| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: LicenseValidator.exe/UpdateChecker.exe, TR/ATRAPS.Gen und TR/ATRAPS.Gen2Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
31.07.2012, 01:46
| #1 |
 |  LicenseValidator.exe/UpdateChecker.exe, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 Hallo liebe Trojaner-Boardler, ich habe seit einigen Stunden ein merkwürdiges Verhalten auf meinem Computer. Begonnen hat alles mit dem Update des Flash Players auf die neueste Version - zumindest gehe ich davon aus, dass es damit losging, da ich in den Tagen und Stunden davor sonst nichts heruntergeladen habe. Anfangs kam unbekannte Musik durch die Boxen. Als ich den TaskManager gestartet habe, um zu schauen, was das verursacht, hat es aufgehört. Ich wollte hierauf Chrome starten, um nach diesem Vorfall zu googlen. Chrome ist allerdings mitsamt aller Erweiterungen abgestürzt. Nun habe ich mithilfe von Firefox ein wenig recherchiert, auch in einem Threads in diesem Forum, die ich über Google erreicht habe und habe mal MBAM laufen lassen. Gefunden wurde die LicenseValidator.exe.. Löschen lassen, Neustart musste ich hinauszögern, da ich noch etwas wichtiges hochgeladen habe. Währenddessen noch einige Male MBAM durchlaufen lassen, unterschiedliche Ergebnisse in immer wechselnden Ordnern. Unter anderem kam die UpdateChecker.exe hinzu. Seit knapp einer Stunde ist zumindest mit den beiden Dateien Ruhe. Zudem ist mir aufgefallen, dass immer zwei unsichtbare iexplore.exe-Instanzen gestartet werden. Ich gehe davon aus, dass die Musik von denen kam. Das war aber insgesamt nur zweimal der Fall und seitdem nicht mehr. Nur die beiden iexplore.exe sind noch eine Weile immer von alleine gestartet. Seit etwa 30 Minuten Ruhe. Auch Chrome startet wieder wie gewohnt. Nach dem Upload habe ich den PC endlich neugestartet und seitdem meldet Avira Antivir etwa alle 2 Minuten, dass er "TR/ATRAPS.Gen" und "TR/ATRAPS.Gen2" in C:\Windows\Installer gefunden hat. Quarantäne/Löschen scheinen keinen Erfolg zu bringen. Scheinbar handelt es sich hierbei um ein Rootkit.. Nun, da in allen Threads angegeben worden ist, dass man nicht eigenständig rumprobieren soll, da dadurch womöglich die Säuberung erschwert wird, habe ich mich nun entschlossen, ohne eigenmächtiges Handeln hier um Hilfe zu bitten. Sobald ich weiß, welche Logs ich posten soll, werde ich das sofort nachholen. Grüße, Sinan [edit] Achja, nach dem Neustart war eingestellt, dass Erweiterungen bei bekannten Dateitypen ausgeblendet werden. Normal habe ich immer alle Dateiendungen an! Hier schon mal die Logs von OTL. OTL.txt Code:
ATTFilter OTL logfile created on: 31.07.2012 02:29:59 - Run 2 OTL by OldTimer - Version 3.2.55.0 Folder = D:\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,17 Gb Available Physical Memory | 77,33% Memory free 15,97 Gb Paging File | 13,91 Gb Available in Paging File | 87,10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,14 Gb Total Space | 31,82 Gb Free Space | 26,70% Space Free | Partition Type: NTFS Drive D: | 298,09 Gb Total Space | 278,63 Gb Free Space | 93,47% Space Free | Partition Type: NTFS Drive E: | 1863,01 Gb Total Space | 1566,38 Gb Free Space | 84,08% Space Free | Partition Type: NTFS Drive F: | 680,71 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: SINAN-PC | User Name: Sinan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Tools\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) PRC - C:\Users\Sinan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Users\Sinan\AppData\Local\Apps\2.0\WJ9XW3JD.Q96\OTJDQ9CX.66J\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe (AVM Berlin) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\ASUS Xonar DS Audio\Customapp\AsusAudioCenter.exe (CMedia) PRC - C:\Windows\SysWOW64\HsMgr.exe () ========== Modules (No Company Name) ========== MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\wx._core_.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\wx._controls_.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\windows._cacheinvalidation.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\wx._windows_.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\wx._gdi_.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\wx._misc_.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\_ssl.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\unicodedata.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\pysqlite2._sqlite.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\pythoncom26.dll () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\_hashlib.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\win32com.shell.shell.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\pyexpat.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\wx._wizard.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\win32file.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\pywintypes26.dll () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\win32api.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\_elementtree.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\_ctypes.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\wx._html2.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\_socket.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\win32inet.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\win32process.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\win32pdh.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\win32event.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\win32crypt.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI15442\select.pyd () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c764ad83cd3287fc59a3dc02e08ad1ea\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Users\Sinan\AppData\Local\Apps\2.0\WJ9XW3JD.Q96\OTJDQ9CX.66J\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\managedupnp.DLL () MOD - C:\Programme\ASUS Xonar DS Audio\Customapp\VmixP8.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll () MOD - C:\Windows\SysWOW64\HsMgr.exe () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (avmaudio) -- C:\Windows\SysNative\drivers\avmaudio.sys (AVM Berlin) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc) DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (cmudaxp) -- C:\Windows\SysNative\drivers\cmudaxp.sys (C-Media Inc) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 00 F5 10 6B FC CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.youtube.com" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Tools\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sinan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sinan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Sinan\AppData\Local\Facebook\Messenger\2.1.4590.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.04.10 23:46:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 12:48:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.26 16:48:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.04.10 23:46:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 12:48:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.26 16:48:07 | 000,000,000 | ---D | M] [2012.03.06 14:00:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sinan\AppData\Roaming\mozilla\Extensions [2012.05.02 12:59:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sinan\AppData\Roaming\mozilla\Firefox\Profiles\pdp3sgpr.default\extensions [2012.05.04 10:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.05.04 10:15:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.07.18 12:48:25 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.04.27 10:00:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.27 10:00:13 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.27 10:00:13 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.27 10:00:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.27 10:00:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.27 10:00:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.de/ig CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - homepage: hxxp://www.google.de/ig CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Sinan\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sinan\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sinan\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Tools\VLC\npvlc.dll CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Sinan\AppData\Local\Facebook\Messenger\2.0.4478.0\npFbDesktopPlugin.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll CHR - Extension: Brushed = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg\1.0_0\ CHR - Extension: YouTube = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Tampermonkey = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\2.5.29_0\ CHR - Extension: Usability Boost for Google Plus\u2122 = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkcppcocablbakkaboahjmljpodddkcp\1.6_0\ CHR - Extension: FB Photo Zoom = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1206.11.1_0\ CHR - Extension: Vanilla Cookie Manager = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gieohaicffldbmiilohhggbidhephnjj\1.2.0_0\ CHR - Extension: AdBlock = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.38_0\ CHR - Extension: Downloads = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb\1_0\ CHR - Extension: Beautify G+ = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbkpajolelcpmhkbcnmoaafpmfkepohl\0.1.1_0\ CHR - Extension: +1 Button - Plus One Button = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmonhedbcpagbphilnoajiencllnpoii\0.3.0_0\ CHR - Extension: Google Mail-Checker = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\ CHR - Extension: Google Mail = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.03.08 23:21:51 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: <-- habe das mal zensiert, enthält nur einen Eintrag, der seit Ewigkeiten drin ist und daher nicht von Belang --> O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation) O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe () O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe () O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [WinampAgent] C:\Tools\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\Sinan\AppData\Local\Apps\2.0\WJ9XW3JD.Q96\OTJDQ9CX.66J\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [Dxtory Update Checker 2.0] C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe (Dxtory Software) O4 - HKCU..\Run: [Facebook Update] C:\Users\Sinan\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) O4 - Startup: C:\Users\Sinan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sinan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Sinan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Sinan\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe (Facebook) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50FF9B21-0184-40E3-A709-7E97749BB03D}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2000.12.06 18:02:42 | 000,000,042 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{1430c240-68b3-11e1-99ad-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1430c240-68b3-11e1-99ad-806e6f6e6963}\Shell\AutoRun\command - "" = F:\TOPSTART.EXE -- [1998.07.06 15:47:10 | 000,214,528 | R--- | M] (TopWare) O33 - MountPoints2\{7fa84bd2-9112-11e1-ac52-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{7fa84bd2-9112-11e1-ac52-806e6f6e6963}\Shell\AutoRun\command - "" = F:\TOPSTART.EXE -- [1998.07.06 15:47:10 | 000,214,528 | R--- | M] (TopWare) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.31 01:29:52 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\Google Inc [2012.07.31 01:00:26 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\Malwarebytes [2012.07.31 01:00:20 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.31 01:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.31 00:06:04 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA% [2012.07.31 00:01:25 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\Help [2012.07.30 23:57:17 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\TeamViewer [2012.07.27 11:24:32 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook [2012.07.26 16:48:07 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in [2012.07.26 16:48:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2012.07.26 16:48:03 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\Winamp [2012.07.26 15:29:59 | 000,000,000 | ---D | C] -- C:\Users\Sinan\Desktop\minecraft [2012.07.20 13:11:59 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.07.19 19:05:11 | 000,000,000 | --SD | C] -- C:\Users\Sinan\Google Drive [2012.07.19 19:03:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive [2012.07.17 18:19:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2012.07.17 18:19:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012.07.13 18:15:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2012.07.13 18:15:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2012.07.11 20:03:50 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse [2012.07.11 20:02:57 | 000,000,000 | ---D | C] -- C:\Users\Sinan\Documents\My Curse [2012.07.09 23:20:32 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\.minecraft [2012.07.05 20:49:26 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.07.05 20:46:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2012.07.05 20:46:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.07.05 20:46:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2012.07.05 20:46:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2012.07.05 20:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012.07.05 20:46:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2012.07.05 20:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2012.07.05 13:01:48 | 000,000,000 | ---D | C] -- C:\Users\Sinan\SimpleJavaYoutubeUploader ========== Files - Modified Within 30 Days ========== [2012.07.31 02:27:24 | 000,017,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.31 02:27:24 | 000,017,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.31 02:26:18 | 001,612,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.31 02:26:18 | 000,698,514 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.31 02:26:18 | 000,652,496 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.31 02:26:18 | 000,148,570 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.31 02:26:18 | 000,121,428 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.31 02:22:01 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2549378726-1747224767-639920088-1000UA.job [2012.07.31 02:20:02 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.31 02:19:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.31 02:13:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.31 01:36:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2549378726-1747224767-639920088-1000UA.job [2012.07.31 01:36:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2549378726-1747224767-639920088-1000Core.job [2012.07.31 01:00:20 | 000,000,719 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.30 23:22:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2549378726-1747224767-639920088-1000Core.job [2012.07.30 16:08:55 | 000,381,928 | ---- | M] () -- C:\Users\Sinan\Desktop\items.png [2012.07.29 18:55:00 | 000,000,724 | ---- | M] () -- C:\Users\Sinan\Desktop\World of Warcraft.lnk [2012.07.29 17:26:48 | 000,001,126 | ---- | M] () -- C:\Users\Sinan\Desktop\Minecraft.lnk [2012.07.28 23:07:35 | 000,096,199 | ---- | M] () -- C:\Users\Sinan\Desktop\steamspieleahoi.png [2012.07.27 11:24:32 | 000,001,336 | ---- | M] () -- C:\Users\Sinan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2012.07.26 16:48:07 | 000,000,687 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk [2012.07.22 18:27:25 | 000,000,722 | ---- | M] () -- C:\Users\Public\Desktop\So Blonde.lnk [2012.07.20 15:43:15 | 000,001,556 | ---- | M] () -- C:\Users\Sinan\Desktop\Spiele.lnk [2012.07.18 16:43:48 | 000,001,355 | ---- | M] () -- C:\Users\Sinan\Desktop\Simple Java Youtube Uploader.lnk [2012.07.17 18:21:48 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.07.17 18:21:26 | 000,298,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.07.17 18:21:26 | 000,298,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.07.17 18:19:31 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.07.17 16:28:37 | 000,001,345 | ---- | M] () -- C:\Users\Sinan\Desktop\Vorlagen.lnk [2012.07.15 02:02:56 | 003,130,440 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_blr.exe [2012.07.13 18:15:32 | 000,000,697 | ---- | M] () -- C:\Users\Sinan\Desktop\Steam.lnk [2012.07.11 20:03:50 | 000,000,318 | ---- | M] () -- C:\Users\Sinan\Desktop\Curse Client.appref-ms [2012.07.11 15:54:23 | 004,832,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012.07.31 01:00:20 | 000,000,719 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.31 00:02:19 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{29faad88-d494-32dc-20cb-b161cbd02f3f}\U\00000001.@ [2012.07.30 15:50:20 | 000,381,928 | ---- | C] () -- C:\Users\Sinan\Desktop\items.png [2012.07.29 17:26:23 | 000,001,126 | ---- | C] () -- C:\Users\Sinan\Desktop\Minecraft.lnk [2012.07.28 23:05:29 | 000,096,199 | ---- | C] () -- C:\Users\Sinan\Desktop\steamspieleahoi.png [2012.07.26 16:48:07 | 000,000,687 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk [2012.07.22 18:27:25 | 000,000,722 | ---- | C] () -- C:\Users\Public\Desktop\So Blonde.lnk [2012.07.20 15:43:15 | 000,001,556 | ---- | C] () -- C:\Users\Sinan\Desktop\Spiele.lnk [2012.07.17 18:19:23 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe [2012.07.17 16:28:37 | 000,001,345 | ---- | C] () -- C:\Users\Sinan\Desktop\Vorlagen.lnk [2012.07.13 18:15:32 | 000,000,697 | ---- | C] () -- C:\Users\Sinan\Desktop\Steam.lnk [2012.07.11 20:03:50 | 000,000,318 | ---- | C] () -- C:\Users\Sinan\Desktop\Curse Client.appref-ms [2012.07.05 13:01:39 | 000,001,355 | ---- | C] () -- C:\Users\Sinan\Desktop\Simple Java Youtube Uploader.lnk [2012.05.10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.04.18 11:18:37 | 000,007,624 | ---- | C] () -- C:\Users\Sinan\AppData\Local\Resmon.ResmonCfg [2012.04.10 23:44:28 | 000,245,592 | ---- | C] () -- C:\Windows\hpoins19.dat [2012.04.10 23:44:28 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat [2012.03.08 14:33:22 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe [2012.03.08 14:33:22 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll [2012.03.08 14:33:22 | 000,001,990 | ---- | C] () -- C:\Windows\unins000.dat [2012.03.07 15:42:40 | 001,593,186 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.06 13:17:50 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{29faad88-d494-32dc-20cb-b161cbd02f3f}\@ [2012.03.06 13:17:50 | 000,002,048 | -HS- | C] () -- C:\Users\Sinan\AppData\Local\{29faad88-d494-32dc-20cb-b161cbd02f3f}\@ [2012.03.05 22:26:55 | 000,298,016 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.03.05 22:26:55 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.03.05 19:21:55 | 000,000,079 | ---- | C] () -- C:\Users\Sinan\AppData\Local\CrystalDiskMark30.ini [2012.03.05 18:57:47 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe [2012.03.05 18:57:47 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll [2012.03.05 18:57:47 | 000,042,457 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl [2012.03.05 18:57:47 | 000,000,048 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini [2012.03.05 18:57:45 | 000,000,892 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi [2012.03.05 18:57:43 | 000,004,969 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg [2012.03.05 18:57:43 | 000,000,516 | ---- | C] () -- C:\Windows\cmudaxp.ini [2012.03.05 17:49:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.03.22 01:23:54 | 000,007,250 | ---- | C] () -- C:\Windows\SysWow64\dfscacm.dll [2011.03.22 01:23:52 | 000,006,223 | ---- | C] () -- C:\Windows\SysWow64\dfsc.dll ========== LOP Check ========== [2012.07.30 22:52:38 | 000,000,000 | ---D | M] -- C:\Users\Sinan\AppData\Roaming\.minecraft [2012.03.05 18:57:54 | 000,000,000 | ---D | M] -- C:\Users\Sinan\AppData\Roaming\ASUS [2012.07.30 23:28:51 | 000,000,000 | ---D | M] -- C:\Users\Sinan\AppData\Roaming\Audacity [2012.04.23 23:03:11 | 000,000,000 | ---D | M] -- C:\Users\Sinan\AppData\Roaming\benibela [2012.03.08 02:43:06 | 000,000,000 | ---D | M] -- C:\Users\Sinan\AppData\Roaming\DAEMON Tools Lite [2012.07.31 02:20:16 | 000,000,000 | ---D | M] -- C:\Users\Sinan\AppData\Roaming\Dropbox [2012.07.27 02:42:05 | 000,000,000 | ---D | M] -- C:\Users\Sinan\AppData\Roaming\FileZilla [2012.03.08 22:46:32 | 000,000,000 | ---D | M] -- C:\Users\Sinan\AppData\Roaming\Leadertech [2012.03.08 01:20:18 | 000,000,000 | ---D | M] -- C:\Users\Sinan\AppData\Roaming\mkvtoolnix [2012.03.31 15:20:20 | 000,000,000 | ---D | M] -- C:\Users\Sinan\AppData\Roaming\Notepad++ [2012.03.07 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\Sinan\AppData\Roaming\Opera [2012.03.05 19:49:31 | 000,000,000 | ---D | M] -- C:\Users\Sinan\AppData\Roaming\Origin [2012.03.08 23:25:54 | 000,000,000 | ---D | M] -- C:\Users\Sinan\AppData\Roaming\PACE Anti-Piracy [2012.07.20 13:11:59 | 000,000,000 | ---D | M] -- C:\Users\Sinan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.07.31 01:20:53 | 000,000,000 | ---D | M] -- C:\Users\Sinan\AppData\Roaming\TeamViewer [2012.07.30 23:22:00 | 000,001,116 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2549378726-1747224767-639920088-1000Core.job [2012.07.31 02:22:01 | 000,001,138 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2549378726-1747224767-639920088-1000UA.job [2012.07.30 10:50:54 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 1061 bytes -> C:\Users\Sinan\AppData\Local\Temp:XZiEAUssdNqAq02mkh9H5N < End of report > Code:
ATTFilter OTL Extras logfile created on: 31.07.2012 01:19:11 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = D:\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 5,82 Gb Available Physical Memory | 72,95% Memory free
15,97 Gb Paging File | 13,29 Gb Available in Paging File | 83,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 31,75 Gb Free Space | 26,65% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 274,10 Gb Free Space | 91,95% Space Free | Partition Type: NTFS
Drive E: | 1863,01 Gb Total Space | 1502,05 Gb Free Space | 80,62% Space Free | Partition Type: NTFS
Drive F: | 680,71 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: SINAN-PC | User Name: Sinan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}" = AMD Catalyst Install Manager
"{1111706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 (64-bit)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2222706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 SDK (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema 1.6.0.4014 x64
"{42A2440F-7A5D-6956-3EF0-815814399EAA}" = AMD Accelerated Video Transcoding
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4E021D2A-16ED-4FFF-87CB-774F4F62A1A1}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{572788F2-0AB7-FA0E-6E91-B98044F4B7E6}" = AMD Media Foundation Decoders
"{64A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java(TM) SE Development Kit 7 Update 3 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{82EE86D9-60B9-1025-9960-97E9B7C7B4B4}" = AMD Drag and Drop Transcoding
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64)
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3336-2788-8051-8215" = Simple Java Youtube Uploader 2.0 RC 1.3
"C-Media Oxygen HD Audio Driver" = ASUS Xonar DS Audio Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"sp6" = Logitech SetPoint 6.32
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0497EAED-70DA-4BBE-BEB3-AF77FD8788EA}" = Adobe Premiere Pro CS5.5
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{14DDF23F-414A-46DB-4762-56569080292C}" = CCC Help Russian
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F6A1825-474F-4124-9016-1168471D847B}" = Google Drive
"{21D6A73A-48E6-2195-C408-2158273A914E}" = Catalyst Control Center Localization All
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2596DB11-997F-FC5B-F5C2-737623D9D8B6}" = Catalyst Control Center
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28904D9A-13A6-ECA2-48D8-21542759D998}" = CCC Help Polish
"{2C8BBDA6-79A7-B2DE-3E5B-287E7F667C67}" = CCC Help Danish
"{2E119961-E99B-C147-9AC3-A93683172DC1}" = CCC Help Swedish
"{2E87F4AB-99BF-421C-AF7B-365A9C08549A}" = F300
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{44ED90A1-453B-5C9A-D9ED-80D8AB0258B8}" = CCC Help Thai
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45E00595-897E-64B6-28F9-5D0927EBA4A5}" = CCC Help Chinese Standard
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{46DE5F4E-BA8B-AC9E-0EED-05B7D93AD215}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{5B04E832-4530-B8FF-F742-8BE25ADD43BD}" = CCC Help German
"{5D58EACA-0317-4CFF-9E13-53CCD525DE32}" = Catalyst Control Center InstallProxy
"{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help
"{5ED93D68-5EAA-9343-9B74-B1E276217264}" = CCC Help Dutch
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D185295-DE89-9C39-18E6-310C148836EB}" = CCC Help Chinese Traditional
"{71A8F958-D272-E262-7C9A-7B8F713EE0C3}" = CCC Help French
"{7513D3F0-55BC-273C-7A53-488394EDBFCC}" = CCC Help Italian
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{79AA9BFA-F962-A1E9-71CE-D0887A92444C}" = CCC Help Portuguese
"{7ACEF1BF-9306-5AD7-5F30-ECE72A81E924}" = CCC Help Finnish
"{7BB5E925-A3DD-48C2-9A82-017AF5982FFE}" = Facebook Messenger 2.1.4590.0
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9C1EC871-05B9-03B7-96F6-9BD5C0D8F41D}" = Catalyst Control Center Graphics Previews Common
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C4129D57-5C83-3BF0-A11A-3798C008C6C7}" = CCC Help Greek
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D0BC4101-6C30-ECFF-F693-63408134F29B}" = CCC Help Czech
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2402DAD-B180-A4A0-261D-4A8933BFBFEE}" = CCC Help Japanese
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA7E8D81-2B14-415B-8FC5-02CE4CF9F839}" = CCC Help Hungarian
"{DB3FBD3C-A061-34C9-0A2B-6CCDD8C96640}" = CCC Help Turkish
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E086E914-2928-48F9-364B-0C715DFF6A45}" = CCC Help Korean
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E8F30BD6-ABAB-C24E-E9A7-BF67EB96152C}" = CCC Help Norwegian
"{E9A5B6CD-7ABB-F295-2E11-F25BC322FF80}" = CCC Help English
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.27)
"{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Aspell German Dictionary_is1" = Aspell German Dictionary-0.50-2
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"AviSynth" = AviSynth 2.5
"Battlelog Web Plugins" = Battlelog Web Plugins
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"DAEMON Tools Lite" = DAEMON Tools Lite
"DebugMode FrameServer" = DebugMode FrameServer
"Diablo III" = Diablo III
"Dxtory2.0_is1" = Dxtory version 2.0.117
"ESN Sonar-0.70.4" = ESN Sonar
"FileZilla Client" = FileZilla Client 3.5.3
"Fraps" = Fraps (remove only)
"GNU Aspell_is1" = GNU Aspell 0.50-3
"HaaliMkx" = Haali Media Splitter
"Jagged Alliance 2" = Jagged Alliance 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"Opera 12.00.1467" = Opera 12.00
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"So Blonde" = So Blonde
"SpeedFan" = SpeedFan (remove only)
"TexMakerX_is1" = TexMakerX 2.1
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client
"Dropbox" = Dropbox
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.07.2012 16:44:13 | Computer Name = Sinan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_265.exe,
Version: 11.3.300.265, Zeitstempel: 0x4febd5ac Name des fehlerhaften Moduls: NPSWF32_11_3_300_265.dll,
Version: 11.3.300.265, Zeitstempel: 0x4febd798 Ausnahmecode: 0xc0000005 Fehleroffset:
0x001d1e33 ID des fehlerhaften Prozesses: 0x1894 Startzeit der fehlerhaften Anwendung:
0x01cd69095759bc33 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
Berichtskennung:
28c2d888-d507-11e1-816b-50e5493056f6
Error - 25.07.2012 07:39:16 | Computer Name = Sinan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_265.exe,
Version: 11.3.300.265, Zeitstempel: 0x4febd5ac Name des fehlerhaften Moduls: NPSWF32_11_3_300_265.dll,
Version: 11.3.300.265, Zeitstempel: 0x4febd798 Ausnahmecode: 0xc0000005 Fehleroffset:
0x001d1e33 ID des fehlerhaften Prozesses: 0x770 Startzeit der fehlerhaften Anwendung:
0x01cd6a522a8658ff Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
Berichtskennung:
5cc657da-d64d-11e1-991b-50e5493056f6
Error - 25.07.2012 19:13:33 | Computer Name = Sinan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_265.exe,
Version: 11.3.300.265, Zeitstempel: 0x4febd5ac Name des fehlerhaften Moduls: NPSWF32_11_3_300_265.dll,
Version: 11.3.300.265, Zeitstempel: 0x4febd798 Ausnahmecode: 0xc0000005 Fehleroffset:
0x001d1e33 ID des fehlerhaften Prozesses: 0x8c0 Startzeit der fehlerhaften Anwendung:
0x01cd6ab0e3c4ed48 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
Berichtskennung:
5a25bf92-d6ae-11e1-991b-50e5493056f6
Error - 26.07.2012 11:52:43 | Computer Name = Sinan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_265.exe,
Version: 11.3.300.265, Zeitstempel: 0x4febd5ac Name des fehlerhaften Moduls: NPSWF32_11_3_300_265.dll,
Version: 11.3.300.265, Zeitstempel: 0x4febd798 Ausnahmecode: 0xc0000005 Fehleroffset:
0x001d1e33 ID des fehlerhaften Prozesses: 0x528 Startzeit der fehlerhaften Anwendung:
0x01cd6b43d11c7d02 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
Berichtskennung:
ef6efe73-d739-11e1-8fe6-50e5493056f6
Error - 28.07.2012 10:24:15 | Computer Name = Sinan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_265.exe,
Version: 11.3.300.265, Zeitstempel: 0x4febd5ac Name des fehlerhaften Moduls: NPSWF32_11_3_300_265.dll,
Version: 11.3.300.265, Zeitstempel: 0x4febd798 Ausnahmecode: 0xc0000005 Fehleroffset:
0x004923d1 ID des fehlerhaften Prozesses: 0x178c Startzeit der fehlerhaften Anwendung:
0x01cd6cc802beb9e3 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
Berichtskennung:
e85fedbe-d8bf-11e1-8819-50e5493056f6
Error - 28.07.2012 15:09:15 | Computer Name = Sinan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_265.exe,
Version: 11.3.300.265, Zeitstempel: 0x4febd5ac Name des fehlerhaften Moduls: NPSWF32_11_3_300_265.dll,
Version: 11.3.300.265, Zeitstempel: 0x4febd798 Ausnahmecode: 0xc0000005 Fehleroffset:
0x001d1e33 ID des fehlerhaften Prozesses: 0x1620 Startzeit der fehlerhaften Anwendung:
0x01cd6cccb03ea9bb Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
Berichtskennung:
b878743e-d8e7-11e1-8819-50e5493056f6
Error - 29.07.2012 16:44:43 | Computer Name = Sinan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ja2.exe, Version: 1.0.0.1, Zeitstempel:
0x37de9b6b Name des fehlerhaften Moduls: DxtoryCore.dll, Version: 2.0.0.117, Zeitstempel:
0x4fd852bb Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003cd79 ID des fehlerhaften Prozesses:
0x198c Startzeit der fehlerhaften Anwendung: 0x01cd6dcaec88b37e Pfad der fehlerhaften
Anwendung: C:\Games\Jagged Alliance 2\ja2.exe Pfad des fehlerhaften Moduls: C:\Program
Files (x86)\Dxtory Software\Dxtory2.0\DxtoryCore.dll Berichtskennung: 390dab4e-d9be-11e1-89d3-50e5493056f6
Error - 30.07.2012 18:37:49 | Computer Name = Sinan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 20.0.1132.57,
Zeitstempel: 0x4ffb8830 Name des fehlerhaften Moduls: chrome.dll, Version: 20.0.1132.57,
Zeitstempel: 0x4ffb87b1 Ausnahmecode: 0x80000003 Fehleroffset: 0x005477e0 ID des fehlerhaften
Prozesses: 0x20c8 Startzeit der fehlerhaften Anwendung: 0x01cd6ea3f1838022 Pfad der
fehlerhaften Anwendung: C:\Users\Sinan\AppData\Local\Google\Chrome\Application\chrome.exe
Pfad
des fehlerhaften Moduls: C:\Users\Sinan\AppData\Local\Google\Chrome\Application\20.0.1132.57\chrome.dll
Berichtskennung:
304fa224-da97-11e1-88ce-50e5493056f6
Error - 30.07.2012 18:48:54 | Computer Name = Sinan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000633722b000
ID
des fehlerhaften Prozesses: 0x1a10 Startzeit der fehlerhaften Anwendung: 0x01cd6ea55c312561
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: bcfeb174-da98-11e1-88ce-50e5493056f6
Error - 30.07.2012 18:51:49 | Computer Name = Sinan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000633722b000
ID
des fehlerhaften Prozesses: 0x1df8 Startzeit der fehlerhaften Anwendung: 0x01cd6ea5ca27f236
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 24fb95e1-da99-11e1-88ce-50e5493056f6
[ System Events ]
Error - 15.05.2012 15:29:18 | Computer Name = Sinan-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 21.05.2012 07:43:09 | Computer Name = Sinan-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 08.06.2012 08:00:27 | Computer Name = Sinan-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 25.06.2012 09:45:23 | Computer Name = Sinan-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 29.06.2012 06:31:14 | Computer Name = Sinan-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?06.?2012 um 12:29:45 unerwartet heruntergefahren.
Error - 02.07.2012 12:49:24 | Computer Name = Sinan-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?02.?07.?2012 um 18:39:30 unerwartet heruntergefahren.
Error - 03.07.2012 12:48:29 | Computer Name = Sinan-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?03.?07.?2012 um 18:46:17 unerwartet heruntergefahren.
Error - 13.07.2012 12:17:42 | Computer Name = Sinan-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 13.07.2012 12:17:42 | Computer Name = Sinan-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 26.07.2012 18:24:51 | Computer Name = Sinan-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?07.?2012 um 00:23:56 unerwartet heruntergefahren.
< End of report >
Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.30.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Sinan :: SINAN-PC [Administrator] 31.07.2012 01:01:20 mbam-log-2012-07-31 (01-01-20).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 191987 Laufzeit: 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|LicenseValidator (Exploit.Drop.COD) -> Daten: C:\Users\Sinan\AppData\Roaming\Dropbox\{B1C8C9FC-B824-4FCF-9959-9B6D84C69847}\LicenseValidator.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Sinan\AppData\Roaming\Dropbox\{B1C8C9FC-B824-4FCF-9959-9B6D84C69847}\LicenseValidator.exe (Exploit.Drop.COD) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.30.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Sinan :: SINAN-PC [Administrator] 31.07.2012 01:17:50 mbam-log-2012-07-31 (01-17-50).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 191522 Laufzeit: 25 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|LicenseValidator (Exploit.Drop.COD) -> Daten: C:\Users\Sinan\AppData\Roaming\Identities\{498E1ACA-1FDE-4458-BE3B-B8A801B0BE6B}\LicenseValidator.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Sinan\AppData\Roaming\Identities\{498E1ACA-1FDE-4458-BE3B-B8A801B0BE6B}\LicenseValidator.exe (Exploit.Drop.COD) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.30.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Sinan :: SINAN-PC [Administrator] 31.07.2012 01:21:10 mbam-log-2012-07-31 (01-21-10).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 191869 Laufzeit: 26 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|UpgradeChecker (Exploit.Drop.COD) -> Daten: C:\Users\Sinan\AppData\Roaming\TeamViewer\{FDE2AA4E-68BD-4B0B-ADBD-A06F41FF7FAD}\UpgradeChecker.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Sinan\AppData\Roaming\TeamViewer\{FDE2AA4E-68BD-4B0B-ADBD-A06F41FF7FAD}\UpgradeChecker.exe (Exploit.Drop.COD) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.30.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Sinan :: SINAN-PC [Administrator] 31.07.2012 01:29:57 mbam-log-2012-07-31 (01-29-57).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 191524 Laufzeit: 26 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Sinan\AppData\Roaming\Google Inc\{8FB79A28-93D1-4A4D-A005-10F02EDFCDF1}\UpgradeChecker.exe (Exploit.Drop.COD) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Vielen Dank im Voraus! Geändert von Sinan (31.07.2012 um 02:05 Uhr) |
|
31.07.2012, 06:42
| #2 |
  | LicenseValidator.exe/UpdateChecker.exe, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 Hi,
__________________schauen wir mal ob OTL es schafft (in den abgesicherten Modus booten F8 beim booten, dann ausführen)... Ist tatsächlich ein Rootkit... Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter C:\Users\Sinan\AppData\Local\Apps\2.0\WJ9XW3JD.Q96\OTJDQ9CX.66J\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin)
Fix für OTL:
 Code:
ATTFilter
:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
[2012.07.31 00:06:04 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012.07.31 00:02:19 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{29faad88-d494-32dc-20cb-b161cbd02f3f}\U\00000001.@
[2012.03.06 13:17:50 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{29faad88-d494-32dc-20cb-b161cbd02f3f}\@
[2012.03.06 13:17:50 | 000,002,048 | -HS- | C] () -- C:\Users\Sinan\AppData\Local\{29faad88-d494-32dc-20cb-b161cbd02f3f}\@
:Commands
[emptytemp]
[Reboot]
MAM im Quickscann ist ja ganz nett, untersucht aber nur ca. 20% der Festplatte, daher updaten und FULLSCAN... Und lass mich raten, die ausgebledete Webadresse in der Hosts-Datei hat was mit Adobe zu tun? chris
__________________ |
|
31.07.2012, 10:36
| #3 |
| | LicenseValidator.exe/UpdateChecker.exe, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 Hallo chris,
__________________vielen Dank, dass du dich meinem Problem annimmst. Hier erstmal das Ergebnis zum Scan der AVMAutoStart.exe Code:
ATTFilter SHA256: 72df22a08b5222b9b6d067e02e62c7515a7da4bf6b7dfe510c25f92dde71a2c9
SHA1: 2a361eea752b3583071e549cf34445259f71f058
MD5: 4f1be38ed53eb04a38b025a7885ee806
File size: 144.0 KB ( 147456 bytes )
File name: AVMAutoStart.exe
File type: Win32 EXE
Detection ratio: 0 / 42
Analysis date: 2012-05-20 13:02:48 UTC ( 2 Monate, 1 Woche ago )
0
0
More details
Antivirus Result Update
AhnLab-V3 - 20120519
AntiVir - 20120518
Antiy-AVL - 20120520
Avast - 20120520
AVG - 20120520
BitDefender - 20120520
ByteHero - 20120515
CAT-QuickHeal - 20120518
ClamAV - 20120520
Commtouch - 20120520
Comodo - 20120519
DrWeb - 20120520
Emsisoft - 20120520
eSafe - 20120516
eTrust-Vet - 20120517
F-Prot - 20120519
F-Secure - 20120520
Fortinet - 20120520
GData - 20120520
Ikarus - 20120520
Jiangmin - 20120520
K7AntiVirus - 20120518
Kaspersky - 20120520
McAfee - 20120520
McAfee-GW-Edition - 20120520
Microsoft - 20120520
NOD32 - 20120520
Norman - 20120520
nProtect - 20120520
Panda - 20120520
PCTools - 20120520
Rising - 20120518
Sophos - 20120520
SUPERAntiSpyware - 20120519
Symantec - 20120520
TheHacker - 20120519
TrendMicro - 20120520
TrendMicro-HouseCall - 20120519
VBA32 - 20120518
VIPRE - 20120520
ViRobot - 20120520
VirusBuster - 20120520
Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Folder move failed. C:\Windows\SysNative\%APPDATA%\Microsoft\Windows\IETldCache scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\%APPDATA%\Microsoft\Windows scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\%APPDATA%\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\%APPDATA% scheduled to be moved on reboot.
C:\Windows\Installer\{29faad88-d494-32dc-20cb-b161cbd02f3f}\U\00000001.@ moved successfully.
File move failed. C:\Windows\Installer\{29faad88-d494-32dc-20cb-b161cbd02f3f}\@ scheduled to be moved on reboot.
C:\Users\Sinan\AppData\Local\{29faad88-d494-32dc-20cb-b161cbd02f3f}\@ moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Sinan
->Temp folder emptied: 1807017360 bytes
->Temporary Internet Files folder emptied: 91899967 bytes
->Java cache emptied: 4013759 bytes
->FireFox cache emptied: 65624467 bytes
->Google Chrome cache emptied: 7147888 bytes
->Opera cache emptied: 240 bytes
->Flash cache emptied: 80043 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 205863083 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 99744823 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 2.176,00 mb
OTL by OldTimer - Version 3.2.55.0 log created on 07312012_111252
Files\Folders moved on Reboot...
C:\Windows\SysNative\%APPDATA%\Microsoft\Windows\IETldCache folder moved successfully.
C:\Windows\SysNative\%APPDATA%\Microsoft\Windows folder moved successfully.
C:\Windows\SysNative\%APPDATA%\Microsoft folder moved successfully.
C:\Windows\SysNative\%APPDATA% folder moved successfully.
File move failed. C:\Windows\Installer\{29faad88-d494-32dc-20cb-b161cbd02f3f}\@ scheduled to be moved on reboot.
C:\Users\Sinan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I1GP93VK\97444194[1].htm moved successfully.
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HFLW1V3L\csp[1].htm not found!
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HFLW1V3L\search_uk_excite_eu[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\805QYFC5\afr[2].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\805QYFC5\afr[3].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\805QYFC5\afr[4].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\805QYFC5\c964caada0868331[1].htm moved successfully.
PendingFileRenameOperations files...
File C:\Windows\SysNative\%APPDATA%\Microsoft\Windows\IETldCache not found!
File C:\Windows\SysNative\%APPDATA%\Microsoft\Windows not found!
File C:\Windows\SysNative\%APPDATA%\Microsoft not found!
File C:\Windows\SysNative\%APPDATA% not found!
[2011.11.17 08:41:18 | 000,002,048 | -HS- | M] () C:\Windows\Installer\{29faad88-d494-32dc-20cb-b161cbd02f3f}\@ : Unable to obtain MD5
File C:\Users\Sinan\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I1GP93VK\97444194[1].htm not found!
File C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HFLW1V3L\csp[1].htm not found!
File C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HFLW1V3L\search_uk_excite_eu[1].htm not found!
File C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\805QYFC5\afr[2].htm not found!
File C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\805QYFC5\afr[3].htm not found!
File C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\805QYFC5\afr[4].htm not found!
File C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\805QYFC5\c964caada0868331[1].htm not found!
Registry entries deleted on Reboot...
Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.31.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Sinan :: SINAN-PC [Administrator] 31.07.2012 11:17:57 mbam-log-2012-07-31 (11-17-57).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 355526 Laufzeit: 17 Minute(n), 37 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Danke erstmal für die obige Anleitung, ich hoffe, die Logs bringen ein wenig Licht ins Dunkel. Grüße, Sinan |
|
31.07.2012, 11:28
| #4 |
| | LicenseValidator.exe/UpdateChecker.exe, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 Hi, da nicht sicher ist ob OTL beim Reboot das Rootkit löschen konnte (sonst hätte es MAM in der Quarantäne von OTL finden müssen): Combofix Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop. Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß! Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. Das Log solltest Du unter C:\ComboFix.txt finden... chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
31.07.2012, 11:48
| #5 |
| | LicenseValidator.exe/UpdateChecker.exe, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 Hallo chris, vielen Dank für deine Antwort. Ich habe ComboFix ausgeführt, der Rechner hat neugestartet. Nach Erstellung des Logs wollte ich Firefox starte, um das Log zu posten. Konnte allerdings kein Programm starten wegen irgendwelcher Registrierungseinstellungen. Nach einem erneuten Reboot laufen nun wieder alle Programme. Der Inhalt von dem Logfile sieht wie folgt aus: Code:
ATTFilter ComboFix 12-07-30.03 - Sinan 31.07.2012 12:38:57.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8175.5888 [GMT 2:00]
ausgeführt von:: c:\users\Sinan\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sinan\AppData\Local\Temp\_MEI24602\_ctypes.pyd
c:\users\Sinan\AppData\Local\Temp\_MEI24602\_elementtree.pyd
c:\users\Sinan\AppData\Local\Temp\_MEI24602\_hashlib.pyd
c:\users\Sinan\AppData\Local\Temp\_MEI24602\_socket.pyd
c:\users\Sinan\AppData\Local\Temp\_MEI24602\_ssl.pyd
c:\users\Sinan\AppData\Local\Temp\_MEI24602\pyexpat.pyd
c:\users\Sinan\AppData\Local\Temp\_MEI24602\pysqlite2._sqlite.pyd
c:\users\Sinan\AppData\Local\Temp\_MEI24602\python26.dll
c:\users\Sinan\AppData\Local\Temp\_MEI24602\pythoncom26.dll
c:\users\Sinan\AppData\Local\Temp\_MEI24602\PyWinTypes26.dll
c:\users\Sinan\AppData\Local\Temp\_MEI24602\select.pyd
c:\users\Sinan\AppData\Local\Temp\_MEI24602\unicodedata.pyd
c:\users\Sinan\AppData\Local\Temp\_MEI24602\win32api.pyd
c:\users\Sinan\AppData\Local\Temp\_MEI24602\win32com.shell.shell.pyd
c:\users\Sinan\AppData\Local\Temp\_MEI24602\win32crypt.pyd
c:\users\Sinan\AppData\Local\Temp\_MEI24602\win32event.pyd
c:\users\Sinan\AppData\Local\Temp\_MEI24602\win32file.pyd
c:\users\Sinan\AppData\Local\Temp\_MEI24602\win32inet.pyd
c:\users\Sinan\AppData\Local\Temp\_MEI24602\win32pdh.pyd
c:\users\Sinan\AppData\Local\Temp\_MEI24602\win32process.pyd
c:\users\Sinan\AppData\Local\Temp\_MEI24602\windows._cacheinvalidation.pyd
c:\users\Sinan\AppData\Local\Temp\_MEI24602\wx._controls_.pyd
c:\users\Sinan\AppData\Local\Temp\_MEI24602\wx._core_.pyd
c:\users\Sinan\AppData\Local\Temp\_MEI24602\wx._gdi_.pyd
c:\users\Sinan\AppData\Local\Temp\_MEI24602\wx._html2.pyd
c:\users\Sinan\AppData\Local\Temp\_MEI24602\wx._misc_.pyd
c:\users\Sinan\AppData\Local\Temp\_MEI24602\wx._windows_.pyd
c:\users\Sinan\AppData\Local\Temp\_MEI24602\wx._wizard.pyd
c:\users\Sinan\AppData\Local\Temp\_MEI24602\wxbase293u_net_vc.dll
c:\users\Sinan\AppData\Local\Temp\_MEI24602\wxbase293u_vc.dll
c:\users\Sinan\AppData\Local\Temp\_MEI24602\wxmsw293u_adv_vc.dll
c:\users\Sinan\AppData\Local\Temp\_MEI24602\wxmsw293u_core_vc.dll
c:\users\Sinan\AppData\Local\Temp\_MEI24602\wxmsw293u_html_vc.dll
c:\users\Sinan\AppData\Local\Temp\_MEI24602\wxmsw293u_webview_vc.dll
c:\users\Sinan\AppData\Roaming\Help\coredb\storage
c:\users\Sinan\AppData\Roaming\mIRC\logs\status.log
c:\windows\Installer\{29faad88-d494-32dc-20cb-b161cbd02f3f}\@
c:\windows\Installer\{29faad88-d494-32dc-20cb-b161cbd02f3f}\U\00000001.@
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-28 bis 2012-07-31 ))))))))))))))))))))))))))))))
.
.
2012-07-31 10:41 . 2012-07-31 10:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-30 23:29 . 2012-07-30 23:29 -------- d-----w- c:\users\Sinan\AppData\Roaming\Google Inc
2012-07-30 23:00 . 2012-07-30 23:00 -------- d-----w- c:\users\Sinan\AppData\Roaming\Malwarebytes
2012-07-30 23:00 . 2012-07-30 23:00 -------- d-----w- c:\programdata\Malwarebytes
2012-07-30 23:00 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-30 21:57 . 2012-07-30 23:20 -------- d-----w- c:\users\Sinan\AppData\Roaming\TeamViewer
2012-07-27 08:03 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AB924125-FD92-42FD-979B-AC0E4B58E463}\mpengine.dll
2012-07-26 14:48 . 2012-07-26 14:48 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-07-26 14:48 . 2012-07-30 22:41 -------- d-----w- c:\users\Sinan\AppData\Roaming\Winamp
2012-07-20 11:11 . 2012-07-20 11:11 -------- d-----w- c:\users\Sinan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-07-19 17:05 . 2012-07-31 09:15 -------- d-s---w- c:\users\Sinan\Google Drive
2012-07-17 16:19 . 2012-07-15 00:02 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-07-17 16:19 . 2012-07-17 16:19 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-07-17 16:19 . 2012-07-17 16:19 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-07-13 16:15 . 2012-07-13 16:27 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-07-11 13:53 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 13:51 . 2012-06-02 12:12 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-07-11 08:27 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-09 21:20 . 2012-07-30 20:52 -------- d-----w- c:\users\Sinan\AppData\Roaming\.minecraft
2012-07-05 18:49 . 2012-07-05 18:49 -------- d-----w- c:\programdata\ATI
2012-07-05 18:46 . 2012-07-05 18:46 -------- d-----w- c:\program files (x86)\AMD AVT
2012-07-05 18:46 . 2012-07-05 18:46 -------- d-----w- c:\program files (x86)\AMD APP
2012-07-05 18:46 . 2012-07-05 18:46 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-07-05 18:46 . 2012-07-05 18:46 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-07-05 18:46 . 2012-07-05 18:46 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-07-05 18:46 . 2012-07-05 18:46 -------- d-----w- c:\program files\ATI Technologies
2012-07-05 11:01 . 2012-07-05 11:01 -------- d-----w- c:\users\Sinan\SimpleJavaYoutubeUploader
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-17 16:21 . 2012-03-05 20:26 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-07-17 16:21 . 2012-03-05 21:16 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-17 16:21 . 2012-03-05 20:26 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-17 16:19 . 2012-03-05 20:26 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-11 13:52 . 2012-03-07 13:43 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll
2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll
2012-06-11 18:02 . 2012-06-11 18:02 71680 ----a-w- c:\windows\system32\frapsv64.dll
2012-06-11 18:02 . 2012-06-11 18:02 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-06-11 17:24 . 2012-06-11 17:24 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-06-11 17:23 . 2012-06-11 17:23 1090560 ----a-w- c:\windows\system32\aticfx64.dll
2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe
2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-06-11 17:16 . 2012-06-11 17:16 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-06-11 17:01 . 2012-06-11 17:01 6914560 ----a-w- c:\windows\system32\atidxx64.dll
2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll
2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-06-11 16:45 . 2012-06-11 16:45 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll
2012-06-11 16:43 . 2012-06-11 16:43 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll
2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-06-11 16:25 . 2012-06-11 16:25 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-06-11 16:25 . 2012-06-11 16:25 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll
2012-06-11 16:24 . 2012-06-11 16:24 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-06-11 11:50 . 2012-06-11 11:50 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-06-11 11:50 . 2012-06-11 11:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-06-11 11:50 . 2012-06-11 11:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-06-11 11:50 . 2012-06-11 11:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-06-11 11:50 . 2012-06-11 11:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-06-11 11:50 . 2012-06-11 11:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll
2012-06-11 11:49 . 2012-06-11 11:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-06-02 22:19 . 2012-06-21 08:18 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 08:18 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 08:18 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 08:18 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 08:18 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 08:18 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 08:18 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 08:18 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 08:18 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2012-03-05 16:46 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-14 12:50 . 2012-03-05 16:14 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-14 12:50 . 2012-03-05 16:14 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-10 14:35 . 2012-05-10 14:35 43520 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-05-10 14:35 . 2012-05-10 14:35 29184 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-05-04 11:06 . 2012-06-13 22:17 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 22:17 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 22:17 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 01:39 . !HASH: COULD NOT OPEN FILE !!!!! . 328704 . . [------] .. c:\windows\system32\services.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Sinan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Sinan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Sinan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dxtory Update Checker 2.0"="c:\program files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe" [2010-10-17 93696]
"AVMUSBFernanschluss"="c:\users\Sinan\AppData\Local\Apps\2.0\WJ9XW3JD.Q96\OTJDQ9CX.66J\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" [2012-04-10 147456]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-07 17425072]
"Facebook Update"="c:\users\Sinan\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-06-20 12163848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-14 348624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"WinampAgent"="c:\tools\Winamp\winampa.exe" [2012-06-28 74752]
.
c:\users\Sinan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Sinan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Facebook Messenger.lnk - c:\users\Sinan\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe [2012-7-26 244656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-3-13 113664]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-30 116648]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-30 116648]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 Uiet_dcs;Uiet_dcs; [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-08 1255736]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-05-14 375760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-14 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-14 465360]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [2012-04-10 116096]
S3 cmudaxp;ASUS Xonar DS Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2011-03-10 2725376]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-27 283200]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-08-17 57088]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-08-17 80384]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2549378726-1747224767-639920088-1000Core.job
- c:\users\Sinan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-14 21:17]
.
2012-07-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2549378726-1747224767-639920088-1000UA.job
- c:\users\Sinan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-14 21:17]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-30 10:03]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-30 10:03]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2549378726-1747224767-639920088-1000Core.job
- c:\users\Sinan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-05 16:21]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2549378726-1747224767-639920088-1000UA.job
- c:\users\Sinan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-05 16:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Sinan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Sinan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Sinan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Sinan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-06-20 17:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-06-20 17:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-06-20 17:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-06-20 17:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Sinan\AppData\Roaming\Mozilla\Firefox\Profiles\pdp3sgpr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-31 12:43:33 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-31 10:43
.
Vor Suchlauf: 7 Verzeichnis(se), 36.277.731.328 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 36.086.726.656 Bytes frei
.
- - End Of File - - C50A638EC848F4919A4EA0704142D101
Grüße, Sinan [edit] Ich habe gerade mal im Ereignislog von Avira Antivir nachgesehen und folgendes bemerkt: Code:
ATTFilter In der Datei 'C:\Windows\System32\services.exe'
wurde ein Virus oder unerwünschtes Programm 'W32/Patched.UA' [virus] gefunden.
Ausgeführte Aktion: Datei löschen
Geändert von Sinan (31.07.2012 um 11:56 Uhr) |
|
31.07.2012, 13:38
| #6 |
| | LicenseValidator.exe/UpdateChecker.exe, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 Hi, wow, das Rootkit wird immer übler... OTL selbst CF konnte nicht an die inifzierte Datei ran (services.exe) (Hintergrund: Das Rootkit infiziert einen Treiber von Windows und versucht die Prüfsumme zu faken, das merkt üblicherweise CF und tauscht dann den Treiber aus. Avira hat den Treiber (hoffentlich) gelöscht (und Windows dann den richtigen "nachinstalliert"). Erstelle und poste noch ein neues OTL-Log, CF meldet einen nicht zuordenbaren Treiber (R3 Uiet_dcs;Uiet_dcs; [x]), mal sehen ob den OTL anzeigt. Dann noch bitte das hier: OSAM Prüft Programme/Treiber die gestartet werden online. Folge den Anweisungen hier http://www.trojaner-board.de/84180-a...n-manager.html zur Erstellung eines Logs und poste das hier in Deinem Thread. chris
__________________ --> LicenseValidator.exe/UpdateChecker.exe, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 |
|
31.07.2012, 13:56
| #7 |
| | LicenseValidator.exe/UpdateChecker.exe, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 Hallo Chris, danke für deine schnelle Antwort. Zuallererst die Anmerkung, dass selbige Meldung mit "W32/Patched.UA" seit dem ersten Mal etwa alle 10 Minuten erneut erscheint. Das OTL-Log Code:
ATTFilter OTL logfile created on: 31.07.2012 14:47:34 - Run 3 OTL by OldTimer - Version 3.2.55.0 Folder = D:\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,18 Gb Available Physical Memory | 77,43% Memory free 15,97 Gb Paging File | 13,90 Gb Available in Paging File | 87,06% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,14 Gb Total Space | 33,62 Gb Free Space | 28,22% Space Free | Partition Type: NTFS Drive D: | 298,09 Gb Total Space | 278,68 Gb Free Space | 93,49% Space Free | Partition Type: NTFS Drive E: | 1863,01 Gb Total Space | 1565,71 Gb Free Space | 84,04% Space Free | Partition Type: NTFS Drive F: | 680,71 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: SINAN-PC | User Name: Sinan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Tools\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) PRC - C:\Users\Sinan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\ASUS Xonar DS Audio\Customapp\AsusAudioCenter.exe (CMedia) PRC - C:\Windows\SysWOW64\HsMgr.exe () ========== Modules (No Company Name) ========== MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI27402\wx._core_.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI27402\wx._controls_.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI27402\windows._cacheinvalidation.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI27402\wx._windows_.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI27402\wx._gdi_.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI27402\wx._misc_.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI27402\_ssl.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI27402\unicodedata.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI27402\pysqlite2._sqlite.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI27402\pythoncom26.dll () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI27402\_hashlib.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI27402\win32com.shell.shell.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI27402\pyexpat.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI27402\wx._wizard.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI27402\win32file.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI27402\pywintypes26.dll () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI27402\win32api.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI27402\_elementtree.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI27402\_ctypes.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI27402\wx._html2.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI27402\_socket.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI27402\win32inet.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI27402\win32process.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI27402\win32pdh.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI27402\win32event.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI27402\win32crypt.pyd () MOD - C:\Users\Sinan\AppData\Local\Temp\_MEI27402\select.pyd () MOD - C:\Users\Sinan\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\Sinan\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll () MOD - C:\Users\Sinan\AppData\Local\Google\Chrome\Application\20.0.1132.57\libglesv2.dll () MOD - C:\Users\Sinan\AppData\Local\Google\Chrome\Application\20.0.1132.57\libegl.dll () MOD - C:\Users\Sinan\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll () MOD - C:\Users\Sinan\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll () MOD - C:\Users\Sinan\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll () MOD - C:\Programme\ASUS Xonar DS Audio\Customapp\VmixP8.dll () MOD - C:\Windows\SysWOW64\HsMgr.exe () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (avmaudio) -- C:\Windows\SysNative\drivers\avmaudio.sys (AVM Berlin) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc) DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (cmudaxp) -- C:\Windows\SysNative\drivers\cmudaxp.sys (C-Media Inc) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 00 F5 10 6B FC CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.youtube.com" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Tools\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sinan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sinan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Sinan\AppData\Local\Facebook\Messenger\2.1.4590.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.04.10 23:46:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 12:48:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.26 16:48:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.04.10 23:46:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 12:48:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.26 16:48:07 | 000,000,000 | ---D | M] [2012.03.06 14:00:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sinan\AppData\Roaming\mozilla\Extensions [2012.05.02 12:59:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sinan\AppData\Roaming\mozilla\Firefox\Profiles\pdp3sgpr.default\extensions [2012.05.04 10:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.05.04 10:15:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.07.18 12:48:25 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.04.27 10:00:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.27 10:00:13 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.27 10:00:13 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.27 10:00:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.27 10:00:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.27 10:00:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.de/ig CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - homepage: hxxp://www.google.de/ig CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Sinan\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sinan\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sinan\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Tools\VLC\npvlc.dll CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Sinan\AppData\Local\Facebook\Messenger\2.0.4478.0\npFbDesktopPlugin.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll CHR - Extension: Brushed = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg\1.0_0\ CHR - Extension: YouTube = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Tampermonkey = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\2.5.29_0\ CHR - Extension: Usability Boost for Google Plus\u2122 = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkcppcocablbakkaboahjmljpodddkcp\1.6_0\ CHR - Extension: FB Photo Zoom = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1206.11.1_0\ CHR - Extension: Vanilla Cookie Manager = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gieohaicffldbmiilohhggbidhephnjj\1.2.0_0\ CHR - Extension: AdBlock = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.38_0\ CHR - Extension: Downloads = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb\1_0\ CHR - Extension: Beautify G+ = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbkpajolelcpmhkbcnmoaafpmfkepohl\0.1.1_0\ CHR - Extension: +1 Button - Plus One Button = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmonhedbcpagbphilnoajiencllnpoii\0.3.0_0\ CHR - Extension: Google Mail-Checker = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\ CHR - Extension: Google Mail = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.03.08 23:21:51 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation) O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe () O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe () O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [WinampAgent] C:\Tools\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\Sinan\AppData\Local\Apps\2.0\WJ9XW3JD.Q96\OTJDQ9CX.66J\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [Dxtory Update Checker 2.0] C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe (Dxtory Software) O4 - HKCU..\Run: [Facebook Update] C:\Users\Sinan\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) O4 - Startup: C:\Users\Sinan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sinan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Sinan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Sinan\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe (Facebook) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50FF9B21-0184-40E3-A709-7E97749BB03D}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2000.12.06 18:02:42 | 000,000,042 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.31 13:26:55 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.07.31 13:26:55 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.07.31 12:42:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.07.31 12:38:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.07.31 12:38:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.07.31 12:38:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.07.31 12:38:10 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.07.31 12:38:09 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.07.31 12:35:02 | 004,721,982 | R--- | C] (Swearware) -- C:\Users\Sinan\Desktop\ComboFix.exe [2012.07.31 01:29:52 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\Google Inc [2012.07.31 01:00:26 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\Malwarebytes [2012.07.31 01:00:20 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.31 01:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.31 00:01:25 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\Help [2012.07.30 23:57:17 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\TeamViewer [2012.07.27 11:24:32 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook [2012.07.26 16:48:07 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in [2012.07.26 16:48:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2012.07.26 16:48:03 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\Winamp [2012.07.26 15:29:59 | 000,000,000 | ---D | C] -- C:\Users\Sinan\Desktop\minecraft [2012.07.20 13:11:59 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.07.19 19:05:11 | 000,000,000 | --SD | C] -- C:\Users\Sinan\Google Drive [2012.07.19 19:03:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive [2012.07.17 18:19:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2012.07.17 18:19:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012.07.13 18:15:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2012.07.13 18:15:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2012.07.11 20:03:50 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse [2012.07.11 20:02:57 | 000,000,000 | ---D | C] -- C:\Users\Sinan\Documents\My Curse [2012.07.11 15:52:01 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.07.11 15:52:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.07.11 15:52:01 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.07.11 15:52:01 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.07.11 15:52:00 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.07.11 15:52:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.07.11 15:52:00 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.07.11 15:52:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.07.11 15:51:59 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.07.11 15:51:59 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.07.11 15:51:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.07.11 15:51:59 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.07.11 15:51:59 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.07.11 10:27:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.07.11 10:27:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012.07.11 10:27:19 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.11 10:27:18 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.07.11 10:27:18 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.07.09 23:20:32 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\.minecraft [2012.07.05 20:49:26 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.07.05 20:46:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2012.07.05 20:46:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.07.05 20:46:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2012.07.05 20:46:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2012.07.05 20:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012.07.05 20:46:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2012.07.05 20:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2012.07.05 13:01:48 | 000,000,000 | ---D | C] -- C:\Users\Sinan\SimpleJavaYoutubeUploader ========== Files - Modified Within 30 Days ========== [2012.07.31 14:36:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2549378726-1747224767-639920088-1000UA.job [2012.07.31 14:22:01 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2549378726-1747224767-639920088-1000UA.job [2012.07.31 14:13:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.31 13:26:55 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.07.31 13:26:55 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.07.31 12:53:50 | 000,017,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.31 12:53:50 | 000,017,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.31 12:50:06 | 001,612,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.31 12:50:06 | 000,698,514 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.31 12:50:06 | 000,652,496 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.31 12:50:06 | 000,148,570 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.31 12:50:06 | 000,121,428 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.31 12:45:42 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.31 12:45:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.31 12:35:07 | 004,721,982 | R--- | M] (Swearware) -- C:\Users\Sinan\Desktop\ComboFix.exe [2012.07.31 02:54:21 | 000,007,624 | ---- | M] () -- C:\Users\Sinan\AppData\Local\Resmon.ResmonCfg [2012.07.31 01:36:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2549378726-1747224767-639920088-1000Core.job [2012.07.31 01:00:20 | 000,000,719 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.30 23:22:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2549378726-1747224767-639920088-1000Core.job [2012.07.30 16:08:55 | 000,381,928 | ---- | M] () -- C:\Users\Sinan\Desktop\items.png [2012.07.29 18:55:00 | 000,000,724 | ---- | M] () -- C:\Users\Sinan\Desktop\World of Warcraft.lnk [2012.07.29 17:26:48 | 000,001,126 | ---- | M] () -- C:\Users\Sinan\Desktop\Minecraft.lnk [2012.07.28 23:07:35 | 000,096,199 | ---- | M] () -- C:\Users\Sinan\Desktop\steamspieleahoi.png [2012.07.27 11:24:32 | 000,001,336 | ---- | M] () -- C:\Users\Sinan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2012.07.26 16:48:07 | 000,000,687 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk [2012.07.22 18:27:25 | 000,000,722 | ---- | M] () -- C:\Users\Public\Desktop\So Blonde.lnk [2012.07.20 15:43:15 | 000,001,556 | ---- | M] () -- C:\Users\Sinan\Desktop\Spiele.lnk [2012.07.18 16:43:48 | 000,001,355 | ---- | M] () -- C:\Users\Sinan\Desktop\Simple Java Youtube Uploader.lnk [2012.07.17 18:21:48 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.07.17 18:21:26 | 000,298,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.07.17 18:21:26 | 000,298,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.07.17 18:19:31 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.07.17 16:28:37 | 000,001,345 | ---- | M] () -- C:\Users\Sinan\Desktop\Vorlagen.lnk [2012.07.15 02:02:56 | 003,130,440 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_blr.exe [2012.07.13 18:15:32 | 000,000,697 | ---- | M] () -- C:\Users\Sinan\Desktop\Steam.lnk [2012.07.11 20:03:50 | 000,000,318 | ---- | M] () -- C:\Users\Sinan\Desktop\Curse Client.appref-ms [2012.07.11 15:54:23 | 004,832,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012.07.31 12:38:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.07.31 12:38:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.07.31 12:38:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.07.31 12:38:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.07.31 12:38:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.07.31 01:00:20 | 000,000,719 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.30 15:50:20 | 000,381,928 | ---- | C] () -- C:\Users\Sinan\Desktop\items.png [2012.07.29 17:26:23 | 000,001,126 | ---- | C] () -- C:\Users\Sinan\Desktop\Minecraft.lnk [2012.07.28 23:05:29 | 000,096,199 | ---- | C] () -- C:\Users\Sinan\Desktop\steamspieleahoi.png [2012.07.26 16:48:07 | 000,000,687 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk [2012.07.22 18:27:25 | 000,000,722 | ---- | C] () -- C:\Users\Public\Desktop\So Blonde.lnk [2012.07.20 15:43:15 | 000,001,556 | ---- | C] () -- C:\Users\Sinan\Desktop\Spiele.lnk [2012.07.17 18:19:23 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe [2012.07.17 16:28:37 | 000,001,345 | ---- | C] () -- C:\Users\Sinan\Desktop\Vorlagen.lnk [2012.07.13 18:15:32 | 000,000,697 | ---- | C] () -- C:\Users\Sinan\Desktop\Steam.lnk [2012.07.11 20:03:50 | 000,000,318 | ---- | C] () -- C:\Users\Sinan\Desktop\Curse Client.appref-ms [2012.07.05 13:01:39 | 000,001,355 | ---- | C] () -- C:\Users\Sinan\Desktop\Simple Java Youtube Uploader.lnk [2012.05.10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.04.18 11:18:37 | 000,007,624 | ---- | C] () -- C:\Users\Sinan\AppData\Local\Resmon.ResmonCfg [2012.04.10 23:44:28 | 000,245,592 | ---- | C] () -- C:\Windows\hpoins19.dat [2012.04.10 23:44:28 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat [2012.03.08 14:33:22 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe [2012.03.08 14:33:22 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll [2012.03.08 14:33:22 | 000,001,990 | ---- | C] () -- C:\Windows\unins000.dat [2012.03.07 15:42:40 | 001,593,186 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.05 22:26:55 | 000,298,016 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.03.05 22:26:55 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.03.05 19:21:55 | 000,000,079 | ---- | C] () -- C:\Users\Sinan\AppData\Local\CrystalDiskMark30.ini [2012.03.05 18:57:47 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe [2012.03.05 18:57:47 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll [2012.03.05 18:57:47 | 000,042,457 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl [2012.03.05 18:57:47 | 000,000,048 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini [2012.03.05 18:57:45 | 000,000,892 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi [2012.03.05 18:57:43 | 000,004,969 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg [2012.03.05 18:57:43 | 000,000,516 | ---- | C] () -- C:\Windows\cmudaxp.ini [2012.03.05 17:49:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.03.22 01:23:54 | 000,007,250 | ---- | C] () -- C:\Windows\SysWow64\dfscacm.dll [2011.03.22 01:23:52 | 000,006,223 | ---- | C] () -- C:\Windows\SysWow64\dfsc.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 1061 bytes -> C:\Users\Sinan\AppData\Local\Temp:XZiEAUssdNqAq02mkh9H5N < End of report > Code:
ATTFilter Fehler 101 (net::ERR_CONNECTION_RESET): Verbindung wurde zurückgesetzt.
Grüße, Sinan [edit] Nun hat der Download von OSAM funktioniert. Log reiche ich sofort nach. So bitteschön, der Inhalt der Logfiles von OSAM: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 15:02:42 on 31.07.2012 OS: Windows 7 Service Pack 1 (Build 7601), 64-bit Default Browser: Google Inc. Google Chrome 20.0.1132.57 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "FacebookUpdateTaskUserS-1-5-21-2549378726-1747224767-639920088-1000Core.job" - "Facebook Inc." - C:\Users\Sinan\AppData\Local\Facebook\Update\FacebookUpdate.exe "FacebookUpdateTaskUserS-1-5-21-2549378726-1747224767-639920088-1000UA.job" - "Facebook Inc." - C:\Users\Sinan\AppData\Local\Facebook\Update\FacebookUpdate.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-2549378726-1747224767-639920088-1000Core.job" - "Google Inc." - C:\Users\Sinan\AppData\Local\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-2549378726-1747224767-639920088-1000UA.job" - "Google Inc." - C:\Users\Sinan\AppData\Local\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "CmiCnfgp.cpl" - ? - C:\Windows\system32\CmiCnfgp.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "asrez757" (asrez757) - "Advanced Micro Devices" - C:\Windows\system32\drivers\asrez757.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "speedfan" (speedfan) - "Almico Software" - C:\Windows\SysWOW64\speedfan.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) ITBar7Height64 "ITBar7Height64" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout64" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll {0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Sinan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Dropbox.lnk" - "Dropbox, Inc." - C:\Users\Sinan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Shortcut exists | File exists) "Facebook Messenger.lnk" - "Facebook" - C:\Users\Sinan\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe (Shortcut exists | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Adobe Gamma Loader.lnk" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "AVMUSBFernanschluss" - "AVM Berlin" - "C:\Users\Sinan\AppData\Local\Apps\2.0\WJ9XW3JD.Q96\OTJDQ9CX.66J\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun "Dxtory Update Checker 2.0" - "Dxtory Software" - C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe "Facebook Update" - "Facebook Inc." - "C:\Users\Sinan\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver "GoogleDriveSync" - "Google" - "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart "Skype" - "Skype Technologies S.A." - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "AdobeCS5.5ServiceManager" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "SwitchBoard" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe "WinampAgent" - "Nullsoft, Inc." - C:\Tools\Winamp\winampa.exe [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "Adobe LM Service" (Adobe LM Service) - ? - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe "Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe "Avira Email Schutz" (AntiVirMailService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll "HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll "Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File not found) "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe "SwitchBoard" (SwitchBoard) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe "Uiet_dcs" (Uiet_dcs) - ? - C:\Windows\system32\drivers\Uiet_dcs.sys (File not found) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [edit2] Die Meldung mit der services.exe kommt nun etwa jede Minute. Ich bin kurz davor, alles plattzumachen.. Fühle mich in dem System nicht mehr sicher. Geändert von Sinan (31.07.2012 um 14:39 Uhr) |
|
31.07.2012, 15:04
| #8 |
| | LicenseValidator.exe/UpdateChecker.exe, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 Hi, OSAM hat ein weiteres File mit Rootkitaktivitäten gefunden... aber so leicht geben wir uns nicht geschlagen... ;o) Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter C:\Windows\system32\drivers\asrez757.sys
Wenn das File erkannt wird, wie folgt vorgehen (sonst lass [Drivers] und das File weg, den anderen Eintrag unter Services auf jeden Fall killen lassen): Fix für OSAM:
Code:
ATTFilter [Drivers]
"asrez757" (asrez757) - "Advanced Micro Devices" - C:\Windows\system32\drivers\asrez757.sys (Hidden registry entry, rootkit activity | File signed by Microsoft)
[Services]
"Uiet_dcs" (Uiet_dcs) - ? - C:\Windows\system32\drivers\Uiet_dcs.sys (File not found)
 So, einen haben wir noch (eigentlich zwei) Hitmann und wenn der nicht rankommt, von außen (per Boot-CD) scannen: Hitman Lade Dir die passende Version von Hitman runter (32/64Bit), laufen lassen und Log posten. ACHTUNG: Firewall muss für Hitman geöffnet sein (Zugriff unbedingt erlauben!) Downloads - SurfRight Für die Beseitigung kann eine temp. Lizenz (30 Tage) georderter werden (gibt dazu einen Reiter ;o)... . Nach den 30 Tagen deinstallieren, dann entfernt er nichts mehr (außer Ihr erwerbt eine Lizenz)... Kaspersky-Rettungsdisk erstellen Folge den Anweisungen hier und erstelle ein Boot-CD wie folgt: http://www.trojaner-board.de/83997-k...scue-disk.html. Stelle nun die Bootreihenfolge im BIOS um (auf CD/DVD an erster Stelle). Folge den Anweisungen hier: Bootreihenfolge ändern: Startreihenfolge im BIOS ändern CD einlegen und von CD booten, folgender Anleitung folgen (ggf. vorher ausdrucken): http://www.trojaner-board.de/106845-...sunlocker.html Die ist zwar gemünzt auf den Unlocker, Kaspersky sollte aber trotzdem was finden... Nach dem Scannen und der Beseitigung ev. vorhandener Malware, bitte neu booten (CD entnehmen!) und das Log hier im Thread posten (http://www.trojaner-board.de/106845-...tml#post741482) chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
31.07.2012, 15:29
| #9 |
| | LicenseValidator.exe/UpdateChecker.exe, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 Hallo Chris, die asrez757.sys existiert scheinbar nicht mehr. Weder über das Dialogfeld auf VirusTotal auffindbar noch manuell über den Explorer.  OSAM-Settings habe ich aufgerufen, allerdings sagt er mir bei einem Klick auf "Disable objects using the driver", dass das auf 64-bit Systemen nicht verfügbar ist. Hitman habe ich erstmal nicht heruntergeladen, da ich denke, dass die Schritte davor für dessen Erfolg obligatorisch sind. Grüße, Sinan |
|
01.08.2012, 07:13
| #10 |
| | LicenseValidator.exe/UpdateChecker.exe, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 Hi, lass mal Hitmann von der Leine, der ist eigentlich recht gut... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
01.08.2012, 07:50
| #11 |
| | LicenseValidator.exe/UpdateChecker.exe, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 Hallo chris, Hitman habe ich gestartet, die Testlizenz erworben und einen Scan gemacht. Wie erwartet hat er die services.exe beanstandet und wollte sie bei einem Reboot löschen/ersetzen. Gesagt, getan.. Leider habe ich vor lauter Verplantheit dieses Mal vergessen, ein Log zu speichern. Habe Hitman noch einmal durchlaufen lassen, außer einem Tracking-Cookie von Doubleclick und drei Files von Punkbuster hat er nichts mehr gefunden. Kann ich mir nun sicher sein, dass das System sauber ist? Wollte heute Nachmittag nach der Prüfung sogar das System neu aufsetzen. Gibt es Schritte, die wir jetzt noch erledigen können, um uns ganz sicher zu sein? Auf alle Fälle soweit schon mal vielen vielen Dank für deine Hilfe!  Würde mich über einen Spendenlink freuen, wenn du so etwas hast.Grüße, Sinan [edit] Auch Avira meldet im Ereignislog nichts mehr. [edit2] Der PC versucht übrigens immer noch, eine Software von AVM zu installieren. Ist wohl aber auch verständlich, da Registrierungsschlüssel bzw. alle anderen Dateien von der ursprünglichen Software noch vorhanden sein dürften (außer der .exe, die infiziert wurde). Sollte da eine einfache Deinstallation über die Systemsteuerung ausreichen? |
|
01.08.2012, 08:24
| #12 |
| | LicenseValidator.exe/UpdateChecker.exe, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 Hi, erstelle und poste nochmal ein neues OTL-Log, ich schau nochmal durch... Das war jetzt eine ziemlich schwere Geburt... der Rootkit wird immer übler zu entfernen... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
01.08.2012, 08:37
| #13 |
| | LicenseValidator.exe/UpdateChecker.exe, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 Hallo chris, hier das gewünschte OTL-Fullscan-Log Code:
ATTFilter OTL logfile created on: 01.08.2012 09:33:17 - Run 4 OTL by OldTimer - Version 3.2.55.0 Folder = D:\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 5,91 Gb Available Physical Memory | 74,07% Memory free 15,97 Gb Paging File | 13,57 Gb Available in Paging File | 84,97% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,14 Gb Total Space | 33,35 Gb Free Space | 27,99% Space Free | Partition Type: NTFS Drive D: | 298,09 Gb Total Space | 293,64 Gb Free Space | 98,51% Space Free | Partition Type: NTFS Drive E: | 1863,01 Gb Total Space | 1759,37 Gb Free Space | 94,44% Space Free | Partition Type: NTFS Computer Name: SINAN-PC | User Name: Sinan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe (Adobe Systems, Inc.) PRC - D:\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Tools\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Users\Sinan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\ASUS Xonar DS Audio\Customapp\AsusAudioCenter.exe (CMedia) PRC - C:\Windows\SysWOW64\HsMgr.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Users\Sinan\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\Sinan\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll () MOD - C:\Users\Sinan\AppData\Local\Google\Chrome\Application\20.0.1132.57\libglesv2.dll () MOD - C:\Users\Sinan\AppData\Local\Google\Chrome\Application\20.0.1132.57\libegl.dll () MOD - C:\Users\Sinan\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll () MOD - C:\Users\Sinan\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll () MOD - C:\Users\Sinan\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll () MOD - C:\Programme\ASUS Xonar DS Audio\Customapp\VmixP8.dll () MOD - C:\Windows\SysWOW64\HsMgr.exe () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (avmaudio) -- C:\Windows\SysNative\drivers\avmaudio.sys (AVM Berlin) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc) DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (cmudaxp) -- C:\Windows\SysNative\drivers\cmudaxp.sys (C-Media Inc) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 00 F5 10 6B FC CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.youtube.com" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Tools\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sinan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sinan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Sinan\AppData\Local\Facebook\Messenger\2.1.4590.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.04.10 23:46:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 12:48:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.26 16:48:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.04.10 23:46:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 12:48:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.26 16:48:07 | 000,000,000 | ---D | M] [2012.03.06 14:00:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sinan\AppData\Roaming\mozilla\Extensions [2012.05.02 12:59:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sinan\AppData\Roaming\mozilla\Firefox\Profiles\pdp3sgpr.default\extensions [2012.05.04 10:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.05.04 10:15:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.07.18 12:48:25 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.04.27 10:00:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.27 10:00:13 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.27 10:00:13 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.27 10:00:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.27 10:00:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.27 10:00:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.de/ig CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - homepage: hxxp://www.google.de/ig CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Sinan\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sinan\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sinan\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Tools\VLC\npvlc.dll CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Sinan\AppData\Local\Facebook\Messenger\2.0.4478.0\npFbDesktopPlugin.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll CHR - Extension: Brushed = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg\1.0_0\ CHR - Extension: YouTube = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Tampermonkey = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\2.5.29_0\ CHR - Extension: Usability Boost for Google Plus\u2122 = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkcppcocablbakkaboahjmljpodddkcp\1.6_0\ CHR - Extension: FB Photo Zoom = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1206.11.1_0\ CHR - Extension: Vanilla Cookie Manager = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gieohaicffldbmiilohhggbidhephnjj\1.2.0_0\ CHR - Extension: AdBlock = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.38_0\ CHR - Extension: Downloads = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb\1_0\ CHR - Extension: Beautify G+ = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbkpajolelcpmhkbcnmoaafpmfkepohl\0.1.1_0\ CHR - Extension: +1 Button - Plus One Button = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmonhedbcpagbphilnoajiencllnpoii\0.3.0_0\ CHR - Extension: Google Mail-Checker = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\ CHR - Extension: Google Mail = C:\Users\Sinan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.03.08 23:21:51 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation) O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe () O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe () O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [WinampAgent] C:\Tools\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\Sinan\AppData\Local\Apps\2.0\WJ9XW3JD.Q96\OTJDQ9CX.66J\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [Dxtory Update Checker 2.0] C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe (Dxtory Software) O4 - HKCU..\Run: [Facebook Update] C:\Users\Sinan\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart File not found O4 - Startup: C:\Users\Sinan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sinan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Sinan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Sinan\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe (Facebook) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50FF9B21-0184-40E3-A709-7E97749BB03D}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.01 08:36:59 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2012.07.31 13:26:55 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.07.31 13:26:55 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.07.31 12:42:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.07.31 12:38:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.07.31 12:38:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.07.31 12:38:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.07.31 12:38:10 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.07.31 12:38:09 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.07.31 12:35:02 | 004,721,982 | R--- | C] (Swearware) -- C:\Users\Sinan\Desktop\ComboFix.exe [2012.07.31 01:29:52 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\Google Inc [2012.07.31 01:00:26 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\Malwarebytes [2012.07.31 01:00:20 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.31 01:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.31 00:01:25 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\Help [2012.07.30 23:57:17 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\TeamViewer [2012.07.27 11:24:32 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook [2012.07.26 16:48:07 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in [2012.07.26 16:48:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2012.07.26 16:48:03 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\Winamp [2012.07.26 15:29:59 | 000,000,000 | ---D | C] -- C:\Users\Sinan\Desktop\minecraft [2012.07.20 13:11:59 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.07.19 19:05:11 | 000,000,000 | --SD | C] -- C:\Users\Sinan\Google Drive [2012.07.17 18:19:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2012.07.17 18:19:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012.07.13 18:15:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2012.07.13 18:15:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2012.07.11 20:03:50 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse [2012.07.11 20:02:57 | 000,000,000 | ---D | C] -- C:\Users\Sinan\Documents\My Curse [2012.07.11 15:52:01 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.07.11 15:52:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.07.11 15:52:01 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.07.11 15:52:01 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.07.11 15:52:00 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.07.11 15:52:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.07.11 15:52:00 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.07.11 15:52:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.07.11 15:51:59 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.07.11 15:51:59 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.07.11 15:51:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.07.11 15:51:59 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.07.11 15:51:59 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.07.11 10:27:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.07.11 10:27:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012.07.11 10:27:19 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.11 10:27:18 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.07.11 10:27:18 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.07.09 23:20:32 | 000,000,000 | ---D | C] -- C:\Users\Sinan\AppData\Roaming\.minecraft [2012.07.05 20:49:26 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.07.05 20:46:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2012.07.05 20:46:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.07.05 20:46:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2012.07.05 20:46:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2012.07.05 20:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012.07.05 20:46:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2012.07.05 20:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2012.07.05 13:01:48 | 000,000,000 | ---D | C] -- C:\Users\Sinan\SimpleJavaYoutubeUploader ========== Files - Modified Within 30 Days ========== [2012.08.01 09:13:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.01 08:49:50 | 000,017,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.01 08:49:50 | 000,017,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.01 08:47:15 | 001,612,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.01 08:47:15 | 000,698,514 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.01 08:47:15 | 000,652,496 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.01 08:47:15 | 000,148,570 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.01 08:47:15 | 000,121,428 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.01 08:42:44 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.01 08:42:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.01 08:39:07 | 000,000,958 | ---- | M] () -- C:\Windows\SysNative\.crusader [2012.08.01 08:36:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2549378726-1747224767-639920088-1000UA.job [2012.07.31 20:22:01 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2549378726-1747224767-639920088-1000UA.job [2012.07.31 13:26:55 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.07.31 13:26:55 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.07.31 12:35:07 | 004,721,982 | R--- | M] (Swearware) -- C:\Users\Sinan\Desktop\ComboFix.exe [2012.07.31 02:54:21 | 000,007,624 | ---- | M] () -- C:\Users\Sinan\AppData\Local\Resmon.ResmonCfg [2012.07.31 01:36:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2549378726-1747224767-639920088-1000Core.job [2012.07.31 01:00:20 | 000,000,719 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.30 23:22:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2549378726-1747224767-639920088-1000Core.job [2012.07.30 16:08:55 | 000,381,928 | ---- | M] () -- C:\Users\Sinan\Desktop\items.png [2012.07.29 18:55:00 | 000,000,724 | ---- | M] () -- C:\Users\Sinan\Desktop\World of Warcraft.lnk [2012.07.29 17:26:48 | 000,001,126 | ---- | M] () -- C:\Users\Sinan\Desktop\Minecraft.lnk [2012.07.28 23:07:35 | 000,096,199 | ---- | M] () -- C:\Users\Sinan\Desktop\steamspieleahoi.png [2012.07.27 11:24:32 | 000,001,336 | ---- | M] () -- C:\Users\Sinan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2012.07.26 16:48:07 | 000,000,687 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk [2012.07.22 18:27:25 | 000,000,722 | ---- | M] () -- C:\Users\Public\Desktop\So Blonde.lnk [2012.07.20 15:43:15 | 000,001,556 | ---- | M] () -- C:\Users\Sinan\Desktop\Spiele.lnk [2012.07.18 16:43:48 | 000,001,355 | ---- | M] () -- C:\Users\Sinan\Desktop\Simple Java Youtube Uploader.lnk [2012.07.17 18:21:48 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.07.17 18:21:26 | 000,298,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.07.17 18:21:26 | 000,298,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.07.17 18:19:31 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.07.17 16:28:37 | 000,001,345 | ---- | M] () -- C:\Users\Sinan\Desktop\Vorlagen.lnk [2012.07.15 02:02:56 | 003,130,440 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_blr.exe [2012.07.13 18:15:32 | 000,000,697 | ---- | M] () -- C:\Users\Sinan\Desktop\Steam.lnk [2012.07.11 15:54:23 | 004,832,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012.08.01 08:39:07 | 000,000,958 | ---- | C] () -- C:\Windows\SysNative\.crusader [2012.07.31 12:38:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.07.31 12:38:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.07.31 12:38:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.07.31 12:38:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.07.31 12:38:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.07.31 01:00:20 | 000,000,719 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.30 15:50:20 | 000,381,928 | ---- | C] () -- C:\Users\Sinan\Desktop\items.png [2012.07.29 17:26:23 | 000,001,126 | ---- | C] () -- C:\Users\Sinan\Desktop\Minecraft.lnk [2012.07.28 23:05:29 | 000,096,199 | ---- | C] () -- C:\Users\Sinan\Desktop\steamspieleahoi.png [2012.07.26 16:48:07 | 000,000,687 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk [2012.07.22 18:27:25 | 000,000,722 | ---- | C] () -- C:\Users\Public\Desktop\So Blonde.lnk [2012.07.20 15:43:15 | 000,001,556 | ---- | C] () -- C:\Users\Sinan\Desktop\Spiele.lnk [2012.07.17 18:19:23 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe [2012.07.17 16:28:37 | 000,001,345 | ---- | C] () -- C:\Users\Sinan\Desktop\Vorlagen.lnk [2012.07.13 18:15:32 | 000,000,697 | ---- | C] () -- C:\Users\Sinan\Desktop\Steam.lnk [2012.07.05 13:01:39 | 000,001,355 | ---- | C] () -- C:\Users\Sinan\Desktop\Simple Java Youtube Uploader.lnk [2012.05.10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.04.18 11:18:37 | 000,007,624 | ---- | C] () -- C:\Users\Sinan\AppData\Local\Resmon.ResmonCfg [2012.04.10 23:44:28 | 000,245,592 | ---- | C] () -- C:\Windows\hpoins19.dat [2012.04.10 23:44:28 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat [2012.03.08 14:33:22 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe [2012.03.08 14:33:22 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll [2012.03.08 14:33:22 | 000,001,990 | ---- | C] () -- C:\Windows\unins000.dat [2012.03.07 15:42:40 | 001,593,186 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.05 22:26:55 | 000,298,016 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.03.05 22:26:55 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.03.05 19:21:55 | 000,000,079 | ---- | C] () -- C:\Users\Sinan\AppData\Local\CrystalDiskMark30.ini [2012.03.05 18:57:47 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe [2012.03.05 18:57:47 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll [2012.03.05 18:57:47 | 000,042,457 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl [2012.03.05 18:57:47 | 000,000,048 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini [2012.03.05 18:57:45 | 000,000,892 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi [2012.03.05 18:57:43 | 000,004,969 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg [2012.03.05 18:57:43 | 000,000,516 | ---- | C] () -- C:\Windows\cmudaxp.ini [2012.03.05 17:49:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.03.22 01:23:54 | 000,007,250 | ---- | C] () -- C:\Windows\SysWow64\dfscacm.dll [2011.03.22 01:23:52 | 000,006,223 | ---- | C] () -- C:\Windows\SysWow64\dfsc.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 1061 bytes -> C:\Users\Sinan\AppData\Local\Temp:XZiEAUssdNqAq02mkh9H5N < End of report > |
|
01.08.2012, 13:42
| #14 |
| | LicenseValidator.exe/UpdateChecker.exe, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 Hi, sieht gut aus... Ich will mal schauen, ob es sich lohnt die Viecher zu uns hochzuladen: Scan mit SystemLook Lade SystemLook von einem der folgenden Links und speichere das Tool auf dem Desktop. 32Bit 64Bit
Code:
ATTFilter
:dir
c:\_otl /s
C:\Qoobox\Quarantine /s
Ansonsten sieht es gut, wir bereinigen noch ein paar Tools (später, ach einem ev. erfolgten Upload)... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
01.08.2012, 13:46
| #15 |
| | LicenseValidator.exe/UpdateChecker.exe, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 Hallo chris, hier der Inhalt vom Logfile von SystemLook: Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 14:45 on 01/08/2012 by Sinan
Administrator - Elevation successful
========== dir ==========
c:\_otl - Unable to find folder.
C:\Qoobox\Quarantine - Parameters: "/s"
---Files---
catchme.log --a---- 51 bytes [10:38 31/07/2012] [10:38 31/07/2012]
C:\Qoobox\Quarantine\C d------ [10:38 31/07/2012]
C:\Qoobox\Quarantine\C\Users d------ [10:40 31/07/2012]
C:\Qoobox\Quarantine\C\Users\Sinan d------ [10:40 31/07/2012]
C:\Qoobox\Quarantine\C\Users\Sinan\AppData d------ [10:40 31/07/2012]
C:\Qoobox\Quarantine\C\Users\Sinan\AppData\Local d------ [10:40 31/07/2012]
C:\Qoobox\Quarantine\C\Users\Sinan\AppData\Local\Temp d------ [10:40 31/07/2012]
C:\Qoobox\Quarantine\C\Users\Sinan\AppData\Local\Temp\_MEI24602 d------ [10:40 31/07/2012]
pyexpat.pyd.vir --a---- 153088 bytes [09:15 31/07/2012] [09:15 31/07/2012]
pysqlite2._sqlite.pyd.vir --a---- 571392 bytes [09:15 31/07/2012] [09:15 31/07/2012]
python26.dll.vir --a---- 2149888 bytes [09:15 31/07/2012] [09:15 31/07/2012]
pythoncom26.dll.vir --a---- 354304 bytes [09:15 31/07/2012] [09:15 31/07/2012]
PyWinTypes26.dll.vir --a---- 110592 bytes [09:15 31/07/2012] [09:15 31/07/2012]
select.pyd.vir --a---- 11776 bytes [09:15 31/07/2012] [09:15 31/07/2012]
unicodedata.pyd.vir --a---- 585728 bytes [09:15 31/07/2012] [09:15 31/07/2012]
win32api.pyd.vir --a---- 96256 bytes [09:15 31/07/2012] [09:15 31/07/2012]
win32com.shell.shell.pyd.vir --a---- 263168 bytes [09:15 31/07/2012] [09:15 31/07/2012]
win32crypt.pyd.vir --a---- 11776 bytes [09:15 31/07/2012] [09:15 31/07/2012]
win32event.pyd.vir --a---- 17920 bytes [09:15 31/07/2012] [09:15 31/07/2012]
win32file.pyd.vir --a---- 111104 bytes [09:15 31/07/2012] [09:15 31/07/2012]
win32inet.pyd.vir --a---- 39424 bytes [09:15 31/07/2012] [09:15 31/07/2012]
win32pdh.pyd.vir --a---- 22528 bytes [09:15 31/07/2012] [09:15 31/07/2012]
win32process.pyd.vir --a---- 36352 bytes [09:15 31/07/2012] [09:15 31/07/2012]
windows._cacheinvalidation.pyd.vir --a---- 1018368 bytes [09:15 31/07/2012] [09:15 31/07/2012]
wx._controls_.pyd.vir --a---- 1056256 bytes [09:15 31/07/2012] [09:15 31/07/2012]
wx._core_.pyd.vir --a---- 1169408 bytes [09:15 31/07/2012] [09:15 31/07/2012]
wx._gdi_.pyd.vir --a---- 792576 bytes [09:15 31/07/2012] [09:15 31/07/2012]
wx._html2.pyd.vir --a---- 70656 bytes [09:15 31/07/2012] [09:15 31/07/2012]
wx._misc_.pyd.vir --a---- 731136 bytes [09:15 31/07/2012] [09:15 31/07/2012]
wx._windows_.pyd.vir --a---- 807424 bytes [09:15 31/07/2012] [09:15 31/07/2012]
wx._wizard.pyd.vir --a---- 121856 bytes [09:15 31/07/2012] [09:15 31/07/2012]
wxbase293u_net_vc.dll.vir --a---- 152576 bytes [09:15 31/07/2012] [09:15 31/07/2012]
wxbase293u_vc.dll.vir --a---- 1972224 bytes [09:15 31/07/2012] [09:15 31/07/2012]
wxmsw293u_adv_vc.dll.vir --a---- 1214976 bytes [09:15 31/07/2012] [09:15 31/07/2012]
wxmsw293u_core_vc.dll.vir --a---- 4555264 bytes [09:15 31/07/2012] [09:15 31/07/2012]
wxmsw293u_html_vc.dll.vir --a---- 593408 bytes [09:15 31/07/2012] [09:15 31/07/2012]
wxmsw293u_webview_vc.dll.vir --a---- 81920 bytes [09:15 31/07/2012] [09:15 31/07/2012]
_ctypes.pyd.vir --a---- 73728 bytes [09:15 31/07/2012] [09:15 31/07/2012]
_elementtree.pyd.vir --a---- 86016 bytes [09:15 31/07/2012] [09:15 31/07/2012]
_hashlib.pyd.vir --a---- 311808 bytes [09:15 31/07/2012] [09:15 31/07/2012]
_socket.pyd.vir --a---- 40448 bytes [09:15 31/07/2012] [09:15 31/07/2012]
_ssl.pyd.vir --a---- 645120 bytes [09:15 31/07/2012] [09:15 31/07/2012]
C:\Qoobox\Quarantine\C\Users\Sinan\AppData\Roaming d------ [10:41 31/07/2012]
C:\Qoobox\Quarantine\C\Users\Sinan\AppData\Roaming\Help d------ [10:41 31/07/2012]
C:\Qoobox\Quarantine\C\Users\Sinan\AppData\Roaming\Help\coredb d------ [10:41 31/07/2012]
storage.vir --a---- 7496 bytes [22:01 30/07/2012] [00:05 31/07/2012]
C:\Qoobox\Quarantine\C\Users\Sinan\AppData\Roaming\mIRC d------ [10:41 31/07/2012]
C:\Qoobox\Quarantine\C\Users\Sinan\AppData\Roaming\mIRC\logs d------ [10:41 31/07/2012]
status.log.vir --a---- 1191 bytes [16:24 20/06/2012] [18:51 20/06/2012]
C:\Qoobox\Quarantine\C\Windows d------ [10:38 31/07/2012]
C:\Qoobox\Quarantine\C\Windows\Installer d------ [10:38 31/07/2012]
C:\Qoobox\Quarantine\C\Windows\Installer\{29faad88-d494-32dc-20cb-b161cbd02f3f} d------ [10:38 31/07/2012]
@.vir --a---- 2048 bytes [11:17 06/03/2012] [06:41 17/11/2011]
C:\Qoobox\Quarantine\C\Windows\Installer\{29faad88-d494-32dc-20cb-b161cbd02f3f}\U d------ [10:38 31/07/2012]
00000001.@.vir --a---- 1712 bytes [09:15 31/07/2012] [09:15 31/07/2012]
C:\Qoobox\Quarantine\C\Windows\SysWOW64 d------ [10:41 31/07/2012]
DEBUG.log.vir --a---- 0 bytes [09:17 18/05/2012] [09:17 18/05/2012]
C:\Qoobox\Quarantine\Registry_backups d------ [10:38 31/07/2012]
AddRemove-Battlelog Web Plugins.reg.dat --a---- 1164 bytes [10:43 31/07/2012] [10:43 31/07/2012]
AddRemove-PunkBusterSvc.reg.dat --a---- 2966 bytes [10:43 31/07/2012] [10:43 31/07/2012]
tcpip.reg --a---- 4241 bytes [10:40 31/07/2012] [10:40 31/07/2012]
-= EOF =-
|
|
| Themen zu LicenseValidator.exe/UpdateChecker.exe, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 |
| adblock, antivir, avira, avira antivir, c:\windows, dateien, erweiterungen, exploit.drop.cod, fb photo zoom, firefox, forum, google, install.exe, langs, launch, löschen, mbam, musik, neues, neustart, nichts, officejet, ordner, plug-in, starten, taskmanager, tr/atraps.gen, tr/atraps.gen und tr/atraps.gen2, unbekannte, update, upload, version, verursacht, windows |
Linear-Darstellung
