|
Log-Analyse und Auswertung: Fud Trojaner aufn PcWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
19.09.2012, 17:15 | #1 |
| Fud Trojaner aufn Pc hallo an alle ich habe ein sehr großes problem ich habe ein virus aufn pc der kann alles mit mir machen der schreibt soga mit mir der hacker oda virus auf jeden fall möchte ich nicht mein pc formatieren gibs ne lösung denn virus zu entfernen der sagt der hat denn gecryptet und der fud ist er hat mich jetzt für immer auf sein pc sagt er bitte um hilfe |
19.09.2012, 20:36 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Fud Trojaner aufn PcZitat:
Soll unsere Glaskugel erraten was auf deinem PC schlummert oder machst du dir mal die Mühe die Funde und alle anderen notwendigen Angaben zu posten?! Bitte beachten => http://www.trojaner-board.de/95173-b...es-posten.html und http://www.trojaner-board.de/69886-a...-beachten.html
__________________ |
19.09.2012, 21:34 | #3 |
| Fud Trojaner aufn Pc HiJackthis Logfile:
__________________Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:33:30, on 19.09.2012 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Winamp\winampa.exe C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe C:\Program Files\EslWire\inGame32.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.95\deploy\LoLLauncher.exe C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.203\deploy\LolClient.exe C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\sHaXx\Downloads\HiJackThis(1).exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=cqde&s={searchTerms}&f=4 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: icqBHO - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\bh\facemoods.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O2 - BHO: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodsTlbr.dll O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll O3 - Toolbar: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe" /md I O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" O4 - HKLM\..\Run: [Guard.Mail.ru.gui] "C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe" /gui O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" O4 - HKLM\..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot O4 - HKCU\..\Run: [ESL Wire] "C:\Program Files\EslWire\wire.exe" --tray O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent O4 - HKCU\..\Run: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\sHaXx\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.7\ICQ.exe" silent loginmode=4 O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_3C94143684EBDCB38A44E45CF67FD0DC] "C:\Users\sHaXx\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O8 - Extra context menu item: Free YouTube Download - C:\Users\sHaXx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESL Wire Helper Service (EslWireHelper) - Unknown owner - C:\Program Files\EslWire\service\WireHelperSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Guard.Mail.ru - Unknown owner - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Motorola Device Manager Service (Motorola Device Manager) - Unknown owner - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PST Service - Motorola - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11846 bytes |
20.09.2012, 10:26 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Fud Trojaner aufn Pc AUman ich poste extra was du machen sollst und was du nicht machen sollst und trotzdem kommt ein Hijackthis-Log Bitte keine Hijackthis-Logfiles posten!!! Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
20.09.2012, 15:05 | #5 |
| Fud Trojaner aufn Pc tut mir leid bin nur so fertig es nervt :-( ich lade dir gleich otl log hoch sry noch ma OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.09.2012 16:02:18 - Run 2 OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\sHaXx\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 28,03% Memory free 12,00 Gb Paging File | 6,28 Gb Available in Paging File | 52,38% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1397,16 Gb Total Space | 1054,45 Gb Free Space | 75,47% Space Free | Partition Type: NTFS Computer Name: SHAXX-PC | User Name: sHaXx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\sHaXx\Downloads\OTL(2).exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\EslWire\inGame32.exe () PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) PRC - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe () PRC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe () PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe () PRC - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola) PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\EslWire\NocIPC32.dll () MOD - C:\Programme\EslWire\inGame32.exe () MOD - C:\Programme\EslWire\inGame32.dll () MOD - C:\Users\sHaXx\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\sHaXx\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll () MOD - C:\Users\sHaXx\AppData\Local\Google\Chrome\Application\21.0.1180.89\avutil-51.dll () MOD - C:\Users\sHaXx\AppData\Local\Google\Chrome\Application\21.0.1180.89\avformat-54.dll () MOD - C:\Users\sHaXx\AppData\Local\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll () MOD - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe () MOD - C:\Users\sHaXx\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\105f615826ef408381c06be8ab5384cc\PresentationFramework.Classic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () MOD - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe () MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (EslWireHelper) -- C:\Programme\EslWire\service\WireHelperSvc.exe () SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (Motorola Device Manager) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe () SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Guard.Mail.ru) -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe () SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SearchAnonymizer) -- C:\Users\sHaXx\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe () SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (PST Service) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola) SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (GEST Service) -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (ESLWireAC) -- C:\Windows\SysNative\drivers\ESLWireACD.sys (<Turtle Entertainment>) DRV:64bit: - (ssudobex) -- C:\Windows\SysNative\drivers\ssudobex.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (motccgp) -- C:\Windows\SysNative\drivers\motccgp.sys (Motorola Mobility Inc) DRV:64bit: - (Motousbnet) -- C:\Windows\SysNative\drivers\Motousbnet.sys (Motorola Mobility Inc) DRV:64bit: - (MotoSwitchService) -- C:\Windows\SysNative\drivers\motswch.sys (Motorola) DRV:64bit: - (motmodem) -- C:\Windows\SysNative\drivers\motmodem.sys (Motorola Mobility Inc) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (EuMusDesignVirtualAudioCableWdm) -- C:\Windows\SysNative\drivers\vrtaucbl.sys (Eugene V. Muzychenko) DRV:64bit: - (motccgpfl) -- C:\Windows\SysNative\drivers\motccgpfl.sys (Motorola Mobility Inc) DRV:64bit: - (ESLvnic1) -- C:\Windows\SysNative\drivers\ESLvnic.sys (Turtle Entertainment GmbH) DRV:64bit: - (motusbdevice) -- C:\Windows\SysNative\drivers\motusbdevice.sys (Motorola Inc) DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.) DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.) DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.) DRV:64bit: - (ANDModem) -- C:\Windows\SysNative\drivers\lgandmodem64.sys (LG Electronics Inc.) DRV:64bit: - (AndDiag) -- C:\Windows\SysNative\drivers\lganddiag64.sys (LG Electronics Inc.) DRV:64bit: - (AndGps) -- C:\Windows\SysNative\drivers\lgandgps64.sys (LG Electronics Inc.) DRV:64bit: - (Andbus) -- C:\Windows\SysNative\drivers\lgandbus64.sys (LG Electronics Inc.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys (Screaming Bee LLC) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (ValFltr) -- C:\Windows\SysNative\drivers\ValoFltr.sys (ROCCAT Development, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (hidusbf) -- C:\Windows\SysNative\drivers\hidusbf.sys (SweetLow) DRV:64bit: - (BTCFilterService) -- C:\Windows\SysNative\drivers\motfilt.sys (Motorola Inc) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=cqde&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {8BE30047-DDB1-4C02-965D-D3A2DE911D4F} IE - HKCU\..\SearchScopes\{03770B97-9285-4E4C-AD37-1CD3268F4D25}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=e4e1a7cf-254b-435a-af61-b05bbffc0841&pid=icqt&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=e4e1a7cf-254b-435a-af61-b05bbffc0841&pid=icqt&k=0 IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com.anonymize-me.de/?anonymto=687474703A2F2F73746172742E666163656D6F6F64732E636F6D2F3F613D6371646526733D7B7365617263685465726D737D26663D34&st={searchTerms}&clid=e4e1a7cf-254b-435a-af61-b05bbffc0841&pid=icqt&k=0 IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109989&babsrc=SP_ss&mntrId=a670a23700000000000000ff01000001 IE - HKCU\..\SearchScopes\{3AC81621-89B3-474C-8C51-425CF7210F4F}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=e4e1a7cf-254b-435a-af61-b05bbffc0841&pid=icqt&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{4405782A-DE5A-47B6-8961-68D5014B9F8D}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=e4e1a7cf-254b-435a-af61-b05bbffc0841&pid=icqt&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{8BE30047-DDB1-4C02-965D-D3A2DE911D4F}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} IE - HKCU\..\SearchScopes\{C6B171EF-34E7-4277-BBC9-AD80924B689E}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=e4e1a7cf-254b-435a-af61-b05bbffc0841&pid=icqt&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{DD97C082-0728-4EFE-A2B8-5DD2E38329A9}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=e4e1a7cf-254b-435a-af61-b05bbffc0841&pid=icqt&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{F8F664D5-3694-4C99-98A7-05C41A33884F}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=e4e1a7cf-254b-435a-af61-b05bbffc0841&pid=icqt&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}: "URL" = [String data over 1000 bytes] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledAddons: ytd@mybrowserbar.com:6.2 FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:1.5.3 FF - prefs.js..extensions.enabledAddons: testpilot@labs.mozilla.com:1.2.2 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\sHaXx\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\sHaXx\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.29 16:31:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.15 16:14:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.08 07:18:11 | 000,000,000 | ---D | M] [2011.12.29 17:07:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sHaXx\AppData\Roaming\mozilla\Extensions [2012.09.12 06:30:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sHaXx\AppData\Roaming\mozilla\Firefox\Profiles\tyb2pg95.default\extensions [2012.07.25 20:06:46 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\sHaXx\AppData\Roaming\mozilla\Firefox\Profiles\tyb2pg95.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.01.07 18:15:48 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\sHaXx\AppData\Roaming\mozilla\Firefox\Profiles\tyb2pg95.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.09.12 06:30:41 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\sHaXx\AppData\Roaming\mozilla\firefox\profiles\tyb2pg95.default\extensions\testpilot@labs.mozilla.com.xpi [2012.07.27 09:03:34 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\sHaXx\AppData\Roaming\mozilla\firefox\profiles\tyb2pg95.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.17 08:04:48 | 000,000,950 | ---- | M] () -- C:\Users\sHaXx\AppData\Roaming\mozilla\firefox\profiles\tyb2pg95.default\searchplugins\icqplugin-1.xml [2012.08.19 21:48:50 | 000,000,950 | ---- | M] () -- C:\Users\sHaXx\AppData\Roaming\mozilla\firefox\profiles\tyb2pg95.default\searchplugins\icqplugin-2.xml [2012.07.19 01:28:47 | 000,000,950 | ---- | M] () -- C:\Users\sHaXx\AppData\Roaming\mozilla\firefox\profiles\tyb2pg95.default\searchplugins\icqplugin-3.xml [2012.04.25 16:28:53 | 000,000,950 | ---- | M] () -- C:\Users\sHaXx\AppData\Roaming\mozilla\firefox\profiles\tyb2pg95.default\searchplugins\icqplugin-4.xml [2012.06.06 18:18:50 | 000,000,950 | ---- | M] () -- C:\Users\sHaXx\AppData\Roaming\mozilla\firefox\profiles\tyb2pg95.default\searchplugins\icqplugin-5.xml [2012.06.17 00:26:11 | 000,000,950 | ---- | M] () -- C:\Users\sHaXx\AppData\Roaming\mozilla\firefox\profiles\tyb2pg95.default\searchplugins\icqplugin-6.xml [2012.08.26 22:49:45 | 000,000,950 | ---- | M] () -- C:\Users\sHaXx\AppData\Roaming\mozilla\firefox\profiles\tyb2pg95.default\searchplugins\icqplugin-7.xml [2012.09.08 08:10:58 | 000,000,950 | ---- | M] () -- C:\Users\sHaXx\AppData\Roaming\mozilla\firefox\profiles\tyb2pg95.default\searchplugins\icqplugin-8.xml [2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\sHaXx\AppData\Roaming\mozilla\firefox\profiles\tyb2pg95.default\searchplugins\icqplugin.xml [2012.09.08 07:18:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.15 16:14:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2012.07.30 19:19:27 | 000,000,000 | ---D | M] (YTD Toolbar) -- C:\PROGRAM FILES (X86)\YTD TOOLBAR\FF [2012.09.15 16:14:08 | 000,260,576 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.08.15 11:30:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.05 22:59:09 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.08.15 11:30:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.08.15 11:30:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.12.29 17:07:04 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2012.08.15 11:30:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.15 11:30:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.15 11:30:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: ICQ.com Suche CHR - default_search_provider: ICQ Search (Enabled) CHR - default_search_provider: search_url = hxxp://search.icq.com/search/results.php?ch_id=osd&q={searchTerms}&icid=chrome CHR - default_search_provider: suggest_url = CHR - homepage: ICQ.com Suche CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\sHaXx\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\sHaXx\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\sHaXx\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Google Update (Enabled) = C:\Users\sHaXx\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\sHaXx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\sHaXx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Facemoods = C:\Users\sHaXx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.6.0_0\ CHR - Extension: Facemoods = C:\Users\sHaXx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.6.0_0\facemoods\ CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\sHaXx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\ CHR - Extension: Mehr Leistung und Videoformate f\\u00FCr dein HTML5 \\u003Cvideo\\u003E = C:\Users\sHaXx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\sHaXx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodsTlbr.dll (facemoods.com) O3 - HKLM\..\Toolbar: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\sHaXx\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe () O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [ESL Wire] C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH) O4 - HKCU..\Run: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\sHaXx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\sHaXx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC43A16D-8A88-4F40-AC22-F0DDB3DEEC01}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\gest.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\help.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\gest.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\help.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{065437ed-3323-11e1-8be5-00ff01000001}\Shell - "" = AutoRun O33 - MountPoints2\{065437ed-3323-11e1-8be5-00ff01000001}\Shell\AutoRun\command - "" = E:\ZTE_Handset_USB_Driver.exe O33 - MountPoints2\{352d2204-2f51-11e1-89da-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{352d2204-2f51-11e1-89da-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Run.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.19 17:37:38 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.09.19 17:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.19 17:37:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.09.19 16:05:46 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\Documents\Simply Super Software [2012.09.19 16:05:46 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\AppData\Roaming\Simply Super Software [2012.09.19 16:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2012.09.19 16:05:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover [2012.09.19 16:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2012.09.18 20:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartPCFixer [2012.09.18 20:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\SmartPCFixer [2012.09.18 19:38:13 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\AppData\Local\Dögel_IT-Management [2012.09.18 19:38:03 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\Documents\Neuer Ordner (4) [2012.09.18 19:33:28 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\AppData\Local\Dögel_GmbH [2012.09.18 19:22:23 | 000,000,000 | ---D | C] -- C:\Capture [2012.09.18 19:21:10 | 020,789,760 | ---- | C] (Dögel GmbH) -- C:\Users\sHaXx\Documents\Evalaze_Free_2.0.2.12.exe [2012.09.18 18:16:10 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\Documents\Neuer Ordner (3) [2012.09.18 17:56:26 | 000,000,000 | R--D | C] -- C:\Sandbox [2012.09.17 08:33:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TERA [2012.09.17 08:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA [2012.09.17 08:33:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TERA [2012.09.13 14:39:07 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\AppData\Roaming\Process Hacker 2 [2012.09.10 17:42:42 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\Documents\TheMoonCrypter [2012.09.08 07:18:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.09.06 16:46:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\[S.P.Y] [2012.09.05 21:58:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\hacksss [2012.09.03 21:37:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhrozenSoft [2012.09.03 21:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DarkComet RAT Remover [2012.09.03 21:35:50 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\Documents\DArkcomet [2012.09.01 15:42:10 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crypter [2012.09.01 15:42:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Crypter [2012.09.01 15:05:41 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\Documents\Dialy Crypter [2012.09.01 14:31:55 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\Documents\BLACKOUT CRYPTER [2012.09.01 14:27:19 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Executable File Icons Changer [2012.09.01 14:27:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ExeIco [2012.09.01 14:19:20 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sib Icon Extractor [2012.09.01 14:19:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sib Icon Extractor [2012.09.01 03:12:35 | 000,405,152 | ---- | C] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll [2012.09.01 02:03:58 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\Documents\Biggest Windows 7's icons pack created by NhatPG [2012.09.01 00:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker [2012.09.01 00:54:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Resource Hacker [2012.09.01 00:42:18 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\Documents\Neuer Ordner (2) [2012.09.01 00:27:44 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\AppData\Local\Vitalwerks [2012.08.31 23:34:09 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\Documents\Neuer Ordner [2012.08.31 23:31:48 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC [2012.08.31 23:31:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\No-IP [2012.08.26 15:25:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.08.21 18:09:27 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\Documents\osiiiiii [2012.08.21 18:09:01 | 000,000,000 | ---D | C] -- C:\Users\sHaXx\Documents\devn [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.20 16:00:44 | 000,028,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.20 16:00:44 | 000,028,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.20 15:53:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.20 15:52:52 | 535,683,071 | -HS- | M] () -- C:\hiberfil.sys [2012.09.20 08:11:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1065711958-1204936007-2722131100-1001UA.job [2012.09.20 03:11:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1065711958-1204936007-2722131100-1001Core.job [2012.09.19 17:37:38 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.09.19 17:07:25 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.09.19 16:49:27 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.09.19 15:42:13 | 000,001,764 | ---- | M] () -- C:\Windows\Sandboxie.ini [2012.09.18 20:52:11 | 000,000,860 | ---- | M] () -- C:\Users\Public\Desktop\SmartPCFixer.lnk [2012.09.18 18:51:20 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\DarkComet Remover.lnk [2012.09.18 18:44:38 | 015,356,774 | ---- | M] () -- C:\Users\sHaXx\Documents\DArkcomet.rar [2012.09.18 18:22:52 | 000,000,003 | ---- | M] () -- C:\Users\Public\Documents\vaLNOR2 [2012.09.15 16:09:56 | 000,004,711 | ---- | M] () -- C:\Users\sHaXx\Documents\ipod2 [2012.09.15 16:08:30 | 000,000,218 | ---- | M] () -- C:\Users\sHaXx\Documents\ipodd [2012.09.14 14:34:38 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.09.14 14:34:38 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.14 14:34:38 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.14 14:34:38 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.14 14:34:38 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.13 15:33:50 | 000,048,387 | ---- | M] () -- C:\Users\sHaXx\Documents\assy^^ [2012.09.13 09:37:52 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.12 23:30:24 | 000,006,568 | ---- | M] () -- C:\Users\sHaXx\Documents\looooooooooooooool [2012.09.12 23:20:31 | 000,000,212 | ---- | M] () -- C:\Users\sHaXx\Documents\muahahahaa [2012.09.09 21:10:39 | 000,007,277 | ---- | M] () -- C:\Users\sHaXx\Documents\Logs.dat [2012.09.09 20:52:51 | 000,307,907 | ---- | M] () -- C:\Users\sHaXx\Documents\Cs.GOKeYs.rar [2012.09.08 08:38:23 | 000,011,762 | ---- | M] () -- C:\Users\sHaXx\Documents\skgaming.rar [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.06 19:39:45 | 000,000,059 | ---- | M] () -- C:\Users\sHaXx\Documents\hehehee [2012.09.05 21:18:55 | 000,000,145 | ---- | M] () -- C:\Users\sHaXx\Desktop\datas [2012.09.05 00:00:22 | 000,000,779 | ---- | M] () -- C:\Users\Public\Desktop\ESL Wire.lnk [2012.09.04 23:06:02 | 000,002,453 | ---- | M] () -- C:\Users\sHaXx\Desktop\Google Chrome.lnk [2012.09.04 10:12:44 | 000,147,472 | ---- | M] (<Turtle Entertainment>) -- C:\Windows\SysNative\drivers\ESLWireACD.sys [2012.09.03 05:15:49 | 000,149,932 | -H-- | M] () -- C:\Users\sHaXx\AppData\Roaming\sHaXxlog.dat [2012.09.02 01:30:19 | 000,000,202 | ---- | M] () -- C:\Users\sHaXx\Desktop\War of the Immortals.url [2012.09.02 00:23:31 | 000,000,219 | ---- | M] () -- C:\Users\sHaXx\Desktop\Counter-Strike Source Beta.url [2012.09.01 15:42:10 | 000,000,987 | ---- | M] () -- C:\Users\sHaXx\Desktop\Crypter.lnk [2012.09.01 14:27:19 | 000,001,871 | ---- | M] () -- C:\Users\sHaXx\Desktop\Executable File Icons Changer.lnk [2012.09.01 14:27:19 | 000,000,022 | ---- | M] () -- C:\Windows\SysWow64\mseixml.sei [2012.09.01 14:27:19 | 000,000,022 | ---- | M] () -- C:\Windows\mseixml.sei [2012.09.01 14:27:19 | 000,000,002 | ---- | M] () -- C:\Users\sHaXx\Documents\eisavedicon.bmp [2012.09.01 14:19:20 | 000,001,086 | ---- | M] () -- C:\Users\sHaXx\Desktop\Sib Icon Extractor.lnk [2012.09.01 03:12:36 | 000,001,306 | ---- | M] () -- C:\Users\sHaXx\Desktop\Free YouTube Download.lnk [2012.08.29 02:37:09 | 000,000,219 | ---- | M] () -- C:\Users\sHaXx\Desktop\Counter-Strike Global Offensive.url [2012.08.29 02:37:09 | 000,000,216 | ---- | M] () -- C:\Users\sHaXx\Desktop\Counter-Strike Global Offensive - SDK.url [2012.08.26 15:25:24 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.08.24 15:58:36 | 000,405,152 | ---- | M] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.19 17:37:38 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.09.19 17:07:00 | 000,274,464 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.09.18 20:52:11 | 000,000,860 | ---- | C] () -- C:\Users\Public\Desktop\SmartPCFixer.lnk [2012.09.18 18:51:20 | 000,001,178 | ---- | C] () -- C:\Users\Public\Desktop\DarkComet Remover.lnk [2012.09.18 18:44:34 | 015,356,774 | ---- | C] () -- C:\Users\sHaXx\Documents\DArkcomet.rar [2012.09.18 18:42:27 | 000,000,003 | ---- | C] () -- C:\Users\Public\Documents\vaLNOR2 [2012.09.18 17:55:25 | 000,001,764 | ---- | C] () -- C:\Windows\Sandboxie.ini [2012.09.15 16:09:56 | 000,004,711 | ---- | C] () -- C:\Users\sHaXx\Documents\ipod2 [2012.09.15 16:08:30 | 000,000,218 | ---- | C] () -- C:\Users\sHaXx\Documents\ipodd [2012.09.13 15:33:50 | 000,048,387 | ---- | C] () -- C:\Users\sHaXx\Documents\assy^^ [2012.09.12 23:30:24 | 000,006,568 | ---- | C] () -- C:\Users\sHaXx\Documents\looooooooooooooool [2012.09.12 23:20:31 | 000,000,212 | ---- | C] () -- C:\Users\sHaXx\Documents\muahahahaa [2012.09.09 20:52:51 | 000,307,907 | ---- | C] () -- C:\Users\sHaXx\Documents\Cs.GOKeYs.rar [2012.09.08 08:38:22 | 000,011,762 | ---- | C] () -- C:\Users\sHaXx\Documents\skgaming.rar [2012.09.06 19:39:45 | 000,000,059 | ---- | C] () -- C:\Users\sHaXx\Documents\hehehee [2012.09.05 21:18:55 | 000,000,145 | ---- | C] () -- C:\Users\sHaXx\Desktop\datas [2012.09.04 01:59:03 | 000,007,277 | ---- | C] () -- C:\Users\sHaXx\Documents\Logs.dat [2012.09.02 01:30:19 | 000,000,202 | ---- | C] () -- C:\Users\sHaXx\Desktop\War of the Immortals.url [2012.09.02 00:23:31 | 000,000,219 | ---- | C] () -- C:\Users\sHaXx\Desktop\Counter-Strike Source Beta.url [2012.09.01 15:42:10 | 000,000,987 | ---- | C] () -- C:\Users\sHaXx\Desktop\Crypter.lnk [2012.09.01 14:27:19 | 000,001,871 | ---- | C] () -- C:\Users\sHaXx\Desktop\Executable File Icons Changer.lnk [2012.09.01 14:27:19 | 000,000,022 | ---- | C] () -- C:\Windows\SysWow64\mseixml.sei [2012.09.01 14:27:19 | 000,000,022 | ---- | C] () -- C:\Windows\mseixml.sei [2012.09.01 14:27:19 | 000,000,002 | ---- | C] () -- C:\Users\sHaXx\Documents\eisavedicon.bmp [2012.09.01 14:19:20 | 000,001,086 | ---- | C] () -- C:\Users\sHaXx\Desktop\Sib Icon Extractor.lnk [2012.08.29 02:37:09 | 000,000,219 | ---- | C] () -- C:\Users\sHaXx\Desktop\Counter-Strike Global Offensive.url [2012.08.29 02:37:09 | 000,000,216 | ---- | C] () -- C:\Users\sHaXx\Desktop\Counter-Strike Global Offensive - SDK.url [2012.08.26 15:25:24 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.08.26 15:25:24 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.07.09 00:28:52 | 000,282,696 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.07.09 00:28:46 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.07.09 00:28:45 | 003,166,792 | ---- | C] () -- C:\Windows\SysWow64\PBSVC.EXE [2012.07.03 23:05:56 | 001,277,976 | ---- | C] () -- C:\Program Files (x86)\fotoflo.jpg [2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.05.23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.05.23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.05.23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.05.23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.03.14 19:04:44 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.03.09 06:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.03.09 06:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.12.26 21:03:22 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2011.12.26 21:03:22 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2011.12.26 20:17:26 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe [2011.12.26 18:41:56 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.12.26 01:55:37 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2006.01.29 20:15:38 | 000,149,932 | -H-- | C] () -- C:\Users\sHaXx\AppData\Roaming\sHaXxlog.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini ========== LOP Check ========== [2012.03.05 22:59:08 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\Babylon [2011.12.29 17:02:16 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\DesktopIconForAmazon [2012.09.01 03:12:40 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\DVDVideoSoft [2012.09.01 03:12:37 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\DVDVideoSoftIEHelpers [2012.03.05 20:55:18 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\FileZilla [2012.03.12 09:52:55 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\HLSW [2012.09.01 04:04:46 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\ICQ [2012.02.22 11:24:57 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\Leadertech [2012.02.24 02:11:35 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\LolClient [2012.06.17 15:42:05 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\LolClient2 [2012.08.14 12:55:43 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\Motorola [2012.08.14 12:57:38 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\Motorola Mobility [2011.12.29 17:07:19 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\OCS [2011.12.29 17:07:15 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\Opera [2012.09.13 14:39:07 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\Process Hacker 2 [2012.04.23 23:49:45 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\Publish Providers [2012.06.30 01:58:06 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\Samsung [2012.06.03 04:11:00 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\Screaming Bee [2012.09.19 16:05:46 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\Simply Super Software [2012.04.23 23:49:41 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\Sony [2012.04.22 22:07:15 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\TeamViewer [2012.02.18 01:02:34 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\Teeworlds [2012.09.19 16:52:00 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\TS3Client [2012.01.18 10:28:36 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\TuneUp Software [2012.07.09 01:12:42 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\Ubisoft [2012.08.12 12:42:25 | 000,000,000 | ---D | M] -- C:\Users\sHaXx\AppData\Roaming\Youtube Downloader HD ========== Purity Check ========== < End of report > |
20.09.2012, 16:04 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Fud Trojaner aufn Pc Du hast ja auch Malwarebytes installiert! Davon möchte ich auch alle Logs sehen! Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ --> Fud Trojaner aufn Pc |
20.09.2012, 16:28 | #7 |
| Fud Trojaner aufn Pc Malwarebytes Anti-Malware (PRO) 1.65.0.1400 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.09.18.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 sHaXx :: SHAXX-PC [Administrator] Schutz: Deaktiviert 19.09.2012 17:03:52 mbam-log-2012-09-19 (17-03-52).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 197670 Laufzeit: 1 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\sHaXx\AppData\Local\Temp\upnp.exe (Backdoor.Daromec) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) alwarebytes Anti-Malware (PRO) 1.65.0.1400 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.09.19.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 sHaXx :: SHAXX-PC [Administrator] Schutz: Aktiviert 20.09.2012 17:40:37 mbam-log-2012-09-20 (17-42-43).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P Deaktivierte Suchlaufeinstellungen: Durchsuchte Objekte: 198122 Laufzeit: 1 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\sHaXx\AppData\Local\Temp\upnp.exe (Backdoor.Daromec) -> Keine Aktion durchgeführt. (Ende) sry das ist der richtige er bekommt denn virus immer und immer wieder |
20.09.2012, 20:12 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Fud Trojaner aufn Pc Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen! Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Fud Trojaner aufn Pc |
bitte um hilfe, entferne, entfernen, formatiere, formatieren, großes, hacker, heulen, ich habe ein virus, lösung, problem, troja, trojaner, virus |