Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini)

Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini)


Log-Analyse und Auswertung: Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 20.08.2012, 19:42   #1
sukai
 
Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini) - Ausrufezeichen

Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini)


Hallo erstmal.

Also zu meinen Problem; es ist so ich habe heute in der früh in Facebook von einer Freundin eine Nachricht mit einen Bildschirmschoner als Anhang bekommen und alles ich ihn dann aufmachen wollte hat er nicht funktioniert und ich habe mir nichts weiter dabei gedacht und habe ihn gelöscht. Als ich dann den Laptop wenige Stunden später wieder eingeschalten habe hat mir McAfee gesagt, das ich einen Trojaner auf dem PC habe und wenn ich einen Neu-Start mache, das das Problem dann behoben sei, war es aber nicht weil die Meldung immer wieder gekommen ist. Ich habe ungefähr 5 Mal einen Neu-Start gemacht, aber ohne eine Veränderung. Ich habe dann ein wenig gegoogelt, und habe dann gelesen, das es verschiedene Trojaner Remover gibt, also habe ich da zwei ausprobiert ohne Erfolg, und zwar einer hieß Trojan Remover und der andere war McAfee-Stinger und beide waren auf einen Stand vom 17.08.12. Bei beiden hieß es bei Funde: Master Boot Records: 1; Boot Secotor: 1. Ich habe den Stinger auch auf delete gestellt, das hat auch nichts geholfen, weil der Virus danach immer noch auffindbar war. Jetzt hoffe ich das ihr mir weiter helfen könnt,

Also das sind die zwei Trojaner:

Desktop.ini (C:\\Windows\assembly\GAC_64\Desktop.ini)
Desktop.ini (C:\\Windows\assembly\GAC_32\Desktop.ini)

Und das Logfile (mit OTL erstellt) ist hier, ich konnte es leider nicht hochladen, da es zu groß war. Ich weiß leider nicht was ich mit dem Anfange soll, also wenn es da etwas gibt, was ich tun kann, schreibt es mir bitte.

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 20.08.2012 20:23:09 - Run 2
OTL by OldTimer - Version 3.2.58.1     Folder = C:\Users\Saskia\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 45,77% Memory free
7,80 Gb Paging File | 5,31 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448,63 Gb Total Space | 398,46 Gb Free Space | 88,82% Space Free | Partition Type: NTFS
 
Computer Name: SASKIA-VAIO | User Name: Saskia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Saskia\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Saskia\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe (Google Inc.)
PRC - c:\PROGRA~2\mcafee\SITEAD~1\saui.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
PRC - C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Care\listener.exe (Sony of America Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll ()
MOD - C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\libglesv2.dll ()
MOD - C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\libegl.dll ()
MOD - C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\avutil-51.dll ()
MOD - C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\avformat-54.dll ()
MOD - C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\avcodec-54.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\acc563eb665e430df4375afb9697a5d9\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\33e53ffe7ba7362a2d483ef4ea79bfe3\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV - (McODS) -- C:\Programme\McAfee\virusscan\mcods.exe (McAfee, Inc.)
SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV - (DCDhcpService) -- C:\Programme\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe (Atheros Communication Inc.)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (Sony Corporation)
SRV - (PMBDeviceInfoProvider) -- c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (VCService) -- C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation)
SRV - (ZAtheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (VcmINSMgr) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (SpfService) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Sony Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (VcmXmlIfHelper) -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV - (MOBK649backup) -- C:\Program Files (x86)\McAfee Online Backup\MOBK649backup.exe (McAfee, Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (McAWFwk) -- c:\Programme\McAfee\MSC\McAWFwk.exe (McAfee, Inc.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_VDP) -- C:\Windows\SysNative\drivers\btath_vdp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (MOBK649Filter) -- C:\Windows\SysNative\drivers\MOBK649.sys (Mozy, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (e1yexpress) -- C:\Windows\SysNative\drivers\e1y60x64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://vaioportal.sony.eu
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://sony.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://vaioportal.sony.eu
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{C5260BA0-983F-44BA-995E-0C3189EBBF55}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q212&_nkw={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Saskia\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Saskia\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.08.08 20:41:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.08.08 20:05:13 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.searchcanvas.com/?ot=6
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: hxxp://www.searchcanvas.com/?ot=6
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_222.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U1 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Enabled) = c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files (x86)\Sony\Media Go\npmediago.dll
CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Saskia\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: Magic Actions for YouTube\u2122 = C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.4_0\
CHR - Extension: Auf den Amazon-Wunschzettel = C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\
CHR - Extension: SiteAdvisor = C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.1_0\
CHR - Extension: Dolce&Gabbana = C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\
CHR - Extension: YouTube to MP3 Converter = C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfhmlakkppnbdbeeifhbkpgmhcbmabl\0.1.2_0\
CHR - Extension: Webcam Toy = C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade\1.3.5_0\
CHR - Extension: Qtube = C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhakcmpgccbfnmamojhjhaflhnfdooaa\1.11_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\systemcore\ScriptSn.20120808134733.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120808134734.dll (McAfee, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [McAfeeWrapperApplication] C:\Program Files (x86)\McAfeeMOBK\WrapperTrayIcon.exe (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0BD1628F-DBBC-4511-9909-604C66370048}: DhcpNameServer = 192.54.112.29
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CEF2AEF0-23A1-4B0E-BA0E-D09424F4A880}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{19b48ec7-e2d5-11e1-ad18-5453ed276b1a}\Shell - "" = AutoRun
O33 - MountPoints2\{19b48ec7-e2d5-11e1-ad18-5453ed276b1a}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.20 19:59:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.08.20 19:18:38 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012.08.20 19:07:38 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012.08.20 19:07:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger
[2012.08.20 18:54:19 | 000,000,000 | ---D | C] -- C:\Users\Saskia\Documents\Simply Super Software
[2012.08.20 18:54:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012.08.20 18:54:09 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ztvcabinet.dll
[2012.08.20 18:54:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2012.08.20 18:54:00 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Simply Super Software
[2012.08.20 18:54:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.08.20 18:47:46 | 010,488,608 | ---- | C] (Simply Super Software                                       ) -- C:\Users\Saskia\Desktop\trjsetup682.exe
[2012.08.20 09:30:56 | 000,000,000 | RHSD | C] -- C:\Users\Saskia\M-10-6897-8685-3464
[2012.08.19 01:03:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.18 00:17:19 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\PhotoScape
[2012.08.18 00:14:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
[2012.08.18 00:13:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoScape
[2012.08.17 23:49:09 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Programs
[2012.08.17 23:45:45 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\SoftGrid Client
[2012.08.17 23:45:41 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\SoftGrid Client
[2012.08.17 23:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)
[2012.08.17 23:45:00 | 000,000,000 | ---D | C] -- C:\Users\Saskia\Documents\WebCam Media
[2012.08.17 23:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.08.17 23:44:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012.08.17 23:44:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2012.08.17 23:43:16 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\TP
[2012.08.16 12:59:22 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\CrashDumps
[2012.08.15 23:50:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.15 23:50:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.15 23:50:56 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.15 23:50:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.15 23:50:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.15 23:50:54 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.08.15 23:50:54 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.08.15 23:50:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.08.15 23:50:54 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.15 23:50:54 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.08.15 23:50:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.08.15 23:50:53 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.15 23:50:53 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.15 21:44:45 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Windows Live
[2012.08.15 21:43:19 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\{F7FE94E3-298B-4C11-8E1C-E9F37E0AF4A1}
[2012.08.15 20:29:03 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Apple Computer
[2012.08.15 20:29:03 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Apple Computer
[2012.08.15 20:28:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.08.15 20:28:50 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2012.08.15 20:28:50 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2012.08.15 20:28:50 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012.08.15 20:26:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.08.15 20:26:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.08.15 20:26:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.08.15 20:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.08.15 20:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012.08.15 20:24:51 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Apple
[2012.08.15 20:24:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012.08.15 20:23:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012.08.15 20:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.08.15 20:23:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012.08.15 20:22:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012.08.15 20:22:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012.08.15 16:13:09 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.08.15 16:12:17 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.08.15 16:12:16 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.08.15 16:12:16 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.08.15 16:06:58 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.15 16:06:58 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.15 16:06:57 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.15 16:06:37 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.08.13 19:35:39 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\ArcSoft
[2012.08.13 19:35:16 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\ArcSoft
[2012.08.12 18:46:23 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Microsoft Games
[2012.08.08 17:51:45 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2012.08.08 17:39:57 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012.08.08 17:39:57 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012.08.08 17:39:56 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.08.08 14:13:19 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.08.08 14:13:17 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.08.08 14:13:16 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.08.08 13:48:29 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.08.08 13:48:14 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2012.08.08 13:48:11 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2012.08.08 13:48:02 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012.08.08 13:47:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.08.08 13:47:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.08.08 12:29:09 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.08.08 12:29:09 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.08.08 12:29:08 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.08.08 12:27:55 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012.08.08 12:27:54 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012.08.08 12:16:18 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.08.08 11:11:33 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012.08.08 11:11:31 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012.08.08 10:01:07 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.08.08 10:01:00 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.08.08 10:00:59 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.08.08 09:53:40 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012.08.08 09:53:11 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.08.08 09:53:08 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.08.08 08:23:48 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.08.08 08:23:48 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012.08.08 08:21:03 | 000,000,000 | ---D | C] -- C:\VAIO Entertainment
[2012.08.08 08:17:12 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.08.08 08:17:12 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.08.08 08:17:12 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.08.08 08:16:52 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.08.08 08:16:52 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.08.08 08:16:52 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.08.08 08:16:38 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.08.08 08:16:38 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.08.08 08:06:48 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Skype
[2012.08.07 18:45:56 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.08.07 18:11:09 | 000,000,000 | ---D | C] -- C:\Users\Saskia\Documents\Sony PMB
[2012.08.07 18:07:44 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Google
[2012.08.07 18:06:29 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Apps
[2012.08.07 18:06:28 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Deployment
[2012.08.07 18:03:06 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Adobe
[2012.08.07 18:02:49 | 000,000,000 | ---D | C] -- C:\Update
[2012.08.07 18:01:22 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Sony Corporation
[2012.08.07 17:59:39 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Atheros
[2012.08.07 17:59:04 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Intel Corporation
[2012.08.07 17:59:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\VAIO Startup Setting Tool
[2012.08.07 17:58:57 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.08.07 17:58:56 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\BMExplorer
[2012.08.07 17:58:56 | 000,000,000 | ---D | C] -- C:\Users\Saskia\Documents\Bluetooth Folder
[2012.08.07 17:58:47 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Atheros
[2012.08.07 17:58:16 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Sony Corporation
[2012.08.07 17:58:12 | 000,000,000 | R--D | C] -- C:\Users\Saskia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.08.07 17:58:12 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Searches
[2012.08.07 17:58:12 | 000,000,000 | R--D | C] -- C:\Users\Saskia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.08.07 17:57:58 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Identities
[2012.08.07 17:57:56 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Contacts
[2012.08.07 17:57:54 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\VirtualStore
[2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Vorlagen
[2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\AppData\Local\Verlauf
[2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\AppData\Local\Temporary Internet Files
[2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Startmenü
[2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\SendTo
[2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Recent
[2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Netzwerkumgebung
[2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Lokale Einstellungen
[2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Documents\Eigene Videos
[2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Documents\Eigene Musik
[2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Eigene Dateien
[2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Documents\Eigene Bilder
[2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Druckumgebung
[2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Cookies
[2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\AppData\Local\Anwendungsdaten
[2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Anwendungsdaten
[2012.08.07 17:56:16 | 000,000,000 | --SD | C] -- C:\Users\Saskia\AppData\Roaming\Microsoft
[2012.08.07 17:56:16 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Videos
[2012.08.07 17:56:16 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Saved Games
[2012.08.07 17:56:16 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Pictures
[2012.08.07 17:56:16 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Music
[2012.08.07 17:56:16 | 000,000,000 | R--D | C] -- C:\Users\Saskia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.08.07 17:56:16 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Links
[2012.08.07 17:56:16 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Favorites
[2012.08.07 17:56:16 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Downloads
[2012.08.07 17:56:16 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Documents
[2012.08.07 17:56:16 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Desktop
[2012.08.07 17:56:16 | 000,000,000 | R--D | C] -- C:\Users\Saskia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.08.07 17:56:16 | 000,000,000 | -H-D | C] -- C:\Users\Saskia\AppData
[2012.08.07 17:56:16 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Temp
[2012.08.07 17:56:16 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Microsoft
[2012.08.07 17:56:16 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Media Center Programs
[2012.08.07 17:56:16 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Macromedia
[2012.08.07 17:55:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.08.07 17:55:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.08.07 17:55:48 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.08.07 17:55:48 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.08.07 17:55:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.08.07 17:55:48 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.08.07 17:55:48 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.08.07 17:55:48 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.08.07 17:55:48 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.08.07 17:55:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.08.07 17:55:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.08.07 16:52:16 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.20 20:23:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2061850246-3451949566-2168631680-1000UA.job
[2012.08.20 20:13:59 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012.08.20 20:02:41 | 000,020,992 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.20 20:02:41 | 000,020,992 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.20 19:54:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.20 19:54:41 | 3142,864,896 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.20 18:54:13 | 000,001,143 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2012.08.20 18:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.20 18:53:47 | 010,488,608 | ---- | M] (Simply Super Software                                       ) -- C:\Users\Saskia\Desktop\trjsetup682.exe
[2012.08.19 01:03:34 | 001,642,498 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.08.19 01:03:34 | 000,697,532 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.19 01:03:34 | 000,652,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.19 01:03:34 | 000,148,538 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.19 01:03:34 | 000,121,484 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.18 00:22:51 | 000,005,120 | -H-- | M] () -- C:\Users\Saskia\Desktop\photothumb.db
[2012.08.18 00:14:15 | 000,001,035 | ---- | M] () -- C:\Users\Saskia\Desktop\PhotoScape.lnk
[2012.08.17 23:58:48 | 000,016,279 | ---- | M] () -- C:\Users\Saskia\AppData\Local\recently-used.xbel
[2012.08.16 12:58:10 | 000,300,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.15 20:28:57 | 000,001,801 | ---- | M] () -- C:\Users\Saskia\Desktop\iTunes.lnk
[2012.08.15 19:05:09 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.15 19:05:09 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.15 16:52:38 | 000,002,461 | ---- | M] () -- C:\Users\Saskia\Desktop\Google Chrome.lnk
[2012.08.14 15:55:18 | 000,000,393 | ---- | M] () -- C:\Users\Saskia\AppData\Local\HamsterVideoConverterSettings.cfg
[2012.08.13 22:15:09 | 000,007,195 | ---- | M] () -- C:\Windows\SysWow64\SystemData.xml
[2012.08.10 18:26:41 | 001,613,328 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.08 08:23:08 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2061850246-3451949566-2168631680-1000Core.job
[2012.08.07 17:57:51 | 000,000,000 | RH-- | M] () -- C:\Windows\SysWow64\drivers\104D_Sony_SVE1711F1EW.mrk
[2012.08.07 17:57:51 | 000,000,000 | RH-- | M] () -- C:\Windows\SysNative\drivers\104D_Sony_SVE1711F1EW.mrk
[2012.08.07 16:54:09 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.08.07 16:54:09 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.20 18:54:13 | 000,001,143 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2012.08.20 18:54:09 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2012.08.20 18:54:09 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2012.08.20 18:54:09 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2012.08.20 18:54:09 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2012.08.20 16:57:10 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{a705c1ae-a47b-bb5f-21dc-9bd1e5f04209}\L\00000004.@
[2012.08.18 00:17:35 | 000,005,120 | -H-- | C] () -- C:\Users\Saskia\Desktop\photothumb.db
[2012.08.18 00:14:15 | 000,001,035 | ---- | C] () -- C:\Users\Saskia\Desktop\PhotoScape.lnk
[2012.08.17 23:58:48 | 000,016,279 | ---- | C] () -- C:\Users\Saskia\AppData\Local\recently-used.xbel
[2012.08.15 20:28:57 | 000,001,801 | ---- | C] () -- C:\Users\Saskia\Desktop\iTunes.lnk
[2012.08.15 20:24:45 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.08.14 15:55:17 | 000,000,393 | ---- | C] () -- C:\Users\Saskia\AppData\Local\HamsterVideoConverterSettings.cfg
[2012.08.13 22:15:09 | 000,007,195 | ---- | C] () -- C:\Windows\SysWow64\SystemData.xml
[2012.08.07 19:10:40 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
[2012.08.07 18:45:58 | 000,002,461 | ---- | C] () -- C:\Users\Saskia\Desktop\Google Chrome.lnk
[2012.08.07 18:07:46 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2061850246-3451949566-2168631680-1000UA.job
[2012.08.07 18:07:46 | 000,001,072 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2061850246-3451949566-2168631680-1000Core.job
[2012.08.07 17:58:29 | 000,001,409 | ---- | C] () -- C:\Users\Saskia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.08.07 17:58:19 | 000,001,443 | ---- | C] () -- C:\Users\Saskia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.08.07 17:57:51 | 000,000,000 | RH-- | C] () -- C:\Windows\SysWow64\drivers\104D_Sony_SVE1711F1EW.mrk
[2012.08.07 17:57:51 | 000,000,000 | RH-- | C] () -- C:\Windows\SysNative\drivers\104D_Sony_SVE1711F1EW.mrk
[2012.08.07 17:57:45 | 000,002,071 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music Unlimited.lnk
[2012.08.07 16:52:07 | 3142,864,896 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.09 18:28:10 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012.03.15 21:57:54 | 013,206,016 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.03.15 21:57:54 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.15 21:57:54 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.03.15 21:57:54 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.03.15 21:57:54 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.02.24 02:27:20 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{a705c1ae-a47b-bb5f-21dc-9bd1e5f04209}\@
[2012.02.24 02:27:20 | 000,002,048 | -HS- | C] () -- C:\Users\Saskia\AppData\Local\{a705c1ae-a47b-bb5f-21dc-9bd1e5f04209}\@
[2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011.02.11 01:03:27 | 001,642,498 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== LOP Check ==========
 
[2012.08.18 00:20:45 | 000,000,000 | ---D | M] -- C:\Users\Saskia\AppData\Roaming\PhotoScape
[2012.08.20 18:54:00 | 000,000,000 | ---D | M] -- C:\Users\Saskia\AppData\Roaming\Simply Super Software
[2012.08.18 01:21:50 | 000,000,000 | ---D | M] -- C:\Users\Saskia\AppData\Roaming\SoftGrid Client
[2012.08.17 23:46:02 | 000,000,000 | ---D | M] -- C:\Users\Saskia\AppData\Roaming\TP
[2009.07.14 07:08:49 | 000,011,710 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:CB0AACC9

< End of report >
--- --- ---


Ich hoffe ihr könnt mir helfen, ich weiß nicht mehr weiter^^
Neu installieren kann ich ihn nicht, weil ich kein Betriebssystem auf CD habe.
'tschuldiung, wenns so einen Ähnlichen Theat schon gibt, ich habe nämlich keinen gefunden.



Mfg~
Sukai
Geändert von sukai (20.08.2012 um 19:52 Uhr)

 

Themen zu Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini)
80-100, autorun, bho, bildschirmschoner, bingbar, bonjour, converter, desktop.ini, downloader, explorer, firefox, flash player, format, google, home, homepage, logfile, mp3, plug-in, problem, realtek, registry, scan, siteadvisor, super, trojaner, trojaner zero access, usb, usb 3.0, virus, wildtangent games, windows, wlan


« Polizeivirus Österreich, 20.08.12 | BKA Trojaner 1.13 auf Win7 Home 32Bit »


Ähnliche Themen: Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini)


  1. Habe Trojaner: Trojan.Zeroaccess.C, Trojan.Zeroaccess.B,Trojan.Gen.2
    Log-Analyse und Auswertung - 10.11.2013 (3)
  2. facebook.vbs auf Digitalkamera/USB (Desktop-PC: XP)
    Log-Analyse und Auswertung - 21.10.2013 (29)
  3. da warens nur noch 3: "assembly\GAC_32(64)\Desktop.ini" & "Fehlercode 0x80070424"
    Plagegeister aller Art und deren Bekämpfung - 02.10.2013 (17)
  4. McAfee Viren,Trojaner Isolieren Fehlgeschlagen Löschen ist nicht möglich C:Windows\assembly\GAC_32\Desktop.ini
    Plagegeister aller Art und deren Bekämpfung - 06.11.2012 (6)
  5. Trojaner ZeroAccess.hi in Desktop.ini nicht löschbar von McAfee Internet Security
    Log-Analyse und Auswertung - 02.11.2012 (9)
  6. ZeroAccess Trojaner in der Desktop.ini gefunden
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (11)
  7. Zeroaccess Trojaner in c:\windows\sassembly\GAC\Desktop.ini
    Plagegeister aller Art und deren Bekämpfung - 12.09.2012 (11)
  8. c:/windows/assembly/GAC_64 Trojaner: Dropper.Generic28.ANIC
    Plagegeister aller Art und deren Bekämpfung - 17.08.2012 (5)
  9. G Date meldet Virus in GAC_32 + GAC_64
    Log-Analyse und Auswertung - 13.07.2012 (7)
  10. "C:\Windows\assembly\GAC_MSIL\Desktop.ini" kann nicht entfernt werden!
    Log-Analyse und Auswertung - 11.04.2012 (2)
  11. Win32/Sirefef.DN Trojaner im Arbeitsspeicher c:\windows\assembly\GAC_32\Desktop.ini
    Plagegeister aller Art und deren Bekämpfung - 04.03.2012 (3)
  12. Mehrere Trojaner gefunden in windows/assembly/tmp/u vermutlich nach OTR Benutzung
    Plagegeister aller Art und deren Bekämpfung - 09.02.2012 (47)
  13. Generic Backdoor!dxf Trojaner in C:\Windows\assembly\GAC_MSIL\Desktop.ini
    Plagegeister aller Art und deren Bekämpfung - 08.02.2012 (37)
  14. Facebook-Trojaner: vinamost.net/images/facebook/get.php?image=IMG39348819.JPG
    Log-Analyse und Auswertung - 21.11.2011 (42)
  15. Trojan:win64/sirefef.b in file:C:\Windows\assembly\tmp\U\800000cb.@
    Plagegeister aller Art und deren Bekämpfung - 29.08.2011 (13)
  16. Facebook Trojaner/Virus Windows Vista
    Mülltonne - 28.08.2011 (2)
  17. TR/ATRAPS.Gen2 (Troianer) in 'C:\Windows\assembly\tmp\U\800000cf.@'
    Plagegeister aller Art und deren Bekämpfung - 19.08.2011 (28)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini) - Hallo erstmal. Also zu meinen Problem; es ist so ich habe heute in der früh in Facebook von einer Freundin eine Nachricht mit einen Bildschirmschoner als Anhang bekommen und alles - Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini)...
Archiv
Du betrachtest: Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131