht wurde, daher dachte ich es wäre wieder alles okay. Naja, ich habe nun wie in der Anleitung beschrieben die 3 Programme laufen lassen und die Logfiles angehängt. Ich hoffe ihr könnt mir weiterhelfen! MfG Mhh, hab ich was falsch gemacht? Ich möchte ja nicht nerven aber ich glaube mein Thread geht langsam unter  Geändert von Da GuRu (30.04.2012 um 18:06 Uhr) Grund: Starker Verdacht auf Virus/Trojaner |
|
30.04.2012, 19:14
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Starker Verdacht auf Virus/TrojanerZitat:
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
30.04.2012, 19:55
| #3 |
| | Starker Verdacht auf Virus/Trojaner Avast Reports:
__________________Code:
ATTFilter C:\Users\****\AppData\Local\Temp\cgs8h0.exe Bedrohung: Win32:Rootkit-gen [Rtk]
C:\Users\****\AppData\Local\Temp\cgs8h1.exe Bedrohung: Win32:Rootkit-gen [Rtk]
C:\Users\****\AppData\Local\Temp\cgs8h2.exe Bedrohung: Win32:Rootkit-gen [Rtk]
C:\Users\****\AppData\Local\Temp\cgs8h3.exe Bedrohung: Win32:Rootkit-gen [Rtk]
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:21 on 30/04/2012 (****)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
[code].DDS Logfile: DDS Logfile: Code:
ATTFilter DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by **** at 12:22:49 on 2012-04-30
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3583.2406 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [PlayNC Launcher]
mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r
mRun: [VIAAUD] c:\program files\via\viaudioi\vdeck\VIAAUD.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube to MP3 Converter - c:\users\****\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{007D5165-2504-47F8-9C7C-854EE0914DDF} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{17C25BBA-AB76-4DFC-BC39-D08E14B664D4}\57E6A756E6762757265627 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{17C25BBA-AB76-4DFC-BC39-D08E14B664D4}\64259445A51224F6870275C414E40233033303 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{17C25BBA-AB76-4DFC-BC39-D08E14B664D4}\B4572616D275C414E4 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{1B35AB03-FB5D-4CEC-9676-FB06B274D7F1} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1B35AB03-FB5D-4CEC-9676-FB06B274D7F1}\16577656 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1B35AB03-FB5D-4CEC-9676-FB06B274D7F1}\75C414E4D2131303243383 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1B35AB03-FB5D-4CEC-9676-FB06B274D7F1}\B4572616D275C414E4 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{46474865-D3E9-44C0-825C-C49669E17E4E} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{62B1F67C-720E-4910-9143-FC4B0B1434D0} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{62B1F67C-720E-4910-9143-FC4B0B1434D0}\75C414E4D2131303243383 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{62B1F67C-720E-4910-9143-FC4B0B1434D0}\D496B6B6F6C69636A71224F68702 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{B6BD8B91-C2D2-4A2A-A256-C158072F3593} : DhcpNameServer = 192.168.2.1
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\****\appdata\roaming\mozilla\firefox\profiles\wxoysspe.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ddrnw
FF - prefs.js: network.proxy.http - 70.89.2.57
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\users\****\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-11-18 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-11-18 337880]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-1-16 218688]
R1 ntiomin;ntiomin;c:\windows\system32\drivers\ntiomin.sys [2010-8-10 11392]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-6 163328]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2011-12-5 291840]
R2 AODDriver4.01;AODDriver4.01;c:\program files\ati technologies\ati.ace\fuel\i386\aoddriver2.sys [2011-6-24 39424]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-11-18 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-18 57688]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-3-25 44768]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-2-28 1373576]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-8-30 2358656]
R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-6-1 37944]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-12-6 9067008]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-12-6 264192]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2011-10-27 1559552]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-10-17 85520]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-11-23 131856]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-11-25 1108480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2012-1-7 95304]
S3 netr73;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\drivers\netr73.sys [2009-6-10 545792]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\drivers\wg111v3.sys [2011-7-8 376832]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-1-6 583680]
S4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-03-24 22:43:28 314880 ----a-w- c:\windows\system32\fmodex.dll
2012-03-06 23:15:19 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:02:14 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01:48 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 05:59:41 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-06 05:59:41 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-01 05:53:27 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:49:05 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:45:05 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:40:44 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 08:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 05:44:57 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22:43 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22:18 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:41:38 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:41:20 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 05:41:20 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41:20 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 05:41:19 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-02-03 04:01:58 2341376 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 12:23:15,06 ===============
--- --- --- Attach: Code:
ATTFilter . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 01.06.2011 19:12:03 System Uptime: 30.04.2012 11:58:03 (1 hours ago) . Motherboard: ASRock | | N68-S3 UCC Processor: AMD Phenom(tm) II X6 1055T Processor | CPUSocket | 2800/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 931 GiB total, 395,408 GiB free. D: is CDROM () E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP187: 17.04.2012 23:12:30 - Windows Update RP188: 21.04.2012 03:32:02 - Windows Update RP189: 24.04.2012 17:53:41 - Windows Update RP190: 27.04.2012 20:02:31 - Windows Update . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader X (10.1.1) - Deutsch Aion AMD APP SDK Runtime AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Fuel AMD Media Foundation Decoders AMD VISION Engine Control Center Apple Application Support Apple Software Update ASIO4ALL µTorrent Audiosurf avast! Free Antivirus Battlefield Play4Free Belkin Connect Wireless USB Adapter Bully Scholarship Edition Camtasia Studio 7 Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CPUCooL (remove only) Curse Client D3DX10 DAEMON Tools Lite Diablo III Beta DIE SIEDLER - Das Erbe der Könige EVE Online (remove only) Fallout New Vegas FL Studio 10 FL Studio 9 Forsaken World Fraps (remove only) Free YouTube to MP3 Converter version 3.10.5.722 Garena 2010 GIMP 2.6.11 Global Agenda GUILD WARS Half-Life 2 Half-Life 2: Episode One Hardcore Hydra VSTi/DXi v1.2 IL Download Manager ILLUSION RapeLay iZotope Ozone 4 JA Launcher Java Auto Updater Java(TM) 6 Update 30 JDownloader 0.9 League of Legends LogMeIn Hamachi LOLReplay Malwarebytes Anti-Malware Version 1.60.1.1000 Mass Effect 2 German Messenger Plus! 5 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Application Error Reporting Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft XNA Framework Redistributable 4.0 MotioninJoy ds3 driver version 0.6.0005 Mozilla Firefox 11.0 (x86 de) MSVCRT MTA:SA v1.0.5 NCsoft Launcher NETGEAR WG111v3 wireless USB 2.0 adapter NVIDIA Drivers NVIDIA PhysX Ohm Force - Ohmicide VST Orcs Must Die! Pando Media Booster Platform PoiZone PunkBuster Services QuickTime Realtek High Definition Audio Driver reFX Nexus VSTi RTAS v2.2.0 Sandboxie 3.62 (32-bit) Sawer Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Sonic Charge µTonic VSTi v2.0.1 Spiral Knights Supreme Commander Supreme Commander 2 Supreme Commander: Forged Alliance Sylenth1 v2.20 TeamSpeak 3 Client TeamViewer 6 Terraria thriXXX 3DSexVilla2-114.001 TmNationsForever Toxic Biohazard TP-LINK Drahtlos Tool Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) VIA Plattform-Geräte-Manager VirtualDJ Home FREE Vista Anti-Lag 1.1.1 VLC media player 1.1.10 Waves Diamond Bundle v5.2 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Messenger Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack WinRAR 4.01 (32-Bit) World of Warcraft X-Universe Plugin Manager V1.30 by Cycrow X3 Terran Conflict v3.1 . ==== End Of File =========================== Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-04-30 13:09:53
Windows 6.1.7600 Harddisk0\DR0 -> \Device\00000069 SAMSUNG_ rev.1AJ1
Running: v7pnp6d1.exe; Driver: C:\Users\****\AppData\Local\Temp\kxldqpog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x9203CDF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x92384A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x9203D85E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x920422E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x92042330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x92042422]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x92042252]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x92042374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9204229A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x920423DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x9203CE44]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x92384B34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x9203CAD6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x9203CE90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x9203FD1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x9203DB02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9204230E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x92042352]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x92042446]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x92042278]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x920423AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x920422C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x92042400]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x92384CA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x9203D9CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x9203CEDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x9203CF28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x9203CB46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x9203CCEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x9203CC92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x9203CD5A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x92384D60]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x9203CF74]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x92384BE0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x9239AD92]
Code 9A668BFC ZwTraceEvent
Code 9A668BFB NtTraceEvent
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!NtTraceEvent 82E71E24 5 Bytes JMP 9A668C00
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82E825C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EA7092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 244 82EAE884 4 Bytes [F8, CD, 03, 92] {CLC ; INT 0x3; XCHG EDX, EAX}
.text ntkrnlpa.exe!RtlSidHashLookup + 26C 82EAE8AC 4 Bytes [5A, 4A, 38, 92]
.text ntkrnlpa.exe!RtlSidHashLookup + 2CC 82EAE90C 2 Bytes [5E, D8]
.text ntkrnlpa.exe!RtlSidHashLookup + 2CF 82EAE90F 1 Byte [92]
.text ntkrnlpa.exe!RtlSidHashLookup + 320 82EAE960 8 Bytes [E4, 22, 04, 92, 30, 23, 04, ...] {IN AL, 0x22; ADD AL, 0x92; XOR [EBX], AH; ADD AL, 0x92}
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 830483BE 5 Bytes JMP 92397C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 830620CD 5 Bytes JMP 92399764 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 830AC75A 4 Bytes CALL 9203E1B5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 2 830B474B 5 Bytes JMP 9A668DE0
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 830B486B 4 Bytes CALL 9203E1CB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!NtRequestWaitReplyPort + 2 830B6173 5 Bytes JMP 9A668D40
PAGE ntkrnlpa.exe!NtRequestPort + 2 830CA3D9 5 Bytes JMP 9A668CA0
PAGE ntkrnlpa.exe!ZwCreateProcessEx 8311A4FE 7 Bytes JMP 9239AD96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9623A000, 0x3C12C5, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x95DB5300, 0x1BCE, 0xE8000020]
? C:\Users\****\AppData\Local\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. !
.text kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\svchost.exe[388] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[388] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[388] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\csrss.exe[432] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\wininit.exe[512] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[512] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[512] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\wininit.exe[512] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 000C0A08
.text C:\Windows\system32\wininit.exe[512] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 000C03FC
.text C:\Windows\system32\wininit.exe[512] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 000C0804
.text C:\Windows\system32\wininit.exe[512] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 000C01F8
.text C:\Windows\system32\wininit.exe[512] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 000C0600
.text C:\Windows\system32\csrss.exe[520] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[524] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000A03FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[524] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000A01F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[524] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[524] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 000D0A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[524] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 000D03FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[524] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 000D0804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[524] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 000D01F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[524] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 000D0600
.text C:\Windows\system32\services.exe[560] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\services.exe[560] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\services.exe[560] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\lsass.exe[580] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsass.exe[580] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsass.exe[580] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\lsass.exe[580] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 001D0A08
.text C:\Windows\system32\lsass.exe[580] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 001D03FC
.text C:\Windows\system32\lsass.exe[580] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 001D0804
.text C:\Windows\system32\lsass.exe[580] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 001D01F8
.text C:\Windows\system32\lsass.exe[580] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 001D0600
.text C:\Windows\system32\lsm.exe[588] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsm.exe[588] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsm.exe[588] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[728] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[728] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[728] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[728] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 000C0A08
.text C:\Windows\system32\winlogon.exe[728] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 000C03FC
.text C:\Windows\system32\winlogon.exe[728] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 000C0804
.text C:\Windows\system32\winlogon.exe[728] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 000C01F8
.text C:\Windows\system32\winlogon.exe[728] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 000C0600
.text C:\Windows\system32\svchost.exe[760] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[760] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[760] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\atiesrxx.exe[916] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 001603FC
.text C:\Windows\system32\atiesrxx.exe[916] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 001601F8
.text C:\Windows\system32\atiesrxx.exe[916] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\atiesrxx.exe[916] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 002F0A08
.text C:\Windows\system32\atiesrxx.exe[916] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 002F03FC
.text C:\Windows\system32\atiesrxx.exe[916] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 002F0804
.text C:\Windows\system32\atiesrxx.exe[916] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 002F01F8
.text C:\Windows\system32\atiesrxx.exe[916] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 002F0600
.text C:\Windows\system32\AUDIODG.EXE[940] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000A03FC
.text C:\Windows\system32\AUDIODG.EXE[940] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000A01F8
.text C:\Windows\system32\AUDIODG.EXE[940] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\AUDIODG.EXE[940] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00140A08
.text C:\Windows\system32\AUDIODG.EXE[940] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 001403FC
.text C:\Windows\system32\AUDIODG.EXE[940] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00140804
.text C:\Windows\system32\AUDIODG.EXE[940] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 001401F8
.text C:\Windows\system32\AUDIODG.EXE[940] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00140600
.text C:\Windows\System32\svchost.exe[984] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[984] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\System32\svchost.exe[984] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 002B0A08
.text C:\Windows\System32\svchost.exe[984] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 002B03FC
.text C:\Windows\System32\svchost.exe[984] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 002B0804
.text C:\Windows\System32\svchost.exe[984] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 002B01F8
.text C:\Windows\System32\svchost.exe[984] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 002B0600
.text C:\Windows\System32\svchost.exe[1036] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[1036] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[1036] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1036] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00940A08
.text C:\Windows\System32\svchost.exe[1036] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 009403FC
.text C:\Windows\System32\svchost.exe[1036] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00940804
.text C:\Windows\System32\svchost.exe[1036] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 009401F8
.text C:\Windows\System32\svchost.exe[1036] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00940600
.text C:\Windows\system32\svchost.exe[1064] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1064] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1064] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00AF0A08
.text C:\Windows\system32\svchost.exe[1064] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 00AF03FC
.text C:\Windows\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00AF0804
.text C:\Windows\system32\svchost.exe[1064] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 00AF01F8
.text C:\Windows\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00AF0600
.text C:\Windows\system32\wbem\wmiprvse.exe[1176] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\wbem\wmiprvse.exe[1176] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\wbem\wmiprvse.exe[1176] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[1176] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00110A08
.text C:\Windows\system32\wbem\wmiprvse.exe[1176] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 001103FC
.text C:\Windows\system32\wbem\wmiprvse.exe[1176] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00110804
.text C:\Windows\system32\wbem\wmiprvse.exe[1176] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 001101F8
.text C:\Windows\system32\wbem\wmiprvse.exe[1176] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00110600
.text C:\Windows\system32\svchost.exe[1208] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1208] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1208] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1208] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00570A08
.text C:\Windows\system32\svchost.exe[1208] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 005703FC
.text C:\Windows\system32\svchost.exe[1208] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00570804
.text C:\Windows\system32\svchost.exe[1208] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 005701F8
.text C:\Windows\system32\svchost.exe[1208] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00570600
.text C:\Program Files\Sandboxie\SbieSvc.exe[1272] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000903FC
.text C:\Program Files\Sandboxie\SbieSvc.exe[1272] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000901F8
.text C:\Program Files\Sandboxie\SbieSvc.exe[1272] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Program Files\Sandboxie\SbieSvc.exe[1272] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00230A08
.text C:\Program Files\Sandboxie\SbieSvc.exe[1272] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 002303FC
.text C:\Program Files\Sandboxie\SbieSvc.exe[1272] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00230804
.text C:\Program Files\Sandboxie\SbieSvc.exe[1272] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 002301F8
.text C:\Program Files\Sandboxie\SbieSvc.exe[1272] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00230600
.text C:\Windows\system32\svchost.exe[1416] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1416] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1416] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\atieclxx.exe[1432] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 001603FC
.text C:\Windows\system32\atieclxx.exe[1432] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 001601F8
.text C:\Windows\system32\atieclxx.exe[1432] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\atieclxx.exe[1432] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00180A08
.text C:\Windows\system32\atieclxx.exe[1432] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 001803FC
.text C:\Windows\system32\atieclxx.exe[1432] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00180804
.text C:\Windows\system32\atieclxx.exe[1432] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 001801F8
.text C:\Windows\system32\atieclxx.exe[1432] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00180600
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1472] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1536] kernel32.dll!SetUnhandledExceptionFilter 769130E2 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1536] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[1564] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 001603FC
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[1564] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 001601F8
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[1564] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[1564] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[1564] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 001F03FC
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[1564] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 001F0804
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[1564] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 001F01F8
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[1564] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 001F0600
.text C:\Windows\System32\spoolsv.exe[1744] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Windows\System32\spoolsv.exe[1744] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Windows\System32\spoolsv.exe[1744] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1744] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00090A08
.text C:\Windows\System32\spoolsv.exe[1744] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 000903FC
.text C:\Windows\System32\spoolsv.exe[1744] USER32.dll!SetWindowsHookExW 767D210A 3 Bytes JMP 00090804
.text C:\Windows\System32\spoolsv.exe[1744] USER32.dll!SetWindowsHookExW + 4 767D210E 1 Byte [89]
.text C:\Windows\System32\spoolsv.exe[1744] USER32.dll!SetWinEventHook 767D507E 3 Bytes JMP 000901F8
.text C:\Windows\System32\spoolsv.exe[1744] USER32.dll!SetWinEventHook + 4 767D5082 1 Byte [89]
.text C:\Windows\System32\spoolsv.exe[1744] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00090600
.text C:\Windows\system32\svchost.exe[1772] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1772] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1772] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1772] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00210A08
.text C:\Windows\system32\svchost.exe[1772] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 002103FC
.text C:\Windows\system32\svchost.exe[1772] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00210804
.text C:\Windows\system32\svchost.exe[1772] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 002101F8
.text C:\Windows\system32\svchost.exe[1772] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00210600
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00090A08
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 000903FC
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] USER32.dll!SetWindowsHookExW 767D210A 3 Bytes JMP 00090804
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] USER32.dll!SetWindowsHookExW + 4 767D210E 1 Byte [89]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] USER32.dll!SetWinEventHook 767D507E 3 Bytes JMP 000901F8
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] USER32.dll!SetWinEventHook + 4 767D5082 1 Byte [89]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00090600
.text C:\Users\****\Desktop\v7pnp6d1.exe[1876] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1896] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1896] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1896] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1896] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 000A0A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1896] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 000A03FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1896] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 000A0804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1896] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 000A01F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1896] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 000A0600
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1916] KERNEL32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1944] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 001603FC
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1944] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 001601F8
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1944] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1944] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 002F0A08
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1944] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 002F03FC
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1944] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 002F0804
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1944] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 002F01F8
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1944] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 002F0600
.text C:\Windows\system32\wuauclt.exe[1960] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000703FC
.text C:\Windows\system32\wuauclt.exe[1960] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000701F8
.text C:\Windows\system32\wuauclt.exe[1960] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\wuauclt.exe[1960] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00100A08
.text C:\Windows\system32\wuauclt.exe[1960] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 001003FC
.text C:\Windows\system32\wuauclt.exe[1960] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00100804
.text C:\Windows\system32\wuauclt.exe[1960] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 001001F8
.text C:\Windows\system32\wuauclt.exe[1960] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00100600
.text C:\Windows\system32\PnkBstrA.exe[2012] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 001503FC
.text C:\Windows\system32\PnkBstrA.exe[2012] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 001501F8
.text C:\Windows\system32\PnkBstrA.exe[2012] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\PnkBstrA.exe[2012] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 001F0A08
.text C:\Windows\system32\PnkBstrA.exe[2012] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 001F03FC
.text C:\Windows\system32\PnkBstrA.exe[2012] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 001F0804
.text C:\Windows\system32\PnkBstrA.exe[2012] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 001F01F8
.text C:\Windows\system32\PnkBstrA.exe[2012] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 001F0600
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 58259720 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!MapViewOfFile 7690C05C 5 Bytes JMP 5848E1F4 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!VirtualAlloc 76910594 5 Bytes JMP 5848E21B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] GDI32.dll!CreateDIBSection 76CC85F0 5 Bytes JMP 5848E17E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Windows\System32\svchost.exe[2320] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[2320] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[2320] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2320] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00210A08
.text C:\Windows\System32\svchost.exe[2320] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 002103FC
.text C:\Windows\System32\svchost.exe[2320] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00210804
.text C:\Windows\System32\svchost.exe[2320] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 002101F8
.text C:\Windows\System32\svchost.exe[2320] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00210600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 001C0A08
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 001C03FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 001C0804
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 001C01F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] USER32.dll!GetWindowInfo 767D6A82 5 Bytes JMP 583CFE0A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] USER32.dll!TrackPopupMenu 767F4B3B 5 Bytes JMP 583D03C5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 001C0600
.text C:\Windows\system32\taskhost.exe[2512] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskhost.exe[2512] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskhost.exe[2512] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[2512] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 000E0A08
.text C:\Windows\system32\taskhost.exe[2512] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 000E03FC
.text C:\Windows\system32\taskhost.exe[2512] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 000E0804
.text C:\Windows\system32\taskhost.exe[2512] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 000E01F8
.text C:\Windows\system32\taskhost.exe[2512] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 000E0600
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2560] KERNEL32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2720] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2720] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2720] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2720] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00170A08
.text C:\Windows\system32\svchost.exe[2720] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 001703FC
.text C:\Windows\system32\svchost.exe[2720] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00170804
.text C:\Windows\system32\svchost.exe[2720] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 001701F8
.text C:\Windows\system32\svchost.exe[2720] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00170600
.text C:\Windows\system32\Dwm.exe[2876] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\Dwm.exe[2876] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\Dwm.exe[2876] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[2876] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 000F0A08
.text C:\Windows\system32\Dwm.exe[2876] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 000F03FC
.text C:\Windows\system32\Dwm.exe[2876] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 000F0804
.text C:\Windows\system32\Dwm.exe[2876] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 000F01F8
.text C:\Windows\system32\Dwm.exe[2876] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 000F0600
.text C:\Windows\Explorer.EXE[3000] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 002F03FC
.text C:\Windows\Explorer.EXE[3000] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 002F01F8
.text C:\Windows\Explorer.EXE[3000] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\Explorer.EXE[3000] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 003A0A08
.text C:\Windows\Explorer.EXE[3000] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 003A03FC
.text C:\Windows\Explorer.EXE[3000] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 003A0804
.text C:\Windows\Explorer.EXE[3000] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 003A01F8
.text C:\Windows\Explorer.EXE[3000] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 003A0600
.text C:\Windows\system32\taskhost.exe[3112] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskhost.exe[3112] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskhost.exe[3112] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[3112] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskhost.exe[3112] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 000803FC
.text C:\Windows\system32\taskhost.exe[3112] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00080804
.text C:\Windows\system32\taskhost.exe[3112] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskhost.exe[3112] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00080600
.text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3384] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 001603FC
.text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3384] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 001601F8
.text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3384] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3384] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00360A08
.text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3384] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 003603FC
.text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3384] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00360804
.text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3384] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 003601F8
.text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3384] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00360600
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3432] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3584] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\SearchIndexer.exe[3584] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\SearchIndexer.exe[3584] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3584] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00150A08
.text C:\Windows\system32\SearchIndexer.exe[3584] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 001503FC
.text C:\Windows\system32\SearchIndexer.exe[3584] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00150804
.text C:\Windows\system32\SearchIndexer.exe[3584] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 001501F8
.text C:\Windows\system32\SearchIndexer.exe[3584] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00150600
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4036] KERNEL32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \Driver\ACPI_HAL \Device\00000051 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- Files - GMER 1.0.15 ----
File C:\avast! sandbox 0 bytes
File C:\avast! sandbox\S-1-5-21-2709026904-2300073761-1837081891-1000 0 bytes
File C:\avast! sandbox\S-1-5-21-2709026904-2300073761-1837081891-1000\r267 0 bytes
File C:\avast! sandbox\S-1-5-21-2709026904-2300073761-1837081891-1000\r267\PEV.DAT_{fab77c91-92aa-11e1-9930-0025229459ae} 0 bytes
File C:\avast! sandbox\S-1-5-21-2709026904-2300073761-1837081891-1000\r267\PEV.DAT_{fab77cab-92aa-11e1-9930-0025229459ae} 0 bytes
File C:\avast! sandbox\snx_rhive 262144 bytes
File C:\avast! sandbox\snx_rhive.LOG1 5120 bytes
File C:\avast! sandbox\snx_rhive.LOG2 0 bytes
File C:\avast! sandbox\snx_rhive{fab77c93-92aa-11e1-9930-0025229459ae}.TM.blf 65536 bytes
File C:\avast! sandbox\snx_rhive{fab77c93-92aa-11e1-9930-0025229459ae}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
File C:\avast! sandbox\snx_rhive{fab77c93-92aa-11e1-9930-0025229459ae}.TMContainer00000000000000000002.regtrans-ms 524288 bytes
 |
|
01.05.2012, 14:06
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Starker Verdacht auf Virus/Trojaner Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen! Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
01.05.2012, 19:45
| #5 |
| | Starker Verdacht auf Virus/Trojaner Servus, tut mir leid das ich jetzt erst antworte, die Scans haben ewig gedauert  Hier die Ergebnisse: ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1494124cc92bd548aa1ba7646097929e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-01 06:39:14
# local_time=2012-05-01 08:39:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776573 100 94 1365 88326770 0 0
# compatibility_mode=8192 67108863 100 0 241 241 0 0
# scanned=195866
# found=5
# cleaned=0
# scan_time=5927
C:\ProgramData\TmForever\Cache\0FE870AD2DFE199A115E0F2542758E69_www.fileden.com%5cfiles%5c2007%5c3%5c27%5c930376%5cfunteamad.png HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Sandbox\****\DefaultBox\drive\C\Windows\system32\install\WindowsUpdater.exe probably a variant of Win32/TrojanDropper.VB.GADMGGH trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\TmForever\Cache\0FE870AD2DFE199A115E0F2542758E69_www.fileden.com%5cfiles%5c2007%5c3%5c27%5c930376%5cfunteamad.png HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\****\AppData\Local\Temp\jar_cache3327211295830174052.tmp Java/Exploit.CVE-2012-0507.D trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\****\AppData\Local\Temp\Main.class a variant of Java/TrojanDownloader.Agent.NEC trojan (unable to clean) 00000000000000000000000000000000 I
Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.01.09 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 **** :: **** [Administrator] 01.05.2012 17:40:42 mbam-log-2012-05-01 (17-40-42).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 355621 Laufzeit: 1 Stunde(n), 13 Minute(n), 52 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{007D5165-2504-47F8-9C7C-854EE0914DDF} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{17C25BBA-AB76-4DFC-BC39-D08E14B664D4}\57E6A756E6762757265627 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{17C25BBA-AB76-4DFC-BC39-D08E14B664D4}\64259445A51224F6870275C414E40233033303 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{17C25BBA-AB76-4DFC-BC39-D08E14B664D4}\B4572616D275C414E4 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{1B35AB03-FB5D-4CEC-9676-FB06B274D7F1} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1B35AB03-FB5D-4CEC-9676-FB06B274D7F1}\16577656 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1B35AB03-FB5D-4CEC-9676-FB06B274D7F1}\75C414E4D2131303243383 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1B35AB03-FB5D-4CEC-9676-FB06B274D7F1}\B4572616D275C414E4 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{46474865-D3E9-44C0-825C-C49669E17E4E} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{62B1F67C-720E-4910-9143-FC4B0B1434D0} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{62B1F67C-720E-4910-9143-FC4B0B1434D0}\75C414E4D2131303243383 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{62B1F67C-720E-4910-9143-FC4B0B1434D0}\D496B6B6F6C69636A71224F68702 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{B6BD8B91-C2D2-4A2A-A256-C158072F3593} : DhcpNameServer = 192.168.2.1
Grüße! |
|
02.05.2012, 12:34
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Starker Verdacht auf Virus/Trojaner Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ --> Starker Verdacht auf Virus/Trojaner |
|
02.05.2012, 13:21
| #7 |
| | Starker Verdacht auf Virus/Trojaner Das war der erste Fullscan, ansonsten habe ich Malwarebytes immer nur für einzelne Dateien verwendet. |
|
02.05.2012, 14:03
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Starker Verdacht auf Virus/Trojaner Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.05.2012, 14:11
| #9 |
| | Starker Verdacht auf Virus/Trojaner Das ist ja das komische, ich bin mir sicher das mit meinem Rechner was faul ist, aber im Startmenü ist alles vorhanden und es funktioniert auch alles wunderbar.. |
|
02.05.2012, 14:48
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Starker Verdacht auf Virus/Trojaner Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.05.2012, 16:13
| #11 |
| | Starker Verdacht auf Virus/TrojanerCode:
ATTFilter OTL logfile created on: 02.05.2012 15:58:44 - Run 1 OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\****\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 68,89% Memory free 7,00 Gb Paging File | 5,59 Gb Available in Paging File | 79,92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 931,41 Gb Total Space | 393,25 Gb Free Space | 42,22% Space Free | Partition Type: NTFS Computer Name:****-PC | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.05.02 15:56:29 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\****\Downloads\OTL.exe PRC - [2012.03.07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.02.28 18:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe PRC - [2011.12.06 05:12:16 | 000,404,992 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2011.12.06 05:11:44 | 000,163,328 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2011.12.05 23:13:56 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe PRC - [2011.11.23 15:17:10 | 000,072,976 | ---- | M] (SANDBOXIE L.T.D) -- C:\Programme\Sandboxie\SbieSvc.exe PRC - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.09.21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.12.04 15:48:54 | 001,728,512 | ---- | M] (VIA) -- C:\Programme\VIA\VIAudioi\VDeck\VDeck.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 03:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Programme\Windows Defender\MpCmdRun.exe PRC - [2009.07.14 03:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe ========== Modules (No Company Name) ========== MOD - [2012.04.12 19:19:47 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\be286ce65226e3b86d3a90bc516a5adc\WindowsFormsIntegration.ni.dll MOD - [2012.04.12 09:52:54 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\cdc38572fd6c34cb3033fb419eff3639\System.Web.ni.dll MOD - [2012.04.12 09:52:41 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d932bdb0712c33e0000c75035dbe74d1\PresentationFramework.ni.dll MOD - [2012.04.12 09:52:17 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\5c37600b4ae4ffeaeff645bb16a58137\System.Windows.Forms.ni.dll MOD - [2012.04.12 09:52:12 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\b7bec10dca3f27113cc91c24b79c8f75\System.Drawing.ni.dll MOD - [2012.04.12 09:52:08 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\66fdd11e758f6c833fbc173338c1ff5b\PresentationCore.ni.dll MOD - [2012.02.15 18:02:28 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\a25e06e527720656434230d3ee420427\System.Core.ni.dll MOD - [2012.02.15 17:17:36 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6954c7f14ea634672cdacf2cd793497e\PresentationFramework.Aero.ni.dll MOD - [2012.02.15 17:17:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll MOD - [2012.02.15 17:16:47 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\585ac5899ab444221c8b41df13b194bc\WindowsBase.ni.dll MOD - [2012.02.15 17:16:42 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll MOD - [2012.02.15 17:16:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll MOD - [2012.02.15 17:16:38 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll MOD - [2011.12.05 23:14:02 | 000,095,232 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll MOD - [2011.12.05 23:10:38 | 000,369,152 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2011.10.13 19:10:12 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\fccf285ecdd9091a3f8d5e73d79c3300\UIAutomationProvider.ni.dll MOD - [2011.10.13 19:08:58 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll MOD - [2009.11.03 11:11:50 | 047,628,288 | ---- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\skin.dll MOD - [2009.07.14 10:47:20 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2009.07.14 10:47:13 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.07.14 10:47:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.14 10:47:12 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2009.05.07 16:53:18 | 000,106,496 | ---- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\Dts2ApoApi.dll MOD - [2009.05.07 16:50:46 | 000,073,728 | ---- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\QsApoApi.dll MOD - [2008.02.14 13:57:00 | 000,094,208 | ---- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\VMicApi.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\CPUCooL\CooLSrv.exe -- (CPUCooLServer) SRV - [2012.03.24 18:03:20 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.02.28 18:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011.12.06 05:11:44 | 000,163,328 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011.12.05 23:13:56 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2011.11.23 15:17:10 | 000,072,976 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver) DRV - [2012.03.07 01:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.03.07 01:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.03.07 01:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) DRV - [2012.03.07 01:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.03.07 01:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012.03.07 01:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.01.16 14:58:51 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011.12.06 05:44:22 | 009,067,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2011.12.06 04:11:50 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2011.11.23 15:17:08 | 000,131,856 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2011.11.10 19:32:00 | 000,095,304 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV - [2011.10.17 19:40:44 | 000,085,520 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2011.08.06 15:37:45 | 000,279,712 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2011.08.06 15:37:00 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2011.06.24 07:25:26 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.01) DRV - [2010.11.11 21:19:24 | 000,021,080 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ntiopnp.sys -- (ntiopnp) DRV - [2010.09.16 19:33:40 | 001,559,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athur.sys -- (athur) DRV - [2010.08.10 15:49:36 | 000,011,392 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ntiomin.sys -- (ntiomin) DRV - [2010.02.18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86) DRV - [2010.01.06 17:20:00 | 000,583,680 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2009.11.25 21:02:46 | 001,108,480 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2009.11.18 18:09:52 | 000,376,832 | ---- | M] (NETGEAR Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v3.sys -- (RTL8187B) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 00:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73) DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2009.04.30 13:06:56 | 000,287,008 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET) DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C1 D7 05 63 4A 55 CC 01 [binary data] IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Facemoods Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://start.facemoods.com/?a=ddrnw" FF - prefs.js..network.proxy.http: "70.89.2.57" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.03.25 16:33:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.20 20:18:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.01 20:00:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2012.05.01 00:54:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\wxoysspe.default\extensions [2012.03.04 19:17:15 | 000,000,000 | ---D | M] (WOT) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\wxoysspe.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.07.22 22:51:44 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\wxoysspe.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.01 00:54:26 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\wxoysspe.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2012.03.01 17:52:40 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\wxoysspe.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.07.22 18:40:06 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\wxoysspe.default\extensions\battlefieldplay4free@ea.com [2012.01.16 01:08:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.03.25 16:33:51 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXOYSSPE.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXOYSSPE.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI [2012.03.20 20:18:28 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.02.21 21:52:36 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.21 21:52:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.21 21:52:36 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.08.12 21:31:24 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml [2012.02.21 21:52:36 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.21 21:52:36 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.21 21:52:36 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [VIAAUD] C:\Program Files\VIA\VIAudioi\VDeck\VIAAUD.exe File not found O4 - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000..\Run: [PlayNC Launcher] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{007D5165-2504-47F8-9C7C-854EE0914DDF}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B35AB03-FB5D-4CEC-9676-FB06B274D7F1}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46474865-D3E9-44C0-825C-C49669E17E4E}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62B1F67C-720E-4910-9143-FC4B0B1434D0}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6BD8B91-C2D2-4A2A-A256-C158072F3593}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{46754f5b-9475-11e0-bc61-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{46754f5b-9475-11e0-bc61-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe O33 - MountPoints2\{4c5fc037-999c-11e0-9aa6-0025229459ae}\Shell - "" = AutoRun O33 - MountPoints2\{4c5fc037-999c-11e0-9aa6-0025229459ae}\Shell\AutoRun\command - "" = E:\StartSetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG111v3 Setup-Assistent.lnk - C:\Programme\NETGEAR\WG111v3\WG111v3.exe - () MsConfig - StartUpFolder: C:^Users^****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip - - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) MsConfig - StartUpReg: PlusService - hkey= - key= - C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: SandboxieControl - hkey= - key= - C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - State: "startup" - 2 MsConfig - State: "services" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Hamachi2Svc - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L) Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.05.01 18:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.05.01 00:54:31 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\QuickScan [2012.04.30 12:09:18 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\****\Desktop\dds.com [2012.04.20 17:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Beta [2012.04.20 17:27:26 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo III Beta [2012.04.20 17:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2012.04.05 22:46:36 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2012.04.05 21:54:58 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\BioWare [2012.04.05 21:17:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\Unleashed [2012.04.05 21:17:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mass Effect 2 [2012.04.05 21:08:16 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\NFS Most Wanted [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.05.02 12:48:23 | 000,019,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.02 12:48:23 | 000,019,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.02 12:41:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.02 12:40:59 | 2818,023,424 | -HS- | M] () -- C:\hiberfil.sys [2012.05.01 17:39:28 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.30 13:12:37 | 000,012,204 | ---- | M] () -- C:\Users\****\Desktop\Desktop.zip [2012.04.30 12:13:16 | 000,302,592 | ---- | M] () -- C:\Users\****\Desktop\v7pnp6d1.exe [2012.04.30 12:09:25 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\****\Desktop\dds.com [2012.04.30 12:08:17 | 000,000,000 | ---- | M] () -- C:\Users\****\defogger_reenable [2012.04.30 12:07:44 | 000,050,477 | ---- | M] () -- C:\Users\****\Desktop\Defogger.exe [2012.04.29 22:06:18 | 311,525,463 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.04.20 21:25:32 | 000,278,561 | ---- | M] () -- C:\Users\****\Desktop\Minecraft.exe [2012.04.20 17:27:56 | 000,001,239 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III Beta.lnk [2012.04.11 22:21:45 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.04.11 22:21:45 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.04.11 22:21:45 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.04.11 22:21:45 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.04.07 19:28:34 | 000,001,674 | ---- | M] () -- C:\Windows\Sandboxie.ini [2012.04.05 22:51:58 | 000,001,514 | ---- | M] () -- C:\Users\****\Desktop\MassEffect2Launcher - Verknüpfung.lnk [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.04.03 15:58:49 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2012.04.03 14:48:43 | 000,000,854 | ---- | M] () -- C:\Users\****\.recently-used.xbel [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.04.30 13:12:37 | 000,012,204 | ---- | C] () -- C:\Users\****\Desktop\Desktop.zip [2012.04.30 12:13:08 | 000,302,592 | ---- | C] () -- C:\Users\****\Desktop\v7pnp6d1.exe [2012.04.30 12:08:17 | 000,000,000 | ---- | C] () -- C:\Users\****\defogger_reenable [2012.04.30 12:07:43 | 000,050,477 | ---- | C] () -- C:\Users\****\Desktop\Defogger.exe [2012.04.20 21:25:26 | 000,278,561 | ---- | C] () -- C:\Users\****\Desktop\Minecraft.exe [2012.04.20 17:27:27 | 000,001,239 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III Beta.lnk [2012.04.05 22:51:58 | 000,001,514 | ---- | C] () -- C:\Users\****\Desktop\MassEffect2Launcher - Verknüpfung.lnk [2012.04.03 14:48:43 | 000,000,854 | ---- | C] () -- C:\Users\****\.recently-used.xbel [2012.02.28 17:55:01 | 000,007,680 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.30 20:00:38 | 000,001,674 | ---- | C] () -- C:\Windows\Sandboxie.ini [2011.12.06 04:27:36 | 000,204,960 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2011.12.06 04:27:36 | 000,157,152 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2011.12.05 23:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll [2011.12.05 23:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll [2011.11.14 21:47:22 | 000,608,507 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.08.06 15:37:01 | 000,279,712 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011.08.06 15:37:00 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011.07.22 19:27:38 | 000,138,264 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.07.22 19:27:37 | 000,138,056 | ---- | C] () -- C:\Users\****\AppData\Roaming\PnkBstrK.sys [2011.07.22 19:27:20 | 000,234,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011.07.22 19:27:11 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.07.11 12:15:29 | 000,051,222 | ---- | C] () -- C:\Users\****\AppData\Roaming\room_v3.dat [2011.06.18 22:30:03 | 1782,587,392 | -H-- | C] () -- C:\Program Files\DATA1.CAB.gpotato [2011.06.18 18:10:04 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2011.06.01 20:53:08 | 000,704,512 | ---- | C] () -- C:\Windows\System32\cohelper.dll [2011.06.01 20:53:08 | 000,005,940 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2011.06.01 19:57:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.03.30 19:07:10 | 001,031,168 | ---- | C] () -- C:\Windows\System32\spk.dll [2010.11.11 21:19:24 | 000,021,080 | ---- | C] () -- C:\Windows\System32\drivers\ntiopnp.sys [2010.08.10 15:49:36 | 000,011,392 | ---- | C] () -- C:\Windows\System32\drivers\ntiomin.sys ========== LOP Check ========== [2012.04.20 21:27:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\.minecraft [2011.09.11 18:42:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite [2011.07.22 22:51:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoft [2011.07.22 22:51:43 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers [2011.10.16 02:30:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\gtk-2.0 [2011.06.18 22:26:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Hi-Rez Studios [2011.10.19 20:00:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Image-Line [2011.10.26 18:36:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\iZotope [2011.06.02 13:02:42 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\LolClient [2012.01.07 05:56:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MotioninJoy [2011.12.17 23:59:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mp3DirectCut [2012.05.01 00:54:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\QuickScan [2011.10.19 22:15:16 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SynthMaker [2011.07.11 19:21:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TeamViewer [2011.09.18 17:50:21 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\thriXXX [2011.07.06 12:14:22 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TS3Client [2011.09.07 01:28:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Unity [2011.11.03 05:35:29 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\uTorrent [2012.04.05 22:17:09 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.04.20 21:27:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\.minecraft [2011.06.23 12:40:02 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Adobe [2011.12.30 15:27:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Apple Computer [2011.06.01 19:57:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ATI [2011.09.11 18:42:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite [2011.07.22 22:51:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoft [2011.07.22 22:51:43 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers [2011.10.16 02:30:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\gtk-2.0 [2011.06.18 22:26:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Hi-Rez Studios [2011.06.01 19:13:35 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Identities [2011.10.19 20:00:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Image-Line [2011.09.18 22:59:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\InstallShield [2011.09.11 18:48:54 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\InstallShield Installation Information [2011.10.26 18:36:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\iZotope [2011.06.02 13:02:42 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\LolClient [2011.06.01 21:05:18 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Macromedia [2011.09.09 04:22:21 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Malwarebytes [2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Media Center Programs [2011.09.18 23:00:45 | 000,000,000 | --SD | M] -- C:\Users\****\AppData\Roaming\Microsoft [2012.01.07 05:56:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MotioninJoy [2011.06.01 20:00:15 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mozilla [2011.12.17 23:59:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mp3DirectCut [2012.05.01 00:54:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\QuickScan [2011.08.19 02:27:40 | 000,000,000 | RH-D | M] -- C:\Users\****\AppData\Roaming\SecuROM [2012.05.01 17:35:58 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Skype [2011.10.19 22:15:16 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SynthMaker [2011.07.11 19:21:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TeamViewer [2011.09.18 17:50:21 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\thriXXX [2011.07.06 12:14:22 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TS3Client [2011.09.07 01:28:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Unity [2011.11.03 05:35:29 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\uTorrent [2011.06.18 01:09:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\vlc [2011.06.02 15:00:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.09.11 18:43:45 | 000,331,776 | ---- | M] (Rockstar Games ) -- C:\Users\****\AppData\Roaming\InstallShield Installation Information\{A724605D-B399-4304-B8C7-33B3EF7D4677}\setup.exe [2011.06.01 21:05:18 | 000,038,208 | ---- | M] () -- C:\Users\****\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011.09.18 05:18:54 | 005,185,536 | R--- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Installer\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}\RapeLay.exe [2011.09.18 05:18:54 | 000,028,672 | R--- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Installer\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}\_EB52FE80E75B_486E_9850_195DAB8E8D59.exe [2011.06.20 18:37:08 | 001,004,928 | ---- | M] (EA Digital Illusions CE AB) -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\wxoysspe.default\extensions\battlefieldplay4free@ea.com\plugins\BP4FUpdater.exe < %SYSTEMDRIVE%\*.exe > [2009.07.14 03:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\cmd.exe [2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe [1 C:\*.tmp files -> C:\*.tmp -> ] < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows.old\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows.old\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows.old\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows.old\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows.old\Windows\System32\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows.old\Windows\System32\drivers\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows.old\Windows\System32\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows.old\Windows\System32\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows.old\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows.old\Windows\System32\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows.old\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2011.12.06 05:12:52 | 000,466,944 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll ========== Files - Unicode (All) ========== [2011.06.28 19:05:29 | 000,000,988 | ---- | M] ()(C:\Users\****\AppData\Local\PMB Filer?pa) -- C:\Users\****\AppData\Local\PMB Filer耯pa [2011.06.28 18:55:33 | 000,000,988 | ---- | C] ()(C:\Users\****\AppData\Local\PMB Filer?pa) -- C:\Users\****\AppData\Local\PMB Filer耯pa < End of report > |
|
03.05.2012, 18:33
| #12 |
| | Starker Verdacht auf Virus/Trojaner Bittesehr Code:
ATTFilter ComboFix 12-05-03.01 - Nico 03.05.2012 19:22:50.1.6 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3583.2587 [GMT 2:00]
ausgeführt von:: c:\users\Nico\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\cmd.exe
C:\Install.exe
c:\users\Nico\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-04-03 bis 2012-05-03 ))))))))))))))))))))))))))))))
.
.
2069-11-22 14:48 . 2005-11-30 15:06 7254894 ----a-w- c:\program files\Mozilla Firefox\speed.exe
2069-11-22 14:48 . 2005-11-15 08:56 380928 ----a-r- c:\program files\Mozilla Firefox\server.dll
2012-05-02 20:55 . 2012-05-02 20:55 -------- d-----w- C:\_OTL
2012-05-01 22:16 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{27B27FBB-AF61-488F-A999-ED4895E4F89C}\mpengine.dll
2012-05-01 16:56 . 2012-05-01 16:56 -------- d-----w- c:\program files\ESET
2012-04-30 22:54 . 2012-04-30 22:54 -------- d-----w- c:\users\Nico\AppData\Roaming\QuickScan
2012-04-21 19:12 . 2009-07-14 01:14 301568 ----a-w- c:\windows\system32\Utilman.exe
2012-04-20 15:27 . 2012-04-20 15:32 -------- d-----w- c:\program files\Diablo III Beta
2012-04-20 15:25 . 2012-04-20 15:26 -------- d-----w- c:\programdata\Battle.net
2012-04-11 20:23 . 2012-02-28 01:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-11 20:19 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 20:19 . 2012-03-01 05:40 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 20:19 . 2012-03-01 05:49 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 20:19 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 20:18 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 20:18 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-05 20:46 . 2012-04-05 20:46 -------- d-----w- c:\program files\NVIDIA Corporation
2012-04-05 19:17 . 2012-04-05 19:17 -------- d-----w- c:\windows\system32\Unleashed
2012-04-05 19:17 . 2012-04-05 19:18 -------- d-----w- c:\program files\Mass Effect 2
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 13:56 . 2011-09-09 02:22 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-24 22:43 . 2012-03-24 22:43 314880 ----a-w- c:\windows\system32\fmodex.dll
2012-03-16 13:49 . 2012-03-16 13:49 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-16 13:49 . 2012-03-16 13:49 161792 ----a-w- c:\windows\system32\msls31.dll
2012-03-16 13:49 . 2012-03-16 13:49 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-16 13:49 . 2012-03-16 13:49 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-16 13:49 . 2012-03-16 13:49 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-03-16 13:49 . 2012-03-16 13:49 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-03-16 13:49 . 2012-03-16 13:49 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-16 13:49 . 2012-03-16 13:49 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-03-16 13:49 . 2012-03-16 13:49 367104 ----a-w- c:\windows\system32\html.iec
2012-03-16 13:49 . 2012-03-16 13:49 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-03-16 13:49 . 2012-03-16 13:49 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-16 13:49 . 2012-03-16 13:49 152064 ----a-w- c:\windows\system32\wextract.exe
2012-03-16 13:49 . 2012-03-16 13:49 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-03-16 13:49 . 2012-03-16 13:49 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-16 13:49 . 2012-03-16 13:49 11776 ----a-w- c:\windows\system32\mshta.exe
2012-03-16 13:49 . 2012-03-16 13:49 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-16 13:49 . 2012-03-16 13:49 101888 ----a-w- c:\windows\system32\admparse.dll
2012-03-06 23:15 . 2011-11-18 18:09 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-11-18 18:09 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-11-18 18:10 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2011-11-18 18:10 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2012-03-25 14:33 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01 . 2011-11-18 18:10 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-11-18 18:10 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-11-18 18:10 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 08:18 . 2011-06-04 13:13 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 05:44 . 2012-03-14 12:52 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22 . 2012-03-14 12:52 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22 . 2012-03-14 12:52 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:41 . 2012-03-14 12:52 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:41 . 2012-03-14 12:52 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 05:41 . 2012-03-14 12:52 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41 . 2012-03-14 12:52 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 05:41 . 2012-03-14 12:52 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-03-20 18:18 . 2011-06-01 17:59 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-12-04 1728512]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 343168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG111v3 Setup-Assistent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v3 Setup-Assistent.lnk
backup=c:\windows\pss\NETGEAR WG111v3 Setup-Assistent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Nico^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
path=c:\users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccip.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 06:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-02-28 16:38 1987976 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlusService]
2011-05-26 09:29 800768 ------w- c:\program files\Yuna Software\Messenger Plus!\PlusService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2011-11-23 13:17 442640 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-11-10 95304]
R3 netr73;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2009-11-18 376832]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-01-06 583680]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-16 218688]
S1 ntiomin;ntiomin; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-06 163328]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-05 291840]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2011-06-24 39424]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 1373576]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-12-06 9067008]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-12-06 264192]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [2010-09-16 1559552]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-10-17 85520]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-11-25 1108480]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 31602299
*Deregistered* - 31602299
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
IE: Free YouTube to MP3 Converter - c:\users\Nico\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\wxoysspe.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-FL Studio 9 - c:\program files\Image-Line\FL Studio 9\uninstall.exe
AddRemove-Mass Effect 2 German_is1 - c:\program files\Night\Mass Effect 2\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2709026904-2300073761-1837081891-1000\Software\SecuROM\License information*]
"datasecu"=hex:b5,37,cf,3f,42,bc,c8,55,7f,31,b9,25,a0,e3,60,b7,fb,e6,ae,d8,4c,
49,7c,6b,16,09,bd,93,52,8d,fc,f1,e1,86,eb,7e,b6,dd,5d,9f,ca,ce,2b,04,46,62,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-05-03 19:30:36
ComboFix-quarantined-files.txt 2012-05-03 17:30
.
Vor Suchlauf: 15 Verzeichnis(se), 426.157.719.552 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 426.061.692.928 Bytes frei
.
- - End Of File - - 982D06452941DDB69DF84CF83E956378
|
|
08.05.2012, 19:39
| #13 |
| | Starker Verdacht auf Virus/Trojaner In der Vergangenheit bestimmt, aber seitdem ich das Passwort geänder hab (also seit 4 Tagen) nur auf meinem PC .. naja und auf meinem Handy. Lassen sich Androids denn schon infizieren? |
|
02.05.2012, 18:46
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Starker Verdacht auf Virus/Trojaner Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddrnw
IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C1 D7 05 63 4A 55 CC 01 [binary data]
IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://start.facemoods.com/?a=ddrnw"
FF - prefs.js..network.proxy.http: "70.89.2.57"
FF - prefs.js..network.proxy.http_port: 8080
FF - user.js - File not found
[2011.08.12 21:31:24 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
O4 - HKLM..\Run: [VIAAUD] C:\Program Files\VIA\VIAudioi\VDeck\VIAAUD.exe File not found
O4 - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000..\Run: [PlayNC Launcher] File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{46754f5b-9475-11e0-bc61-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{46754f5b-9475-11e0-bc61-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe
O33 - MountPoints2\{4c5fc037-999c-11e0-9aa6-0025229459ae}\Shell - "" = AutoRun
O33 - MountPoints2\{4c5fc037-999c-11e0-9aa6-0025229459ae}\Shell\AutoRun\command - "" = E:\StartSetup.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.05.2012, 22:00
| #15 |
| | Starker Verdacht auf Virus/TrojanerCode:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKEY_USERS\S-1-5-21-2709026904-2300073761-1837081891-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2709026904-2300073761-1837081891-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2709026904-2300073761-1837081891-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Prefs.js: "Facemoods Search" removed from browser.search.defaultenginename
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: "hxxp://start.facemoods.com/?a=ddrnw" removed from browser.startup.homepage
Prefs.js: "70.89.2.57" removed from network.proxy.http
Prefs.js: 8080 removed from network.proxy.http_port
C:\Programme\Mozilla Firefox\searchplugins\fcmdSrch.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\VIAAUD deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2709026904-2300073761-1837081891-1000\Software\Microsoft\Windows\CurrentVersion\Run\\PlayNC Launcher deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46754f5b-9475-11e0-bc61-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46754f5b-9475-11e0-bc61-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46754f5b-9475-11e0-bc61-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46754f5b-9475-11e0-bc61-806e6f6e6963}\ not found.
File D:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c5fc037-999c-11e0-9aa6-0025229459ae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c5fc037-999c-11e0-9aa6-0025229459ae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c5fc037-999c-11e0-9aa6-0025229459ae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c5fc037-999c-11e0-9aa6-0025229459ae}\ not found.
File E:\StartSetup.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41044 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: ****
->Temp folder emptied: 2946953418 bytes
->Temporary Internet Files folder emptied: 41529381 bytes
->Java cache emptied: 555384 bytes
->FireFox cache emptied: 677822679 bytes
->Flash cache emptied: 64782 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 132512897 bytes
RecycleBin emptied: 8874440 bytes
Total Files Cleaned = 3.632,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: ****
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.42.2 log created on 05022012_225552
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
| Themen zu Starker Verdacht auf Virus/Trojaner |
| anleitung, antivirus, avast, deutlich, ebenfalls, gefunde, gelöscht, hoffe, langsamer, laufe, laufen, leitung, logfiles, programme, rojaner gefunden, tagen, troja, trojaner, trojaner gefunden, verdacht, weiterhelfen, woche, wochen |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Hybrid-Darstellung
