| |
| |||||||
Log-Analyse und Auswertung: GVU-Trojaner 2.07 eingefangenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
19.07.2012, 17:33
| #1 |
| |  GVU-Trojaner 2.07 eingefangen So ich hab mir den GVU Trojaner 2.07 eingefangen. Hab nen Scan mit MWB und OTL gemacht. Bitte um Hilfe. MWB Log Code:
ATTFilter alwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.19.10 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.7601.17514 Meddy :: M3DD0 [Administrator] 19.07.2012 17:20:53 mbam-log-2012-07-19 (17-20-53).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 413463 Laufzeit: 39 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\Invictus (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\Meddy\AppData\Local\Temp\toip0_tmp.exe (Spyware.Zbot.DG) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Meddy\Downloads\SoftonicDownloader_fuer_damn-nfo-viewer.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Meddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) OTL Log Code:
ATTFilter Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,98 Gb Total Physical Memory | 3,07 Gb Available Physical Memory | 77,12% Memory free 7,97 Gb Paging File | 7,16 Gb Available in Paging File | 89,94% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,56 Gb Total Space | 13,93 Gb Free Space | 14,28% Space Free | Partition Type: NTFS Drive D: | 368,10 Gb Total Space | 61,68 Gb Free Space | 16,76% Space Free | Partition Type: NTFS Computer Name: M3DD0 | User Name: Meddy | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.19 18:16:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Meddy\Desktop\OTL.exe PRC - [2012.07.07 12:31:02 | 000,874,384 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe PRC - [2012.07.07 12:31:02 | 000,800,656 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe PRC - [2012.07.03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe ========== Modules (No Company Name) ========== MOD - [2012.07.15 20:42:08 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.04.06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.07.15 20:42:08 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2012.06.29 14:21:12 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.05.10 14:49:57 | 000,624,856 | ---- | M] (Pandora.TV) [Auto | Stopped] -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe -- (PanService) SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.05.20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010.10.05 22:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010.10.05 22:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.28 18:25:40 | 000,036,864 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe -- (WLANBelkinService) SRV - [2009.10.13 17:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Auto | Stopped] -- C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe -- (Smart TimeLock) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.01.11 05:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012.03.19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012.01.31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2011.12.23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2011.12.23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter) DRV:64bit: - [2011.12.23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2011.07.29 05:40:00 | 000,079,104 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2011.07.29 05:40:00 | 000,056,960 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.05.20 10:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.03.23 04:20:58 | 000,077,936 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.10 19:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger) DRV:64bit: - [2010.11.21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.09.21 10:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2009.11.06 09:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007.02.07 14:21:12 | 000,250,152 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187.sys -- (RTL8187) DRV - [2012.07.19 18:07:05 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64) DRV - [2012.07.19 18:06:54 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2012.01.14 12:36:09 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2876635760-891664138-599219566-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2876635760-891664138-599219566-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2876635760-891664138-599219566-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 64 76 E2 37 0B 65 CD 01 [binary data] IE - HKU\S-1-5-21-2876635760-891664138-599219566-1000\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKU\S-1-5-21-2876635760-891664138-599219566-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2876635760-891664138-599219566-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2876635760-891664138-599219566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Meddy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.07.17 09:48:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.20 11:19:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.03 08:49:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.27 09:41:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.01.14 14:21:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meddy\AppData\Roaming\mozilla\Extensions [2012.06.27 09:41:19 | 000,564,732 | ---- | M] () (No name found) -- C:\USERS\MEDDY\APPDATA\ROAMING\THUNDERBIRD\PROFILES\B3AWSQQ4.DEFAULT\EXTENSIONS\TBTESTPILOT@LABS.MOZILLA.COM.XPI ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - Extension: YouTube = C:\Users\Meddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: YouTube = C:\Users\Meddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\Meddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Google-Suche = C:\Users\Meddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: SweetIM for Facebook = C:\Users\Meddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of CHR - Extension: SweetIM for Facebook = C:\Users\Meddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\ CHR - Extension: AVG Safe Search = C:\Users\Meddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\ CHR - Extension: AVG Safe Search = C:\Users\Meddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\ CHR - Extension: AVG Do Not Track = C:\Users\Meddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Meddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\Meddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ CHR - Extension: Google Mail = C:\Users\Meddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: YouTube = C:\Users\Meddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: YouTube = C:\Users\Meddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\Meddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Google-Suche = C:\Users\Meddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: SweetIM for Facebook = C:\Users\Meddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of CHR - Extension: SweetIM for Facebook = C:\Users\Meddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\ CHR - Extension: AVG Safe Search = C:\Users\Meddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\ CHR - Extension: AVG Safe Search = C:\Users\Meddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\ CHR - Extension: AVG Do Not Track = C:\Users\Meddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Meddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\Meddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ CHR - Extension: Google Mail = C:\Users\Meddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.06.30 21:10:31 | 000,000,856 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 eu.actual.battle.net O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (KMP Media Toolbar) - {daf5b34c-1aa3-4c33-ae24-766a370635d2} - C:\Program Files (x86)\kmpmediatoolbar\kmpmediatoolbarX.dll () O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (KMP Media Toolbar) - {daf5b34c-1aa3-4c33-ae24-766a370635d2} - C:\Program Files (x86)\kmpmediatoolbar\kmpmediatoolbarX.dll () O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKU\S-1-5-21-2876635760-891664138-599219566-1000\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4:64bit: - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2876635760-891664138-599219566-1000..\Run: [Steam] D:\Games\Steam\steam.exe (Valve Corporation) O4:64bit: - HKLM..\RunOnce: [RPMKickstart] C:\Programme\GIGABYTE\SMART6\Recovery\RPMKickstart.exe (Gigabyte Technology CO., LTD.) O4 - HKLM..\RunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Meddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-2876635760-891664138-599219566-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2876635760-891664138-599219566-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Meddy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Meddy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html () O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A97AD84-5563-4FBD-9280-E7993B19F95E}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33B0FFCA-B588-4F19-B06E-596C9CB9EC56}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{88fef74b-3e42-11e1-8379-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{88fef74b-3e42-11e1-8379-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Run.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.19 18:16:26 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Meddy\Desktop\OTL.exe [2012.07.19 18:11:46 | 000,000,000 | -HSD | C] -- C:\found.000 [2012.07.19 18:08:11 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.07.19 17:19:58 | 000,000,000 | ---D | C] -- C:\Users\Meddy\AppData\Roaming\Malwarebytes [2012.07.19 17:19:54 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.19 17:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.19 17:19:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.19 17:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.19 17:19:39 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Meddy\Desktop\malwarebytes_antimalware_1.61.exe [2012.07.19 12:17:42 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.07.17 11:29:43 | 000,000,000 | ---D | C] -- C:\Users\Meddy\AppData\Roaming\Unity [2012.07.17 11:28:23 | 000,000,000 | ---D | C] -- C:\Users\Meddy\AppData\Local\Unity [2012.07.17 09:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012.07.10 21:18:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2012.07.09 19:19:59 | 000,000,000 | ---D | C] -- C:\Users\Meddy\AppData\Local\Falk Navi-Manager [2012.07.09 19:15:13 | 000,000,000 | ---D | C] -- C:\Windows\WindowsMobile [2012.07.09 19:14:18 | 000,000,000 | ---D | C] -- C:\Users\Meddy\Documents\FalkData [2012.07.09 19:13:49 | 001,089,536 | ---- | C] (eHelp Corporation.) -- C:\Windows\SysWow64\ROBOEX32.DLL [2012.07.09 19:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Falk [2012.07.09 19:13:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Falk [2012.07.03 11:25:30 | 000,000,000 | ---D | C] -- C:\Users\Meddy\AppData\Roaming\Help [2012.07.03 11:21:03 | 000,000,000 | ---D | C] -- C:\Users\Meddy\AppData\Roaming\TeamViewer [2012.07.03 11:21:03 | 000,000,000 | ---D | C] -- C:\Users\Meddy\AppData\Roaming\Media Player Classic [2012.07.03 01:18:36 | 000,000,000 | ---D | C] -- C:\Users\Meddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlugY, The Survival Kit [2012.07.01 19:31:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlugY, The Survival Kit [2012.07.01 19:13:46 | 000,000,000 | ---D | C] -- C:\Users\Meddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diablo II [2012.07.01 18:57:45 | 000,102,400 | ---- | C] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe [2012.06.30 20:58:59 | 000,000,000 | ---D | C] -- C:\Users\Meddy\Documents\Diablo III [2012.06.30 20:58:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2012.06.30 20:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2012.06.30 15:38:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II [2012.06.29 14:28:51 | 000,000,000 | ---D | C] -- C:\Users\Meddy\Desktop\DVD'S [2012.06.28 11:21:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rogero [2012.06.28 11:21:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rogero [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.19 18:18:36 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.19 18:18:36 | 000,696,848 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.19 18:18:36 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.19 18:18:36 | 000,148,144 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.19 18:18:36 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.19 18:16:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Meddy\Desktop\OTL.exe [2012.07.19 18:13:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.19 18:13:40 | 3208,040,448 | -HS- | M] () -- C:\hiberfil.sys [2012.07.19 18:12:41 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat [2012.07.19 18:07:05 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys [2012.07.19 18:07:05 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\GVTunner.ref [2012.07.19 18:06:31 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.19 17:20:23 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.19 17:19:39 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Meddy\Desktop\malwarebytes_antimalware_1.61.exe [2012.07.19 17:13:59 | 000,000,410 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2012.07.19 16:52:52 | 004,503,728 | ---- | M] () -- C:\ProgramData\pmt_0piot.pad [2012.07.19 16:45:33 | 000,292,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.19 10:28:10 | 000,021,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.19 10:28:10 | 000,021,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.19 09:42:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.19 09:39:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.19 09:34:51 | 101,695,466 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012.07.18 19:31:59 | 000,027,520 | ---- | M] () -- C:\Users\Meddy\AppData\Local\dt.dat [2012.07.17 11:19:23 | 000,000,516 | ---- | M] () -- C:\Users\Meddy\Desktop\Resume Download of Champions Online.url [2012.07.17 09:48:05 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012.07.16 18:49:11 | 000,296,163 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2012.07.09 19:24:00 | 000,001,930 | ---- | M] () -- C:\Users\Public\Desktop\Falk Navi-Manager classic.lnk [2012.07.09 19:17:43 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Falk Navi-Manager.lnk [2012.07.09 19:15:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf [2012.07.07 16:58:18 | 000,018,551 | ---- | M] () -- C:\Users\Meddy\Desktop\OpenDocument Text (neu).odt [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.03 01:18:36 | 000,000,826 | ---- | M] () -- C:\Users\Meddy\Desktop\PlugY, The Survival Kit.lnk [2012.07.02 03:01:05 | 001,590,370 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.07.01 19:16:54 | 000,030,931 | ---- | M] () -- C:\Windows\DIIUnin.dat [2012.07.01 19:15:09 | 000,001,025 | ---- | M] () -- C:\Users\Meddy\Desktop\Diablo II.exe.lnk [2012.07.01 18:57:45 | 000,102,400 | ---- | M] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe [2012.07.01 18:57:45 | 000,002,829 | ---- | M] () -- C:\Windows\DIIUnin.pif [2012.06.30 16:05:20 | 000,021,840 | ---- | M] () -- C:\Windows\SysWow64\SIntfNT.dll [2012.06.30 16:05:20 | 000,017,212 | ---- | M] () -- C:\Windows\SysWow64\SIntf32.dll [2012.06.30 16:05:20 | 000,012,067 | ---- | M] () -- C:\Windows\SysWow64\SIntf16.dll [2012.06.28 11:21:06 | 000,002,092 | ---- | M] () -- C:\Users\Public\Desktop\360 Multi Builder_WinXP.lnk [2012.06.28 11:21:06 | 000,002,056 | ---- | M] () -- C:\Users\Public\Desktop\360 Multi Builder.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.19 18:12:41 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat [2012.07.19 17:19:54 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.18 19:31:59 | 000,027,520 | ---- | C] () -- C:\Users\Meddy\AppData\Local\dt.dat [2012.07.18 19:31:48 | 004,503,728 | ---- | C] () -- C:\ProgramData\pmt_0piot.pad [2012.07.17 11:19:23 | 000,000,516 | ---- | C] () -- C:\Users\Meddy\Desktop\Resume Download of Champions Online.url [2012.07.09 19:24:00 | 001,456,640 | ---- | C] () -- C:\Program Files (x86)\Common Files\Falk Navi-Manager classic.msi [2012.07.09 19:24:00 | 000,001,930 | ---- | C] () -- C:\Users\Public\Desktop\Falk Navi-Manager classic.lnk [2012.07.09 19:15:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf [2012.07.09 19:15:20 | 000,002,419 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk [2012.07.09 19:14:02 | 000,001,340 | ---- | C] () -- C:\Windows\SysWow64\KMLImportPlugin.tlb [2012.07.09 19:13:49 | 001,456,640 | ---- | C] () -- C:\Program Files (x86)\Common Files\Falk Navi-Manager.msi [2012.07.09 19:13:49 | 000,003,600 | ---- | C] () -- C:\Windows\SysWow64\FNMPlugin.tlb [2012.07.09 19:13:48 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Falk Navi-Manager.lnk [2012.07.07 16:57:08 | 000,018,551 | ---- | C] () -- C:\Users\Meddy\Desktop\OpenDocument Text (neu).odt [2012.07.03 01:18:36 | 000,000,826 | ---- | C] () -- C:\Users\Meddy\Desktop\PlugY, The Survival Kit.lnk [2012.07.01 19:15:12 | 000,001,025 | ---- | C] () -- C:\Users\Meddy\Desktop\Diablo II.exe.lnk [2012.07.01 18:57:47 | 000,030,931 | ---- | C] () -- C:\Windows\DIIUnin.dat [2012.07.01 18:57:45 | 000,002,829 | ---- | C] () -- C:\Windows\DIIUnin.pif [2012.06.30 21:52:31 | 001,590,370 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.06.30 16:05:20 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2012.06.30 16:05:20 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2012.06.30 16:05:20 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2012.06.28 11:21:06 | 000,002,092 | ---- | C] () -- C:\Users\Public\Desktop\360 Multi Builder_WinXP.lnk [2012.06.28 11:21:06 | 000,002,056 | ---- | C] () -- C:\Users\Public\Desktop\360 Multi Builder.lnk [2012.05.19 12:41:15 | 000,210,032 | ---- | C] () -- C:\Windows\SysWow64\DBCLIENT.DLL [2012.05.17 15:30:19 | 000,000,410 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.05.10 14:59:08 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012.03.14 11:47:33 | 000,000,132 | ---- | C] () -- C:\Windows\winamp.ini [2012.02.18 00:25:10 | 000,000,474 | RHS- | C] () -- C:\Users\Meddy\ntuser.pol [2012.02.12 15:05:10 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2012.02.12 15:05:10 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2012.02.12 15:05:10 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2012.02.12 15:05:10 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2012.02.12 15:05:10 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2012.02.12 15:05:10 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2012.02.12 15:05:10 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2012.02.12 15:05:10 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2012.02.12 15:05:10 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2012.02.12 15:05:10 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2012.02.12 15:05:10 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2012.02.12 15:05:10 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2012.02.12 15:05:10 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2012.02.12 15:05:10 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2012.02.12 15:05:10 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2012.02.12 15:05:10 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2012.02.12 15:05:10 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2012.02.12 15:05:10 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2012.02.12 15:05:10 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2012.01.14 02:21:40 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2012.01.14 02:14:35 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2012.01.14 02:09:26 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== LOP Check ========== [2012.02.11 20:28:28 | 000,000,000 | ---D | M] -- C:\Users\Meddy\AppData\Roaming\Ashampoo [2012.01.14 03:01:26 | 000,000,000 | ---D | M] -- C:\Users\Meddy\AppData\Roaming\AVG2012 [2012.05.02 21:38:18 | 000,000,000 | ---D | M] -- C:\Users\Meddy\AppData\Roaming\DVDVideoSoft [2012.05.02 21:38:07 | 000,000,000 | ---D | M] -- C:\Users\Meddy\AppData\Roaming\DVDVideoSoftIEHelpers [2012.03.14 11:43:11 | 000,000,000 | ---D | M] -- C:\Users\Meddy\AppData\Roaming\foobar2000 [2012.05.18 18:13:06 | 000,000,000 | ---D | M] -- C:\Users\Meddy\AppData\Roaming\GHISLER [2012.02.12 01:35:51 | 000,000,000 | ---D | M] -- C:\Users\Meddy\AppData\Roaming\ImgBurn [2012.01.14 14:17:09 | 000,000,000 | ---D | M] -- C:\Users\Meddy\AppData\Roaming\LolClient [2012.05.24 12:32:00 | 000,000,000 | ---D | M] -- C:\Users\Meddy\AppData\Roaming\LolClient2 [2012.02.12 21:49:44 | 000,000,000 | ---D | M] -- C:\Users\Meddy\AppData\Roaming\OpenOffice.org [2012.01.14 02:33:59 | 000,000,000 | ---D | M] -- C:\Users\Meddy\AppData\Roaming\Opera [2012.02.14 10:47:29 | 000,000,000 | ---D | M] -- C:\Users\Meddy\AppData\Roaming\PgcEdit [2012.07.03 11:21:03 | 000,000,000 | ---D | M] -- C:\Users\Meddy\AppData\Roaming\TeamViewer [2012.06.19 14:43:36 | 000,000,000 | ---D | M] -- C:\Users\Meddy\AppData\Roaming\TeraCopy [2012.01.14 14:21:54 | 000,000,000 | ---D | M] -- C:\Users\Meddy\AppData\Roaming\Thunderbird [2012.07.17 11:29:43 | 000,000,000 | ---D | M] -- C:\Users\Meddy\AppData\Roaming\Unity [2009.07.14 07:08:49 | 000,018,522 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < :OTL > < IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} > < IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC > < IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} > < IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC > < IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} > < IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://search.yahoo.com/search?fr=chr-panda&q={searchTerms}&ei=UTF-8&type=PCAFSI1190 > < IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 > < IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local > < FF - prefs.js..browser.search.defaultenginename: "foxsearch" > < FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search" > < FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}" > < FF - prefs.js..browser.search.order.1: "foxsearch" > < FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=244506" > < FF - prefs.js..browser.search.selectedEngine: "foxsearch" > < FF - prefs.js..browser.search.suggest.enabled: false > < FF - prefs.js..browser.search.useDBForOrder: true > < FF - prefs.js..browser.startup.homepage: "about:home" > < FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 > < FF - prefs.js..extensions.enabledItems: widgetruntime@surfsecret.com:1.0 > < FF - prefs.js..extensions.enabledItems: activities@kaply.com:0.7.7 > < FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.2.6 > < FF - prefs.js..extensions.enabledItems: bettergmail2@ginatrapani.org:1.2 > < FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 > < FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66 > < FF - prefs.js..extensions.enabledItems: extension@virtusdesigns.com:3.6.7 > < FF - prefs.js..extensions.enabledItems: kosa@kallout.com:2.0.1.1 > < FF - prefs.js..extensions.enabledItems: max@subfighter.com:1.0.3 > < FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 > < FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44026 > < FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.8 > < FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1 > < FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.4 > < FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7 > < FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2 > < FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908 > < FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10 > < FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 > < FF - prefs.js..extensions.enabledItems: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}:1.0 > < FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 > < FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 > < FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49 > < FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 > < FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2 > < FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.1 > < FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 > < FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2 > < FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101 > < FF - prefs.js..extensions.enabledItems: rein@notiz.jp:3.6.1 > < FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81b1}:2.2 > < FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91 > < FF - prefs.js..extensions.enabledItems: {239c61a8-e55f-11db-8314-0800200c9a66}:2.1.4 > < FF - prefs.js..extensions.enabledItems: {35f30c76-35d4-56d9-8dbc-000a6e787ef4}:1.2.2 > < FF - prefs.js..extensions.enabledItems: {3713a489-0634-4472-8456-dc7abd7eba00}:1.3.1 > < FF - prefs.js..extensions.enabledItems: {5c876f30-10ce-11dd-bd0b-0800200c9a66}:3.6.7 > < FF - prefs.js..extensions.enabledItems: {6e00410e-1176-11dc-8314-0800200c9a66}:1.6.2 > < FF - prefs.js..extensions.enabledItems: {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.6.7 > < FF - prefs.js..extensions.enabledItems: {9998A493-980E-4716-81BC-F0C77001E9B7}:3.13 > < FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.6.3 > < FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" > < FF - prefs.js..network.proxy.http: "212.233.184.189" > < FF - prefs.js..network.proxy.http_port: 3128 > < FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" > < FF - prefs.js..network.proxy.share_proxy_settings: true > < FF - prefs.js..network.proxy.type: 0 > < FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () > Invalid Switch: FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () < FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) > Invalid Switch: Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) < FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) > Invalid Switch: Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) < CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll > < O4 - HKCU..\Run: [KiesHelper] F:\Kies\KiesHelper.exe /s File not found > < O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 > < O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 > < O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 > < O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 > < O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 > < O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 > < O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 > < O27:64bit: - HKLM IFEO\hirezgamesdiagandsupport.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) > < O27:64bit: - HKLM IFEO\hirezlauncherui.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) > < O27:64bit: - HKLM IFEO\kies.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) > < O27:64bit: - HKLM IFEO\nvstlink.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) > < O27:64bit: - HKLM IFEO\nvstview.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) > < O27:64bit: - HKLM IFEO\pccompanion.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) > < O27:64bit: - HKLM IFEO\setup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) > < O27 - HKLM IFEO\hirezgamesdiagandsupport.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) > < O27 - HKLM IFEO\hirezlauncherui.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) > < O27 - HKLM IFEO\kies.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) > < O27 - HKLM IFEO\nvstlink.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) > < O27 - HKLM IFEO\nvstview.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) > < O27 - HKLM IFEO\pccompanion.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) > < O27 - HKLM IFEO\setup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) > < O32 - HKLM CDRom: AutoRun - 1 > < O33 - MountPoints2\{48d1e49d-5989-11e1-911d-806e6f6e6963}\Shell - "" = AutoRun > < O33 - MountPoints2\{48d1e49d-5989-11e1-911d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Bin\assetup.exe > < > < @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:0FF263E8 > < > < [2012.07.16 18:02:21 | 004,503,728 | ---- | M] () -- C:\ProgramData\to_r0tsef.pad > < [2012.07.16 17:23:09 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad > < > < :Files > < > < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. < :Commands > < [purity] > < [emptytemp] > < [emptyflash] > < End of report > Geändert von M3dD0 (19.07.2012 um 18:06 Uhr) |
| Themen zu GVU-Trojaner 2.07 eingefangen |
| administrator, adobe, bho, browser, cftmon.lnk, ctfmon.lnk, desktop, eraser, firefox, flash player, go_0molg.pad, gvu trojaner, gvu trojaner 2.07, gvu trojaner entfernen, gvu trojaner mit webcam, heuristiks/extra, heuristiks/shuriken, homepage, langs, nvidia, pandora.tv, plug-in, realtek, reveton.c, searchscopes, server, sweetim, sweetpacks, trojaner, webcam gvu trojaner, webcamfenster, wrapper |
Baum-Darstellung