| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Snap.do TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.03.2013, 11:40
| #1 |
 |  Snap.do Trojaner Hallo zusammen, wieder habe ich mir ein Trojaner eingefangen, diesmal den Snap.do. Habe den ADWCleaner schon drüber laufen lassen, aber das Ding ist immer noch da. BS ist Windows 7, als Startseite beim Mozilla ist google eingetragen. Bitte um Hilfe und Anleitung wie ich das Teil entfernt bekomme. AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.114 - Datei am 16/03/2013 um 13:28:07 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Familie - FAMILIE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Familie\Downloads\AdwCleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Familie\AppData\Roaming\Mozilla\Firefox\Profiles\5p2kkb4x.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gelöscht : C:\Users\Familie\AppData\Roaming\Mozilla\Firefox\Profiles\5p2kkb4x.default\searchplugins\Web Search.xml
Ordner Gelöscht : C:\Program Files (x86)\Optimizer Pro
Ordner Gelöscht : C:\Program Files (x86)\Perion
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\Program Files (x86)\sweetpacks bundle uninstaller
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\Users\Familie\AppData\Local\Smartbar
Ordner Gelöscht : C:\Users\Familie\AppData\Local\Temp\Smartbar
Ordner Gelöscht : C:\Users\Familie\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\SmartbarBackup
Schlüssel Gelöscht : HKCU\Software\SmartbarLog
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\B3FE01107D5856345B58C425C1AF0946
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\B3FE01107D5856345B58C425C1AF0946
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_2_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_2_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0110EF3B-85D7-4365-B585-4C521CFA9064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16470
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=b50dec5c-a680-49e7-92ab-90312fa3caf9&searchtype=ds&q={searchTerms}&installDate=01/01/1970 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=b50dec5c-a680-49e7-92ab-90312fa3caf9&searchtype=ds&q={searchTerms}&installDate=01/01/1970 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=b50dec5c-a680-49e7-92ab-90312fa3caf9&searchtype=ds&q={searchTerms}&installDate=01/01/1970 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=b50dec5c-a680-49e7-92ab-90312fa3caf9&searchtype=ds&q={searchTerms}&installDate=01/01/1970 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010006.10031 --> hxxp://www.google.com
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\Familie\AppData\Roaming\Mozilla\Firefox\Profiles\5p2kkb4x.default\prefs.js
Gelöscht : user_pref("browser.newtab.url", "hxxp://feed.snap.do/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=b5[...]
Gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
Gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Gelöscht : user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=b50dec5c-[...]
*************************
AdwCleaner[R1].txt - [10472 octets] - [16/03/2013 13:27:29]
AdwCleaner[S1].txt - [10361 octets] - [16/03/2013 13:28:07]
########## EOF - C:\AdwCleaner[S1].txt - [10422 octets] ##########[/HTML]
Hier die LogDatei von Maleware: HTML-Code: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.15.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Familie :: FAMILIE-PC [Administrator] 17.03.2013 12:21:27 mbam-log-2013-03-17 (12-21-27).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 257248 Laufzeit: 5 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Familie\AppData\Local\Temp\pricepeep_130001_1001.exe (Adware.Shopper) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
17.03.2013, 12:51
| #2 |
| /// Helfer-Team  | Snap.do Trojaner Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
danach: Systemscan mit OTL (bebilderte Anleitung) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
__________________ |
|
17.03.2013, 20:42
| #3 |
| | Snap.do TrojanerHTML-Code: Abbildname PID Module
========================= ======== ============================================
System Idle Process 0 Nicht zutreffend
System 4 Nicht zutreffend
smss.exe 404 Nicht zutreffend
csrss.exe 596 ntdll.dll, csrsrv.dll, basesrv.dll,
winsrv.dll, user32.dll, gdi32.dll,
kernel32.dll, kernelbase.dll, lpk.dll,
usp10.dll, msvcrt.dll, sxssrv.dll, sxs.dll,
rpcrt4.dll, cryptbase.dll, advapi32.dll,
sechost.dll
wininit.exe 672 ntdll.dll, kernel32.dll, kernelbase.dll,
user32.dll, gdi32.dll, lpk.dll, usp10.dll,
msvcrt.dll, rpcrt4.dll, sechost.dll,
profapi.dll, imm32.dll, msctf.dll,
nvinitx.dll, advapi32.dll, rpcrtremote.dll,
apphelp.dll, cryptbase.dll, ws2_32.dll,
nsi.dll, mswsock.dll, wshtcpip.dll,
wship6.dll, secur32.dll, sspicli.dll,
credssp.dll
csrss.exe 688 ntdll.dll, csrsrv.dll, basesrv.dll,
winsrv.dll, user32.dll, gdi32.dll,
kernel32.dll, kernelbase.dll, lpk.dll,
usp10.dll, msvcrt.dll, sxssrv.dll, sxs.dll,
rpcrt4.dll, cryptbase.dll, advapi32.dll,
sechost.dll
services.exe 736 ntdll.dll, kernel32.dll, kernelbase.dll,
msvcrt.dll, rpcrt4.dll, sspicli.dll,
profapi.dll, sechost.dll, cryptbase.dll,
scext.dll, user32.dll, gdi32.dll, lpk.dll,
usp10.dll, secur32.dll, scesrv.dll,
srvcli.dll, imm32.dll, msctf.dll,
nvinitx.dll, advapi32.dll, rpcrtremote.dll,
credssp.dll, authz.dll, ubpm.dll,
apphelp.dll, wtsapi32.dll, winsta.dll,
ws2_32.dll, nsi.dll, mswsock.dll,
wshtcpip.dll, wship6.dll
lsass.exe 748 ntdll.dll, kernel32.dll, kernelbase.dll,
msvcrt.dll, rpcrt4.dll, sspisrv.dll,
lsasrv.dll, sechost.dll, sspicli.dll,
advapi32.dll, user32.dll, gdi32.dll,
lpk.dll, usp10.dll, samsrv.dll,
cryptdll.dll, msasn1.dll, wevtapi.dll,
imm32.dll, msctf.dll, nvinitx.dll,
cngaudit.dll, authz.dll, ncrypt.dll,
bcrypt.dll, msprivs.dll, netjoin.dll,
negoexts.dll, secur32.dll, cryptbase.dll,
kerberos.dll, cryptsp.dll, ws2_32.dll,
nsi.dll, mswsock.dll, wship6.dll,
msv1_0.dll, netlogon.dll, dnsapi.dll,
logoncli.dll, schannel.dll, crypt32.dll,
wdigest.dll, rsaenh.dll, tspkg.dll,
pku2u.dll, livessp.dll, psapi.dll,
shlwapi.dll, bcryptprimitives.dll,
rpcrtremote.dll, efslsaext.dll, scecli.dll,
credssp.dll, winsta.dll, keyiso.dll,
iphlpapi.dll, winnsi.dll, netutils.dll,
userenv.dll, profapi.dll, wshtcpip.dll,
efssvc.dll, efscore.dll, efsutil.dll,
slc.dll, gpapi.dll, wtsapi32.dll,
dssenh.dll, cryptnet.dll, wldap32.dll,
mpr.dll
lsm.exe 756 ntdll.dll, kernel32.dll, kernelbase.dll,
msvcrt.dll, sechost.dll, rpcrt4.dll,
sysntfy.dll, wmsgapi.dll, cryptbase.dll,
pcwum.dll, rpcrtremote.dll, secur32.dll,
sspicli.dll, credssp.dll, advapi32.dll
winlogon.exe 808 ntdll.dll, kernel32.dll, kernelbase.dll,
user32.dll, gdi32.dll, lpk.dll, usp10.dll,
msvcrt.dll, winsta.dll, rpcrt4.dll,
imm32.dll, msctf.dll, nvinitx.dll,
advapi32.dll, sechost.dll, profapi.dll,
rpcrtremote.dll, apphelp.dll, uxinit.dll,
uxtheme.dll, cryptsp.dll, rsaenh.dll,
cryptbase.dll, windowscodecs.dll,
ole32.dll, wkscli.dll, netjoin.dll,
netutils.dll, sspicli.dll, slc.dll,
mpr.dll, authz.dll
svchost.exe 912 ntdll.dll, kernel32.dll, kernelbase.dll,
msvcrt.dll, sechost.dll, rpcrt4.dll,
umpnpmgr.dll, spinf.dll, user32.dll,
gdi32.dll, lpk.dll, usp10.dll, devrtl.dll,
imm32.dll, msctf.dll, nvinitx.dll,
advapi32.dll, rpcrtremote.dll, userenv.dll,
profapi.dll, gpapi.dll, cryptbase.dll,
umpo.dll, winsta.dll, setupapi.dll,
cfgmgr32.dll, oleaut32.dll, ole32.dll,
devobj.dll, pcwum.dll, rpcss.dll,
sspicli.dll, credssp.dll, clbcatq.dll,
apphelp.dll, ntmarta.dll, wldap32.dll,
wmidcprv.dll, fastprox.dll, wbemcomn.dll,
ws2_32.dll, nsi.dll, ntdsapi.dll,
wbemprox.dll, cryptsp.dll, rsaenh.dll,
wbemsvc.dll, wmiutils.dll, wintrust.dll,
crypt32.dll, msasn1.dll, wtsapi32.dll
nvvsvc.exe 996 ntdll.dll, kernel32.dll, kernelbase.dll,
rpcrt4.dll, wtsapi32.dll, msvcrt.dll,
shlwapi.dll, gdi32.dll, user32.dll,
lpk.dll, usp10.dll, userenv.dll,
profapi.dll, setupapi.dll, cfgmgr32.dll,
advapi32.dll, sechost.dll, oleaut32.dll,
ole32.dll, devobj.dll, imm32.dll,
msctf.dll, nvinitx.dll, cryptbase.dll,
shell32.dll, clbcatq.dll, cryptsp.dll,
rsaenh.dll, rpcrtremote.dll, apphelp.dll,
nvxdbat.dll, winsta.dll, wintrust.dll,
crypt32.dll, msasn1.dll
svchost.exe 124 ntdll.dll, kernel32.dll, kernelbase.dll,
msvcrt.dll, sechost.dll, rpcrt4.dll,
rpcepmap.dll, rpcrtremote.dll, secur32.dll,
sspicli.dll, credssp.dll, cryptbase.dll,
rpcss.dll, advapi32.dll, cryptsp.dll,
rsaenh.dll, ws2_32.dll, nsi.dll,
mswsock.dll, user32.dll, gdi32.dll,
lpk.dll, usp10.dll, imm32.dll, msctf.dll,
nvinitx.dll, wshtcpip.dll, wship6.dll,
firewallapi.dll, version.dll, clbcatq.dll,
ole32.dll, oleaut32.dll, fwpuclnt.dll,
wtsapi32.dll, winsta.dll, msi.dll,
shlwapi.dll, msiltcfg.dll, sfc.dll,
sfc_os.dll, sxs.dll
svchost.exe 628 ntdll.dll, kernel32.dll, kernelbase.dll,
msvcrt.dll, sechost.dll, rpcrt4.dll,
ole32.dll, gdi32.dll, user32.dll, lpk.dll,
usp10.dll, imm32.dll, msctf.dll,
nvinitx.dll, advapi32.dll, cryptbase.dll,
wevtsvc.dll, rpcrtremote.dll, secur32.dll,
sspicli.dll, credssp.dll, ws2_32.dll,
nsi.dll, mswsock.dll, wshtcpip.dll,
wship6.dll, gpapi.dll, ntmarta.dll,
wldap32.dll, audiosrv.dll, powrprof.dll,
setupapi.dll, cfgmgr32.dll, oleaut32.dll,
devobj.dll, mmdevapi.dll, propsys.dll,
avrt.dll, clbcatq.dll, lmhsvc.dll,
iphlpapi.dll, winnsi.dll, nrpsrv.dll,
dhcpcore.dll, dnsapi.dll, firewallapi.dll,
version.dll, dhcpcore6.dll, winsta.dll,
dhcpcsvc.dll, dhcpcsvc6.dll, shlwapi.dll,
cryptsp.dll, rsaenh.dll, audioses.dll,
provsvc.dll, npmproxy.dll, fundisc.dll,
atl.dll, msxml6.dll, fdproxy.dll,
actxprxy.dll, ieproxy.dll, p2p.dll,
p2pcollab.dll, shell32.dll, pnrpnsp.dll,
xmllite.dll, crypt32.dll, msasn1.dll,
userenv.dll, profapi.dll, wscsvc.dll,
dbghelp.dll, wbemprox.dll, wbemcomn.dll,
wbemsvc.dll, fastprox.dll, ntdsapi.dll,
wintrust.dll, imagehlp.dll, ncrypt.dll,
bcrypt.dll, bcryptprimitives.dll,
wuapi.dll, cabinet.dll, wkscli.dll,
netutils.dll, rtkapo64.dll, audioeng.dll,
r4eel64a.dll, r4eed64a.dll, rasadhlp.dll
svchost.exe 728 ntdll.dll, kernel32.dll, kernelbase.dll,
msvcrt.dll, sechost.dll, rpcrt4.dll,
ole32.dll, gdi32.dll, user32.dll, lpk.dll,
usp10.dll, imm32.dll, msctf.dll,
nvinitx.dll, advapi32.dll, cryptbase.dll,
audiosrv.dll, powrprof.dll, setupapi.dll,
cfgmgr32.dll, oleaut32.dll, devobj.dll,
mmdevapi.dll, propsys.dll, avrt.dll,
clbcatq.dll, shlwapi.dll, uxsms.dll,
wtsapi32.dll, winsta.dll, wlansvc.dll,
crypt32.dll, msasn1.dll, bcrypt.dll,
dsrole.dll, shell32.dll, wlanmsm.dll,
wlansec.dll, ws2_32.dll, nsi.dll, onex.dll,
eappprxy.dll, authz.dll, dhcpcsvc.dll,
iphlpapi.dll, winnsi.dll, eappcfg.dll,
wlgpclnt.dll, l2gpstore.dll, wlanutil.dll,
sysntfy.dll, winscard.dll, msxml6.dll,
cryptsp.dll, rsaenh.dll, rpcrtremote.dll,
secur32.dll, sspicli.dll, credssp.dll,
kerberos.dll, cryptdll.dll, wintrust.dll,
apphelp.dll, userenv.dll, profapi.dll,
netcfgx.dll, devrtl.dll, pcasvc.dll,
aepic.dll, sfc.dll, sfc_os.dll,
version.dll, wevtapi.dll, sysmain.dll,
ntmarta.dll, wldap32.dll, trkwks.dll,
hidserv.dll, hid.dll, gpapi.dll,
portabledeviceapi.dll,
portabledeviceconnectapi.dll, netman.dll,
netshell.dll, nlaapi.dll, rasdlg.dll,
mprapi.dll, rasapi32.dll, rasman.dll,
rtutils.dll, hnetcfg.dll, atl.dll, slc.dll,
wbemprox.dll, wbemcomn.dll, wbemsvc.dll,
fastprox.dll, ntdsapi.dll, listsvc.dll,
firewallapi.dll, actxprxy.dll,
idlisten.dll, xmllite.dll, netapi32.dll,
netutils.dll, srvcli.dll, wkscli.dll,
samcli.dll, ncrypt.dll, hgprint.dll,
winspool.drv, samlib.dll, shacct.dll,
comctl32.dll, cscapi.dll, comctl32.dll,
bcryptprimitives.dll, wdi.dll, pcadm.dll
svchost.exe 492 ntdll.dll, kernel32.dll, kernelbase.dll,
msvcrt.dll, sechost.dll, rpcrt4.dll,
ole32.dll, gdi32.dll, user32.dll, lpk.dll,
usp10.dll, imm32.dll, msctf.dll,
nvinitx.dll, advapi32.dll, cryptbase.dll,
gpsvc.dll, gpapi.dll, wldap32.dll,
secur32.dll, sspicli.dll, nsi.dll,
sysntfy.dll, nlaapi.dll, profsvc.dll,
oleaut32.dll, userenv.dll, profapi.dll,
shlwapi.dll, atl.dll, rpcrtremote.dll,
themeservice.dll, clbcatq.dll, winsta.dll,
cryptsp.dll, dsrole.dll, slc.dll,
rsaenh.dll, sens.dll, ws2_32.dll,
eapsvc.dll, eapphost.dll, crypt32.dll,
msasn1.dll, umb.dll, samlib.dll,
uxtheme.dll, ntmarta.dll, shsvcs.dll,
cfgmgr32.dll, schedsvc.dll, pcwum.dll,
shell32.dll, netapi32.dll, netutils.dll,
srvcli.dll, wkscli.dll, wevtapi.dll,
authz.dll, ubpm.dll, ktmw32.dll,
xmllite.dll, setupapi.dll, devobj.dll,
credssp.dll, wintrust.dll, taskcomp.dll,
fveapi.dll, tbs.dll, fvecerts.dll,
logoncli.dll, wiarpc.dll, wtsapi32.dll,
sxs.dll, version.dll, mswsock.dll,
wshtcpip.dll, wship6.dll, netjoin.dll,
apphelp.dll, comctl32.dll, propsys.dll,
ikeext.dll, fwpuclnt.dll, ncrypt.dll,
bcrypt.dll, bcryptprimitives.dll,
iphlpapi.dll, winnsi.dll, dhcpcsvc.dll,
dhcpcsvc6.dll, wmisvc.dll, wbemcomn.dll,
vssapi.dll, vsstrace.dll, samcli.dll,
wbemcore.dll, esscli.dll, fastprox.dll,
ntdsapi.dll, wbemsvc.dll, wmiutils.dll,
repdrvfs.dll, wmiprvsd.dll, ncobjapi.dll,
wbemess.dll, iphlpsvc.dll, firewallapi.dll,
rtutils.dll, sqmapi.dll, wdscore.dll,
hnetcfg.dll, devrtl.dll, wbemprox.dll,
netprofm.dll, nci.dll, ncprov.dll,
srvsvc.dll, browser.dll, sscore.dll,
clusapi.dll, cryptdll.dll, resutils.dll,
winspool.drv, dnsapi.dll, wlidnsp.dll,
psapi.dll, mdnsnsp.dll, rasadhlp.dll,
appinfo.dll, npmproxy.dll, spinf.dll,
spfileq.dll, upnp.dll, winhttp.dll,
webio.dll, ssdpapi.dll, msxml3.dll,
urlmon.dll, iertutil.dll, wininet.dll,
normaliz.dll, netshell.dll, rasapi32.dll,
rasman.dll, wuaueng.dll, esent.dll,
cabinet.dll, mspatcha.dll, wmsgapi.dll,
qmgr.dll, bitsperf.dll, bitsigd.dll,
wer.dll, dssenh.dll, schannel.dll,
cryptnet.dll, msi.dll, advpack.dll,
mpr.dll, sensapi.dll, seclogon.dll,
tschannel.dll, actxprxy.dll, netcfgx.dll,
ndiscapcfg.dll, rascfg.dll, mprapi.dll,
tcpipcfg.dll, mmcss.dll, avrt.dll,
vss_ps.dll, aelupsvc.dll
svchost.exe 1152 ntdll.dll, kernel32.dll, kernelbase.dll,
msvcrt.dll, sechost.dll, rpcrt4.dll,
ole32.dll, gdi32.dll, user32.dll, lpk.dll,
usp10.dll, imm32.dll, msctf.dll,
nvinitx.dll, advapi32.dll, cryptbase.dll,
es.dll, oleaut32.dll, cryptsp.dll,
rsaenh.dll, rpcrtremote.dll, clbcatq.dll,
nsisvc.dll, nsi.dll, sxs.dll, netprofm.dll,
nlaapi.dll, npmproxy.dll, ws2_32.dll,
iphlpapi.dll, winnsi.dll, gpapi.dll,
winhttp.dll, webio.dll, wdi.dll,
shlwapi.dll, sspicli.dll, credssp.dll,
dnsapi.dll, perftrack.dll, wer.dll,
dwmapi.dll, secur32.dll, aepic.dll,
sfc.dll, sfc_os.dll, version.dll,
napinsp.dll, pnrpnsp.dll, mswsock.dll,
winrnr.dll, wlidnsp.dll, psapi.dll,
mdnsnsp.dll, wshbth.dll, wshtcpip.dll,
wship6.dll, rasadhlp.dll, fwpuclnt.dll,
dhcpcsvc.dll, dhcpcsvc6.dll, fdphost.dll,
fdwsd.dll, atl.dll, bcrypt.dll,
crypt32.dll, msasn1.dll, mlang.dll,
wsdapi.dll, webservices.dll,
firewallapi.dll, fdssdp.dll, ssdpapi.dll,
fdproxy.dll, bcryptprimitives.dll,
xmllite.dll, fundisc.dll, msxml6.dll,
propsys.dll, ieproxy.dll, w32time.dll,
logoncli.dll, cryptdll.dll, userenv.dll,
profapi.dll, dsrole.dll
svchost.exe 1228 ntdll.dll, kernel32.dll, kernelbase.dll,
msvcrt.dll, sechost.dll, rpcrt4.dll,
ole32.dll, gdi32.dll, user32.dll, lpk.dll,
usp10.dll, imm32.dll, msctf.dll,
nvinitx.dll, advapi32.dll, cryptbase.dll,
ws2_32.dll, nsi.dll, dnsapi.dll,
winnsi.dll, fwpuclnt.dll, userenv.dll,
profapi.dll, rpcrtremote.dll, mswsock.dll,
wship6.dll, iphlpapi.dll, dhcpcsvc.dll,
dhcpcsvc6.dll, gpapi.dll, wshtcpip.dll,
wkssvc.dll, netutils.dll, netjoin.dll,
sspicli.dll, cryptsvc.dll, cryptnet.dll,
crypt32.dll, msasn1.dll, wldap32.dll,
vssapi.dll, atl.dll, vsstrace.dll,
oleaut32.dll, samcli.dll, samlib.dll,
cryptsp.dll, rsaenh.dll, clbcatq.dll,
es.dll, propsys.dll, nlasvc.dll,
wevtapi.dll, ncsi.dll, winhttp.dll,
webio.dll, cfgmgr32.dll, secur32.dll,
credssp.dll, ssdpapi.dll, wkscli.dll,
bcrypt.dll, bcryptprimitives.dll,
wtsapi32.dll, winsta.dll, shlwapi.dll,
wlidnsp.dll, psapi.dll, mdnsnsp.dll,
rasadhlp.dll, esent.dll, sensapi.dll,
ncrypt.dll, cabinet.dll, devrtl.dll,
sxs.dll, vss_ps.dll, msxml3.dll,
dnsrslvr.dll, dnsext.dll
AvastSvc.exe 1300 ntdll.dll, wow64.dll, wow64win.dll,
wow64cpu.dll
wlanext.exe 1308 ntdll.dll, kernel32.dll, kernelbase.dll,
advapi32.dll, msvcrt.dll, sechost.dll,
rpcrt4.dll, user32.dll, gdi32.dll, lpk.dll,
usp10.dll, crypt32.dll, msasn1.dll,
imm32.dll, msctf.dll, nvinitx.dll,
cryptbase.dll, rpcrtremote.dll,
secur32.dll, sspicli.dll, credssp.dll,
iwmssvc.dll, setupapi.dll, cfgmgr32.dll,
oleaut32.dll, ole32.dll, devobj.dll,
iphlpapi.dll, nsi.dll, winnsi.dll,
ws2_32.dll, wtsapi32.dll, wintrust.dll,
comdlg32.dll, shlwapi.dll, comctl32.dll,
shell32.dll, winspool.drv, psapi.dll,
wlanapi.dll, wlanutil.dll, libeay32.dll,
wsock32.dll, psregapi.dll, traceapi.dll,
oleacc.dll, ccxplugin.dll, xmllite.dll,
cryptsp.dll, rsaenh.dll, imagehlp.dll,
ncrypt.dll, bcrypt.dll,
bcryptprimitives.dll, userenv.dll,
profapi.dll, gpapi.dll, IHVWPSPlugin.dll,
P2PSupplicantPlugin.dll,
PanAuthenticator.dll, winsta.dll,
dhcpcsvc.dll, clbcatq.dll, netcfgx.dll,
devrtl.dll, spinf.dll, dnsapi.dll,
dhcpcsvc6.dll, mswsock.dll, iwmsprov.dll,
intstngs.dll, netshell.dll, nlaapi.dll,
P2PSupplicant.dll, hnetcfg.dll, atl.dll,
slc.dll, wbemprox.dll, wbemcomn.dll,
wbemsvc.dll, fastprox.dll, ntdsapi.dll
conhost.exe 1316 ntdll.dll, kernel32.dll, kernelbase.dll,
gdi32.dll, user32.dll, lpk.dll, usp10.dll,
msvcrt.dll, imm32.dll, msctf.dll,
ole32.dll, rpcrt4.dll, oleaut32.dll,
nvinitx.dll, advapi32.dll, sechost.dll
afwServ.exe 1404 ntdll.dll, wow64.dll, wow64win.dll,
wow64cpu.dll
NvXDSync.exe 1432 ntdll.dll, kernel32.dll, kernelbase.dll,
rpcrt4.dll, shlwapi.dll, gdi32.dll,
user32.dll, lpk.dll, usp10.dll, msvcrt.dll,
advapi32.dll, sechost.dll, ole32.dll,
oleaut32.dll, imm32.dll, msctf.dll,
nvinitx.dll, cryptbase.dll, clbcatq.dll,
cryptsp.dll, rsaenh.dll, rpcrtremote.dll,
nvxdapix.dll, nvui.dll, gdiplus.dll,
version.dll, wtsapi32.dll, msimg32.dll,
winspool.drv, dwmapi.dll, winsta.dll,
comctl32.dll, nvumdshimx.dll, setupapi.dll,
cfgmgr32.dll, devobj.dll, nvapi64.dll,
shell32.dll, uxtheme.dll, wintrust.dll,
crypt32.dll, msasn1.dll, nvxdbat.dll,
profapi.dll, apphelp.dll
nvvsvc.exe 1448 ntdll.dll, kernel32.dll, kernelbase.dll,
rpcrt4.dll, wtsapi32.dll, msvcrt.dll,
shlwapi.dll, gdi32.dll, user32.dll,
lpk.dll, usp10.dll, userenv.dll,
profapi.dll, setupapi.dll, cfgmgr32.dll,
advapi32.dll, sechost.dll, oleaut32.dll,
ole32.dll, devobj.dll, imm32.dll,
msctf.dll, nvinitx.dll, cryptbase.dll,
shell32.dll, nvsvc64.dll, mscms.dll,
version.dll, winmm.dll, comctl32.dll,
msimg32.dll, powrprof.dll, psapi.dll,
dwmapi.dll, comdlg32.dll, nvapi64.dll,
wintrust.dll, crypt32.dll, msasn1.dll,
nvsvcr.dll, uxtheme.dll, clbcatq.dll,
cryptsp.dll, rsaenh.dll, rpcrtremote.dll,
winsta.dll, sspicli.dll, nvxdbat.dll,
nvxdplcy.dll, apphelp.dll, dxtrans.dll,
atl.dll, urlmon.dll, iertutil.dll,
wininet.dll, normaliz.dll, imgutil.dll,
ddrawex.dll, ddraw.dll, dciman32.dll,
pngfilt.dll
dwm.exe 1836 ntdll.dll, kernel32.dll, kernelbase.dll,
gdi32.dll, user32.dll, lpk.dll, usp10.dll,
msvcrt.dll, uxtheme.dll, imm32.dll,
msctf.dll, dwmredir.dll, dwmcore.dll,
advapi32.dll, sechost.dll, rpcrt4.dll,
windowscodecs.dll, ole32.dll, d3d10_1.dll,
d3d10_1core.dll, dxgi.dll, version.dll,
dwmapi.dll, psapi.dll, nvinitx.dll,
wintrust.dll, crypt32.dll, msasn1.dll,
igd10umd64.dll, d3dx10_40.dll, udwm.dll,
slc.dll
explorer.exe 1860 ntdll.dll, kernel32.dll, kernelbase.dll,
advapi32.dll, msvcrt.dll, sechost.dll,
rpcrt4.dll, gdi32.dll, user32.dll, lpk.dll,
usp10.dll, shlwapi.dll, shell32.dll,
ole32.dll, oleaut32.dll, explorerframe.dll,
duser.dll, dui70.dll, imm32.dll, msctf.dll,
uxtheme.dll, powrprof.dll, setupapi.dll,
cfgmgr32.dll, devobj.dll, dwmapi.dll,
slc.dll, gdiplus.dll, secur32.dll,
sspicli.dll, propsys.dll, nvinitx.dll,
winsta.dll, cryptbase.dll, comctl32.dll,
windowscodecs.dll, profapi.dll,
apphelp.dll, clbcatq.dll, ashsha64.dll,
msi.dll, ehstorshell.dll, grooveex.dll,
msvcr90.dll, msvcp90.dll, atl90.dll,
office.odf, GrooveIntlResource.dll,
ntshrui.dll, srvcli.dll, cscapi.dll,
iconcodecservice.dll, cryptsp.dll,
rsaenh.dll, rpcrtremote.dll, sndvolsso.dll,
hid.dll, mmdevapi.dll, timedate.cpl,
atl.dll, actxprxy.dll, ntmarta.dll,
wldap32.dll, shdocvw.dll, msiltcfg.dll,
version.dll, linkinfo.dll, samlib.dll,
samcli.dll, netutils.dll, xmllite.dll,
msls31.dll, gameux.dll, crypt32.dll,
msasn1.dll, wer.dll, tiptsf.dll,
authui.dll, cryptui.dll, urlmon.dll,
iertutil.dll, wininet.dll, normaliz.dll,
searchfolder.dll, structuredquery.dll,
psapi.dll, winmm.dll, wdmaud.drv,
ksuser.dll, avrt.dll, audioses.dll,
msacm32.drv, msacm32.dll, midimap.dll,
stobject.dll, batmeter.dll, wtsapi32.dll,
wintrust.dll, mscoree.dll, mscoreei.dll,
fusion.dll, clr.dll, msvcr100_clr0400.dll,
es.dll, prnfldr.dll, winspool.drv, dxp.dll,
syncreg.dll, ehsso.dll, netshell.dll,
iphlpapi.dll, nsi.dll, winnsi.dll,
nlaapi.dll, alttab.dll,
wpdshserviceobj.dll, pnidui.dll, qutil.dll,
wevtapi.dll, portabledevicetypes.dll,
portabledeviceapi.dll, dhcpcsvc.dll,
ws2_32.dll, dhcpcsvc6.dll, mssprxy.dll,
credssp.dll, srchadmin.dll, userenv.dll,
npmproxy.dll, sxs.dll, synccenter.dll,
actioncenter.dll, imapi2.dll, hgcpl.dll,
provsvc.dll, wlanapi.dll, wlanutil.dll,
wwanapi.dll, wwapi.dll, fxsst.dll,
fxsapi.dll, fxsresm.dll, qagent.dll,
bthprops.cpl, wkscli.dll, uianimation.dll,
wscinterop.dll, wscapi.dll, wscui.cpl,
werconcpl.dll, framedynos.dll,
wercplsupport.dll, msxml6.dll,
hcproviders.dll, ieproxy.dll, devrtl.dll,
mpr.dll, msftedit.dll, msxml3.dll,
ieframe.dll, oleacc.dll,
naturallanguage6.dll, nlsdata0007.dll,
nlslexicons0007.dll, thumbcache.dll,
networkexplorer.dll, firewallapi.dll,
dfscli.dll, browcli.dll, mswsock.dll,
dnsapi.dll, rasadhlp.dll, twext.dll,
shfusion.dll, msvcr80.dll, culture.dll,
mlang.dll, igfxrdeu.lrc, rasapi32.dll,
rasman.dll, rtutils.dll, sensapi.dll,
fms.dll, inetcomm.dll, msoert2.dll,
inetres.dll, wshtcpip.dll, wship6.dll,
wlidnsp.dll, mdnsnsp.dll, fwpuclnt.dll,
windowscodecsext.dll, zipfldr.dll,
appwiz.cpl, osbaseln.dll, mscms.dll,
icm32.dll, imagehlp.dll, ncrypt.dll,
bcrypt.dll, bcryptprimitives.dll,
gpapi.dll, cryptnet.dll, ehstorapi.dll,
netprofm.dll, tquery.dll,
photometadatahandler.dll
spoolsv.exe 1928 ntdll.dll, kernel32.dll, kernelbase.dll,
msvcrt.dll, sechost.dll, rpcrt4.dll,
user32.dll, gdi32.dll, lpk.dll, usp10.dll,
powrprof.dll, setupapi.dll, cfgmgr32.dll,
advapi32.dll, oleaut32.dll, ole32.dll,
devobj.dll, dnsapi.dll, ws2_32.dll,
nsi.dll, imm32.dll, msctf.dll, nvinitx.dll,
cryptbase.dll, slc.dll, rpcrtremote.dll,
secur32.dll, sspicli.dll, credssp.dll,
iphlpapi.dll, winnsi.dll, mswsock.dll,
wshtcpip.dll, wship6.dll, wlidnsp.dll,
psapi.dll, shlwapi.dll, mdnsnsp.dll,
rasadhlp.dll, fwpuclnt.dll, clbcatq.dll,
umb.dll, atl.dll, wintrust.dll,
crypt32.dll, msasn1.dll, localspl.dll,
spoolss.dll, srvcli.dll, winspool.drv,
printisolationproxy.dll, ep0slm01.dll,
version.dll, fxsmon.dll, tcpmon.dll,
snmpapi.dll, wsnmp32.dll, msxml6.dll,
usbmon.dll, wls0wndh.dll, wsdmon.dll,
wsdapi.dll, webservices.dll,
firewallapi.dll, fundisc.dll, fdpnp.dll,
winprint.dll, userenv.dll, profapi.dll,
gpapi.dll, ep0npp01.dll, dsrole.dll,
win32spl.dll, devrtl.dll, spinf.dll,
inetpp.dll, cryptsp.dll, winsta.dll,
rsaenh.dll, cscapi.dll, netutils.dll,
browcli.dll, dhcpcsvc.dll, dhcpcsvc6.dll
svchost.exe 1460 ntdll.dll, snxhk64.dll, kernel32.dll,
kernelbase.dll, msvcrt.dll, sechost.dll,
rpcrt4.dll, ole32.dll, gdi32.dll,
user32.dll, lpk.dll, usp10.dll, imm32.dll,
msctf.dll, nvinitx.dll, advapi32.dll,
cryptbase.dll, bfe.dll, authz.dll, slc.dll,
sspicli.dll, pcwum.dll, rpcrtremote.dll,
mpssvc.dll, firewallapi.dll, version.dll,
fwpuclnt.dll, nsi.dll, cfgmgr32.dll,
shlwapi.dll, secur32.dll, credssp.dll,
userenv.dll, profapi.dll, gpapi.dll,
ws2_32.dll, iphlpapi.dll, winnsi.dll,
dhcpcsvc.dll, dhcpcsvc6.dll, wfapigp.dll,
ntmarta.dll, wldap32.dll, mswsock.dll,
wship6.dll, wshtcpip.dll, dps.dll,
oleaut32.dll, clbcatq.dll, taskschd.dll,
bcrypt.dll, netprofm.dll, nlaapi.dll,
cryptsp.dll, rsaenh.dll, npmproxy.dll,
wdi.dll, radardt.dll, wtsapi32.dll,
wdiasqmmodule.dll, winsta.dll,
setupapi.dll, devobj.dll, wintrust.dll,
crypt32.dll, msasn1.dll, diagperf.dll,
pots.dll, tdh.dll
taskhost.exe 2136 ntdll.dll, snxhk64.dll, kernel32.dll,
kernelbase.dll, msvcrt.dll, ole32.dll,
gdi32.dll, user32.dll, lpk.dll, usp10.dll,
rpcrt4.dll, oleaut32.dll, imm32.dll,
msctf.dll, nvinitx.dll, advapi32.dll,
sechost.dll, cryptbase.dll, uxtheme.dll,
dwmapi.dll, clbcatq.dll, playsndsrv.dll,
rpcrtremote.dll, msctfmonitor.dll,
msutb.dll, winsta.dll, wtsapi32.dll,
hotstartuseragent.dll, slc.dll, winmm.dll,
dimsjob.dll, shlwapi.dll, taskschd.dll,
sspicli.dll, netprofm.dll, nsi.dll,
nlaapi.dll, cryptsp.dll, rsaenh.dll,
npmproxy.dll, dsrole.dll, mmdevapi.dll,
propsys.dll, wdmaud.drv, ksuser.dll,
avrt.dll, setupapi.dll, cfgmgr32.dll,
devobj.dll, audioses.dll, msacm32.drv,
msacm32.dll, midimap.dll
BTHSAmpPalService.exe 2332 ntdll.dll, snxhk64.dll, kernel32.dll,
kernelbase.dll, user32.dll, gdi32.dll,
lpk.dll, usp10.dll, msvcrt.dll,
advapi32.dll, sechost.dll, rpcrt4.dll,
imm32.dll, msctf.dll, nvinitx.dll,
UsR3IoPort.dll, setupapi.dll, cfgmgr32.dll,
oleaut32.dll, ole32.dll, devobj.dll
AppleMobileDeviceService. 2352 ntdll.dll, wow64.dll, wow64win.dll,
wow64cpu.dll
devmonsrv.exe 2448 ntdll.dll, wow64.dll, wow64win.dll,
wow64cpu.dll
mDNSResponder.exe 2472 ntdll.dll, snxhk64.dll, kernel32.dll,
kernelbase.dll, ws2_32.dll, msvcrt.dll,
rpcrt4.dll, nsi.dll, iphlpapi.dll,
winnsi.dll, netapi32.dll, netutils.dll,
srvcli.dll, wkscli.dll, powrprof.dll,
setupapi.dll, cfgmgr32.dll, advapi32.dll,
sechost.dll, gdi32.dll, user32.dll,
lpk.dll, usp10.dll, oleaut32.dll,
ole32.dll, devobj.dll, imm32.dll,
msctf.dll, nvinitx.dll, cryptbase.dll,
mswsock.dll, wshtcpip.dll, wship6.dll,
dhcpcsvc.dll, dhcpcsvc6.dll, dnsapi.dll
BDTUpdateService.exe 2516 ntdll.dll, wow64.dll, wow64win.dll,
wow64cpu.dll
svchost.exe 2544 ntdll.dll, snxhk64.dll, kernel32.dll,
kernelbase.dll, msvcrt.dll, sechost.dll,
rpcrt4.dll, bthserv.dll, shfolder.dll,
shell32.dll, shlwapi.dll, gdi32.dll,
user32.dll, lpk.dll, usp10.dll, imm32.dll,
msctf.dll, nvinitx.dll, advapi32.dll,
setupapi.dll, cfgmgr32.dll, oleaut32.dll,
ole32.dll, devobj.dll, wintrust.dll,
crypt32.dll, msasn1.dll, rpcrtremote.dll,
secur32.dll, sspicli.dll, credssp.dll,
msv1_0.dll, cryptdll.dll, cryptbase.dll
BTHSSecurityMgr.exe 2576 ntdll.dll, snxhk64.dll, kernel32.dll,
kernelbase.dll, wintrust.dll, msvcrt.dll,
crypt32.dll, msasn1.dll, rpcrt4.dll,
user32.dll, gdi32.dll, lpk.dll, usp10.dll,
advapi32.dll, sechost.dll, ole32.dll,
oleaut32.dll, msvcp90.dll, msvcr90.dll,
imm32.dll, msctf.dll, nvinitx.dll,
cryptbase.dll, BTSupplicantPlugin.dll,
secur32.dll, sspicli.dll, shlwapi.dll,
oleacc.dll, winspool.drv, cryptsp.dll,
rsaenh.dll, imagehlp.dll, ncrypt.dll,
bcrypt.dll, bcryptprimitives.dll,
userenv.dll, profapi.dll, gpapi.dll,
PanAuthenticator.dll, ws2_32.dll, nsi.dll,
UsR3IoPort.dll, setupapi.dll, cfgmgr32.dll,
devobj.dll
EvtEng.exe 2644 ntdll.dll, snxhk64.dll, kernel32.dll,
kernelbase.dll, secur32.dll, sspicli.dll,
msvcrt.dll, rpcrt4.dll, shlwapi.dll,
gdi32.dll, user32.dll, lpk.dll, usp10.dll,
iphlpapi.dll, nsi.dll, winnsi.dll,
crypt32.dll, msasn1.dll, setupapi.dll,
cfgmgr32.dll, advapi32.dll, sechost.dll,
oleaut32.dll, ole32.dll, devobj.dll,
murocapi.dll, comdlg32.dll, comctl32.dll,
shell32.dll, winspool.drv, psapi.dll,
imm32.dll, msctf.dll, nvinitx.dll,
libeay32.dll, wsock32.dll, ws2_32.dll,
psregapi.dll, traceapi.dll, oleacc.dll,
wtsapi32.dll, cryptbase.dll, clbcatq.dll,
cryptsp.dll, rsaenh.dll, rpcrtremote.dll,
wlanapi.dll, wlanutil.dll, intstngs.dll,
userenv.dll, profapi.dll, winsta.dll,
amtwsman.dll, winhttp.dll, webio.dll,
s24mudll.dll, version.dll, wbemprox.dll,
wbemcomn.dll, apphelp.dll, wbemsvc.dll,
fastprox.dll, ntdsapi.dll, netcfgx.dll,
devrtl.dll, wintrust.dll
PsiService_2.exe 2780 ntdll.dll, wow64.dll, wow64win.dll,
wow64cpu.dll
RegSrvc.exe 2808 ntdll.dll, snxhk64.dll, kernel32.dll,
kernelbase.dll, setupapi.dll, cfgmgr32.dll,
msvcrt.dll, rpcrt4.dll, advapi32.dll,
sechost.dll, gdi32.dll, user32.dll,
lpk.dll, usp10.dll, oleaut32.dll,
ole32.dll, devobj.dll, crypt32.dll,
msasn1.dll, shell32.dll, shlwapi.dll,
comdlg32.dll, comctl32.dll, winspool.drv,
psapi.dll, imm32.dll, msctf.dll,
nvinitx.dll, cryptbase.dll, clbcatq.dll,
cryptsp.dll, rsaenh.dll, rpcrtremote.dll,
sxs.dll
RichVideo.exe 2840 ntdll.dll, wow64.dll, wow64win.dll,
wow64cpu.dll
sftvsa.exe 1588 ntdll.dll, wow64.dll, wow64win.dll,
wow64cpu.dll
nvSCPAPISvr.exe 3080 ntdll.dll, wow64.dll, wow64win.dll,
wow64cpu.dll
svchost.exe 3108 ntdll.dll, snxhk64.dll, kernel32.dll,
kernelbase.dll, msvcrt.dll, sechost.dll,
rpcrt4.dll, wiaservc.dll, advapi32.dll,
user32.dll, gdi32.dll, lpk.dll, usp10.dll,
oleaut32.dll, ole32.dll, version.dll,
imm32.dll, msctf.dll, nvinitx.dll,
wiatrace.dll, cryptbase.dll,
rpcrtremote.dll, secur32.dll, sspicli.dll,
credssp.dll, msv1_0.dll, cryptdll.dll,
cfgmgr32.dll, clbcatq.dll, cryptsp.dll,
rsaenh.dll, setupapi.dll, devobj.dll,
sti.dll, comctl32.dll, shlwapi.dll,
wintrust.dll, crypt32.dll, msasn1.dll
TvdService.exe 3164 ntdll.dll, snxhk64.dll, kernel32.dll,
kernelbase.dll, mscoree.dll, advapi32.dll,
msvcrt.dll, sechost.dll, rpcrt4.dll,
mscoreei.dll, shlwapi.dll, gdi32.dll,
user32.dll, lpk.dll, usp10.dll, imm32.dll,
msctf.dll, nvinitx.dll, mscorwks.dll,
msvcr80.dll, shell32.dll, ole32.dll,
profapi.dll, mscorlib.ni.dll,
cryptbase.dll, cryptsp.dll, rsaenh.dll,
mscorjit.dll, System.ni.dll,
System.ServiceProcess.ni.dll,
Tvd.Remote.dll, System.Data.ni.dll,
system.data.dll, ws2_32.dll, nsi.dll,
crypt32.dll, msasn1.dll, System.Xml.ni.dll,
System.ServiceModel.ni.dll,
SMDiagnostics.ni.dll,
System.Configuration.ni.dll,
System.Runtime.Serialization.ni.dll,
httpapi.dll, pcwum.dll,
system.resources.dll, mswsock.dll,
wshtcpip.dll, wship6.dll, dnsapi.dll,
wlidnsp.dll, psapi.dll, mdnsnsp.dll,
iphlpapi.dll, winnsi.dll, rasadhlp.dll,
fwpuclnt.dll, FingerPrint.dll,
Tvd.Reporting.dll, Tvd.Aprico.dll,
System.Management.ni.dll, rpcrtremote.dll,
wminet_utils.dll, oleaut32.dll,
clbcatq.dll, wmiutils.dll, wbemcomn.dll,
wbemprox.dll, wbemsvc.dll, fastprox.dll,
ntdsapi.dll, bcrypt.dll,
system.serviceprocess.resources.dll,
System.Transactions.ni.dll,
system.transactions.dll,
system.servicemodel.resources.dll
WLIDSVC.EXE 3208 ntdll.dll, snxhk64.dll, kernel32.dll,
kernelbase.dll, advapi32.dll, msvcrt.dll,
sechost.dll, rpcrt4.dll, oleaut32.dll,
ole32.dll, gdi32.dll, user32.dll, lpk.dll,
usp10.dll, shlwapi.dll, crypt32.dll,
msasn1.dll, sensapi.dll, psapi.dll,
sqmapi.dll, netapi32.dll, netutils.dll,
srvcli.dll, wkscli.dll, samcli.dll,
winhttp.dll, webio.dll, iphlpapi.dll,
nsi.dll, winnsi.dll, wer.dll, shell32.dll,
ws2_32.dll, wtsapi32.dll, userenv.dll,
profapi.dll, wintrust.dll, version.dll,
winscard.dll, imm32.dll, msctf.dll,
nvinitx.dll, cryptbase.dll, cryptsp.dll,
rsaenh.dll, clbcatq.dll, rpcrtremote.dll,
msxml3.dll, winsta.dll, apphelp.dll,
wbemprox.dll, wbemcomn.dll, wbemsvc.dll,
fastprox.dll, ntdsapi.dll, dssenh.dll,
sspicli.dll, credssp.dll, mswsock.dll,
wshtcpip.dll, wship6.dll, dhcpcsvc.dll,
dhcpcsvc6.dll, cfgmgr32.dll, dnsapi.dll,
wlidnsp.dll, mdnsnsp.dll, rasadhlp.dll,
fwpuclnt.dll, schannel.dll, secur32.dll,
ncrypt.dll, bcrypt.dll,
bcryptprimitives.dll, gpapi.dll,
cryptnet.dll, wldap32.dll
X10nets.exe 3288 ntdll.dll, wow64.dll, wow64win.dll,
wow64cpu.dll
WLIDSVCM.EXE 3348 ntdll.dll, snxhk64.dll, kernel32.dll,
kernelbase.dll, advapi32.dll, msvcrt.dll,
sechost.dll, rpcrt4.dll, user32.dll,
gdi32.dll, lpk.dll, usp10.dll, psapi.dll,
shell32.dll, shlwapi.dll, imm32.dll,
msctf.dll, nvinitx.dll
obexsrv.exe 3360 ntdll.dll, wow64.dll, wow64win.dll,
wow64cpu.dll
unsecapp.exe 3440 ntdll.dll, snxhk64.dll, kernel32.dll,
kernelbase.dll, msvcrt.dll, wbemcomn.dll,
oleaut32.dll, ole32.dll, gdi32.dll,
user32.dll, lpk.dll, usp10.dll, rpcrt4.dll,
ws2_32.dll, nsi.dll, sechost.dll,
imm32.dll, msctf.dll, nvinitx.dll,
advapi32.dll, cryptbase.dll, clbcatq.dll,
cryptsp.dll, rsaenh.dll, rpcrtremote.dll,
wbemsvc.dll, fastprox.dll, ntdsapi.dll
sftlist.exe 3448 ntdll.dll, wow64.dll, wow64win.dll,
wow64cpu.dll
WmiPrvSE.exe 3608 ntdll.dll, snxhk64.dll, kernel32.dll,
kernelbase.dll, advapi32.dll, msvcrt.dll,
sechost.dll, rpcrt4.dll, user32.dll,
gdi32.dll, lpk.dll, usp10.dll,
wbemcomn.dll, oleaut32.dll, ole32.dll,
ws2_32.dll, nsi.dll, fastprox.dll,
ntdsapi.dll, ncobjapi.dll, imm32.dll,
msctf.dll, nvinitx.dll, cryptbase.dll,
ntmarta.dll, wldap32.dll, clbcatq.dll,
cryptsp.dll, rsaenh.dll, rpcrtremote.dll,
wbemsvc.dll, wmiutils.dll, cimwin32.dll,
framedynos.dll, sspicli.dll, wtsapi32.dll,
winbrand.dll, credssp.dll, schannel.dll,
crypt32.dll, msasn1.dll, wkscli.dll,
cscapi.dll, devobj.dll, cfgmgr32.dll,
winsta.dll, powrprof.dll, setupapi.dll,
perfos.dll, wintrust.dll, netapi32.dll,
netutils.dll, srvcli.dll, samcli.dll,
logoncli.dll, browcli.dll, schedcli.dll,
dsrole.dll, version.dll, ntevt.dll,
provthrd.dll, msvcirt.dll, wsock32.dll,
wevtapi.dll
WmiPrvSE.exe 3636 ntdll.dll, snxhk64.dll, kernel32.dll,
kernelbase.dll, advapi32.dll, msvcrt.dll,
sechost.dll, rpcrt4.dll, user32.dll,
gdi32.dll, lpk.dll, usp10.dll,
wbemcomn.dll, oleaut32.dll, ole32.dll,
ws2_32.dll, nsi.dll, fastprox.dll,
ntdsapi.dll, ncobjapi.dll, imm32.dll,
msctf.dll, nvinitx.dll, cryptbase.dll,
ntmarta.dll, wldap32.dll, clbcatq.dll,
cryptsp.dll, rsaenh.dll, rpcrtremote.dll,
wbemsvc.dll, wmiutils.dll, wmiprov.dll,
iwmsprov.dll, shell32.dll, shlwapi.dll,
psregapi.dll, setupapi.dll, cfgmgr32.dll,
devobj.dll, comdlg32.dll, comctl32.dll,
winspool.drv, psapi.dll, traceapi.dll,
secur32.dll, sspicli.dll, oleacc.dll,
esscli.dll
CVHSVC.EXE 4108 ntdll.dll, wow64.dll, wow64win.dll,
wow64cpu.dll
SearchIndexer.exe 4232 ntdll.dll, snxhk64.dll, kernel32.dll,
kernelbase.dll, advapi32.dll, msvcrt.dll,
sechost.dll, rpcrt4.dll, user32.dll,
gdi32.dll, lpk.dll, usp10.dll, ole32.dll,
oleaut32.dll, tquery.dll, shlwapi.dll,
mssrch.dll, esent.dll, imm32.dll,
msctf.dll, nvinitx.dll, psapi.dll,
shell32.dll, profapi.dll, cryptbase.dll,
secur32.dll, sspicli.dll, credssp.dll,
clbcatq.dll, msidle.dll, cryptsp.dll,
rsaenh.dll, rpcrtremote.dll, mssprxy.dll,
propsys.dll, ntmarta.dll, wldap32.dll,
vssapi.dll, atl.dll, vsstrace.dll,
wtsapi32.dll, winsta.dll, samcli.dll,
samlib.dll, netutils.dll, es.dll,
cfgmgr32.dll, userenv.dll, sxs.dll,
naturallanguage6.dll, crypt32.dll,
msasn1.dll, apphelp.dll, elscore.dll,
elslad.dll, comctl32.dll, setupapi.dll,
devobj.dll, vss_ps.dll, msxml3.dll,
nlsdata0007.dll, nlslexicons0007.dll,
nlsdata0003.dll, nlslexicons0003.dll,
nlsdata0000.dll
rundll32.exe 4472 ntdll.dll, snxhk64.dll, kernel32.dll,
kernelbase.dll, user32.dll, gdi32.dll,
lpk.dll, usp10.dll, msvcrt.dll,
imagehlp.dll, advapi32.dll, sechost.dll,
rpcrt4.dll, imm32.dll, msctf.dll,
nvinitx.dll, shell32.dll, shlwapi.dll,
uxtheme.dll, dwmapi.dll, ole32.dll,
cryptbase.dll, clbcatq.dll, oleaut32.dll,
cryptsp.dll, rsaenh.dll, rpcrtremote.dll,
actxprxy.dll, comctl32.dll
svchost.exe 4608 ntdll.dll, snxhk64.dll, kernel32.dll,
kernelbase.dll, msvcrt.dll, sechost.dll,
rpcrt4.dll, ipsecsvc.dll, authz.dll,
fwpuclnt.dll, firewallapi.dll, version.dll,
fwremotesvr.dll, advapi32.dll, ole32.dll,
gdi32.dll, user32.dll, lpk.dll, usp10.dll,
imm32.dll, msctf.dll, nvinitx.dll,
cryptbase.dll, clbcatq.dll, oleaut32.dll,
ws2_32.dll, nsi.dll, mswsock.dll,
wshtcpip.dll, wship6.dll, iphlpapi.dll,
winnsi.dll, dhcpcsvc.dll, dhcpcsvc6.dll,
secur32.dll, sspicli.dll, credssp.dll,
rpcrtremote.dll
hkcmd.exe 824 ntdll.dll, snxhk64.dll, kernel32.dll,
kernelbase.dll, hccutils.dll, user32.dll,
gdi32.dll, lpk.dll, usp10.dll, msvcrt.dll,
advapi32.dll, sechost.dll, rpcrt4.dll,
ole32.dll, oleaut32.dll, shell32.dll,
shlwapi.dll, imm32.dll, msctf.dll,
nvinitx.dll, cryptbase.dll, uxtheme.dll,
clbcatq.dll, cryptsp.dll, rsaenh.dll,
rpcrtremote.dll, igfxsrvc.dll, dwmapi.dll,
igfxrdeu.lrc
igfxpers.exe 4528 ntdll.dll, snxhk64.dll, kernel32.dll,
kernelbase.dll, powrprof.dll, msvcrt.dll,
rpcrt4.dll, setupapi.dll, cfgmgr32.dll,
advapi32.dll, sechost.dll, gdi32.dll,
user32.dll, lpk.dll, usp10.dll,
oleaut32.dll, ole32.dll, devobj.dll,
shell32.dll, shlwapi.dll, hccutils.dll,
imm32.dll, msctf.dll, nvinitx.dll,
cryptbase.dll, uxtheme.dll, clbcatq.dll,
cryptsp.dll, rsaenh.dll, rpcrtremote.dll,
igfxsrvc.dll, dwmapi.dll,
IccLibDll_x64.dll, psapi.dll, wtsapi32.dll,
winsta.dll, wintrust.dll, crypt32.dll,
msasn1.dll
iFrmewrk.exe 1008 ntdll.dll, snxhk64.dll, kernel32.dll,
kernelbase.dll, winmm.dll, msvcrt.dll,
user32.dll, gdi32.dll, lpk.dll, usp10.dll,
psregapi.dll, setupapi.dll, cfgmgr32.dll,
rpcrt4.dll, advapi32.dll, sechost.dll,
oleaut32.dll, ole32.dll, devobj.dll,
comdlg32.dll, shlwapi.dll, comctl32.dll,
shell32.dll, winspool.drv, psapi.dll,
version.dll, libeay32.dll, wsock32.dll,
ws2_32.dll, nsi.dll, secur32.dll,
sspicli.dll, oledlg.dll, imm32.dll,
msctf.dll, nvinitx.dll, uxtheme.dll,
cryptbase.dll, frwrkdeu.dll, cryptsp.dll,
rsaenh.dll, clbcatq.dll, rpcrtremote.dll,
sxs.dll, dwmapi.dll, pantray.dll,
wtsapi32.dll, wlanapi.dll, wlanutil.dll,
traceapi.dll, oleacc.dll, WiMAXCoEx.DLL,
pfmgrapi.dll, crypt32.dll, msasn1.dll,
iphlpapi.dll, winnsi.dll, murocapi.dll,
intstngs.dll, userenv.dll, profapi.dll,
panapi.dll, s24mudll.dll, dbengine.dll,
msxml6.dll, pantrdeu.dll, comctl32.dll,
winsta.dll, wbemprox.dll, wbemcomn.dll,
wbemsvc.dll, fastprox.dll, ntdsapi.dll
rundll32.exe 5084 ntdll.dll, snxhk64.dll, kernel32.dll,
kernelbase.dll, user32.dll, gdi32.dll,
lpk.dll, usp10.dll, msvcrt.dll,
imagehlp.dll, advapi32.dll, sechost.dll,
rpcrt4.dll, imm32.dll, msctf.dll,
nvinitx.dll, btmshell.dll, uxtheme.dll,
winmm.dll, wtsapi32.dll, version.dll,
setupapi.dll, cfgmgr32.dll, oleaut32.dll,
ole32.dll, devobj.dll, ws2_32.dll, nsi.dll,
shell32.dll, shlwapi.dll, msimg32.dll,
bthprops.cpl, comctl32.dll, deu.dll,
dwmapi.dll, cryptbase.dll, clbcatq.dll,
cryptsp.dll, rsaenh.dll, rpcrtremote.dll,
sxs.dll, winsta.dll
OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.03.2013 20:18:05 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Familie\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.91 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 56.69% Memory free 7.81 Gb Paging File | 5.19 Gb Available in Paging File | 66.42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 647.54 Gb Total Space | 491.47 Gb Free Space | 75.90% Space Free | Partition Type: NTFS Drive D: | 48.00 Gb Total Space | 15.37 Gb Free Space | 32.02% Space Free | Partition Type: NTFS Computer Name: FAMILIE-PC | User Name: Familie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Familie\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software) PRC - C:\Users\Familie\AppData\Local\Smartbar\Application\QuickShare.exe (Smartbar) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) PRC - C:\Program Files (x86)\Secure Banking\SecureBanking.exe (Secure Banking) PRC - C:\Program Files (x86)\Secure Banking\sbservice.exe () PRC - C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) PRC - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Launch Manager\WButton.exe (Wistron Corp.) PRC - C:\Program Files (x86)\Launch Manager\OSD.exe (Wistron Corp.) PRC - C:\Program Files (x86)\Launch Manager\HotkeyApp.exe (Wistron) PRC - C:\Program Files (x86)\Launch Manager\WisLMSvc.exe (Wistron Corp.) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe (X10) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Users\Familie\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll () MOD - C:\Users\Familie\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll () MOD - C:\Users\Familie\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll () MOD - C:\Users\Familie\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll () MOD - C:\Users\Familie\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll () MOD - C:\Users\Familie\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll () MOD - C:\Users\Familie\AppData\Local\Smartbar\Application\MACTrackBarLib.dll () MOD - C:\Users\Familie\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll () MOD - C:\Users\Familie\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll () MOD - C:\Users\Familie\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll () MOD - C:\Users\Familie\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll () MOD - C:\Users\Familie\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll () MOD - C:\Users\Familie\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll () MOD - C:\Users\Familie\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll () MOD - C:\Users\Familie\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll () MOD - C:\Users\Familie\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll () MOD - C:\Users\Familie\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll () MOD - C:\Users\Familie\AppData\Roaming\Mozilla\Firefox\Profiles\5p2kkb4x.default\extensions\{b50dec5c-a680-49e7-92ab-90312fa3caf9}\components\SmartbarFireFoxRemotePlugin_19.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll () MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll () MOD - C:\Program Files (x86)\Secure Banking\sbservice.exe () MOD - C:\Program Files (x86)\Secure Banking\SecureBanking.dll () MOD - C:\Program Files (x86)\Secure Banking\funcs.dll () MOD - C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Browser Defender Update Service) -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (WisLMSvc) -- C:\Program Files (x86)\Launch Manager\WisLMSvc.exe (Wistron Corp.) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (watchmi) -- C:\Program Files (x86)\watchmi\TvdService.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (x10nets) -- C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe (X10) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010006.10031 IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=b50dec5c-a680-49e7-92ab-90312fa3caf9&searchtype=ds&q={searchTerms}&installDate=01/01/1970 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1048707053-1856203506-3919785161-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1048707053-1856203506-3919785161-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1048707053-1856203506-3919785161-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKU\S-1-5-21-1048707053-1856203506-3919785161-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1048707053-1856203506-3919785161-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=b50dec5c-a680-49e7-92ab-90312fa3caf9&searchtype=ds&q={searchTerms}&installDate=01/01/1970 IE - HKU\S-1-5-21-1048707053-1856203506-3919785161-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=b50dec5c-a680-49e7-92ab-90312fa3caf9&searchtype=ds&q={searchTerms}&installDate=01/01/1970 IE - HKU\S-1-5-21-1048707053-1856203506-3919785161-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-1048707053-1856203506-3919785161-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.search.ask.com/?l=dis&o=101702 IE - HKU\S-1-5-21-1048707053-1856203506-3919785161-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=b50dec5c-a680-49e7-92ab-90312fa3caf9&searchtype=ds&q={searchTerms}&installDate=01/01/1970 IE - HKU\S-1-5-21-1048707053-1856203506-3919785161-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=b50dec5c-a680-49e7-92ab-90312fa3caf9&searchtype=ds&q={searchTerms}&installDate=01/01/1970 IE - HKU\S-1-5-21-1048707053-1856203506-3919785161-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-1048707053-1856203506-3919785161-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-1048707053-1856203506-3919785161-1001\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=b50dec5c-a680-49e7-92ab-90312fa3caf9&searchtype=ds&q={searchTerms}&installDate=01/01/1970 IE - HKU\S-1-5-21-1048707053-1856203506-3919785161-1001\..\SearchScopes\{5F4A9D05-1CCC-446D-B5F9-5790EB00A76E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FXTV5&o=101699&src=kw&q={searchTerms}&locale=&apn_ptnrs=^F4&apn_dtid=^YYYYYY^YY^DE&apn_uid=70e34f2b-28e6-4eee-baea-c30804d364ad&apn_sauid=8F66AD7D-4F51-41CC-8C79-B6F0187F214A IE - HKU\S-1-5-21-1048707053-1856203506-3919785161-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_enDE393 IE - HKU\S-1-5-21-1048707053-1856203506-3919785161-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1048707053-1856203506-3919785161-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.4 FF - prefs.js..extensions.enabledAddons: %7Bb50dec5c-a680-49e7-92ab-90312fa3caf9%7D:1.1 FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1483 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=b50dec5c-a680-49e7-92ab-90312fa3caf9&searchtype=ds&installDate=01/01/1970&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\ [2012.11.06 23:23:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.03.17 09:47:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 21:43:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.30 10:46:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Familie\AppData\Roaming\mozilla\Extensions [2013.03.17 11:45:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Familie\AppData\Roaming\mozilla\Firefox\Profiles\5p2kkb4x.default\extensions [2013.03.15 07:27:14 | 000,000,000 | ---D | M] ("QuickShare Widget") -- C:\Users\Familie\AppData\Roaming\mozilla\Firefox\Profiles\5p2kkb4x.default\extensions\{b50dec5c-a680-49e7-92ab-90312fa3caf9} [2013.03.17 11:45:49 | 000,000,000 | ---D | M] (Foxit PDF Creator Toolbar) -- C:\Users\Familie\AppData\Roaming\mozilla\Firefox\Profiles\5p2kkb4x.default\extensions\toolbar@ask.com [2013.01.30 18:16:34 | 000,538,938 | ---- | M] () (No name found) -- C:\Users\Familie\AppData\Roaming\mozilla\firefox\profiles\5p2kkb4x.default\extensions\toolbar@web.de.xpi [2013.03.17 11:45:49 | 000,002,339 | ---- | M] () -- C:\Users\Familie\AppData\Roaming\mozilla\firefox\profiles\5p2kkb4x.default\searchplugins\askcom.xml [2013.03.08 21:43:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.08 21:43:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.03.17 09:47:18 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2013.03.08 21:43:37 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.11.11 10:47:22 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.11 10:47:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.11.11 10:47:22 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.11.11 10:47:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.11 10:47:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.11 10:47:22 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files (x86)\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files (x86)\Launch Manager\OSDCtrl.exe" File not found O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files (x86)\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [Wbutton] C:\Program Files (x86)\Launch Manager\Wbutton.exe (Wistron Corp.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1048707053-1856203506-3919785161-1000..\Run: [Power2GoExpress] NA File not found O4 - HKU\S-1-5-21-1048707053-1856203506-3919785161-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1048707053-1856203506-3919785161-1001..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKU\S-1-5-21-1048707053-1856203506-3919785161-1001..\Run: [SecureBanking] C:\Program Files (x86)\Secure Banking\SecureBanking.exe (Secure Banking) O4 - HKLM..\RunOnce: [awde7zip23054] C:\Users\Familie\AppData\Local\Temp\BI_RunOnce.exe (Somoto Ltd.) O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-1048707053-1856203506-3919785161-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-1048707053-1856203506-3919785161-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Familie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03825670-E143-4A1C-9D66-6B83C604CAAB}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.11.06 22:09:48 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.17 20:07:26 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.17 20:07:06 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.17 11:56:07 | 000,000,000 | ---D | C] -- C:\Users\Familie\Documents\mbar-1.01.0.1021-1 [2013.03.17 11:50:11 | 000,000,000 | ---D | C] -- C:\Users\Familie\AppData\Local\{902A97D8-D2C7-4E04-B961-07240D1DF36E} [2013.03.17 11:45:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2013.03.17 11:45:26 | 000,000,000 | ---D | C] -- C:\Users\Familie\AppData\Local\APN [2013.03.17 11:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask [2013.03.17 11:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader [2013.03.17 11:24:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.03.17 11:24:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.03.17 09:47:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013.03.16 10:13:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security [2013.03.14 14:23:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.14 14:23:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.14 14:23:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.14 14:23:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.14 14:23:39 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.14 14:23:36 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.14 14:23:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.14 14:20:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.08 21:43:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.08 17:55:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.03.08 17:54:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.03.08 17:54:04 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.17 20:04:33 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.17 20:04:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.17 19:31:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\WpsUpdateTask_Familie.job [2013.03.17 19:24:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.17 12:23:19 | 000,000,000 | ---- | M] () -- C:\Users\Familie\defogger_reenable [2013.03.17 11:45:06 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2013.03.17 11:43:06 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.17 11:24:32 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.03.17 11:20:37 | 3147,198,464 | -HS- | M] () -- C:\hiberfil.sys [2013.03.17 09:47:39 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.03.17 09:47:37 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013.03.16 10:29:10 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.16 10:29:10 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.16 10:13:27 | 000,001,962 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk [2013.03.15 18:50:08 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.03.08 17:55:09 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.03.07 00:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.17 12:23:19 | 000,000,000 | ---- | C] () -- C:\Users\Familie\defogger_reenable [2013.03.17 11:45:06 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2013.03.17 09:47:39 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.03.16 10:29:11 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.16 10:13:27 | 000,001,962 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk [2013.03.08 17:55:09 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.11.06 23:23:45 | 000,767,960 | ---- | C] () -- C:\Windows\BDTSupport.dll [2012.09.26 19:36:23 | 000,110,197 | -H-- | C] () -- C:\Users\Familie\do_Verkehrszeichen.pdf [2012.09.26 19:35:32 | 000,225,862 | -H-- | C] () -- C:\Users\Familie\verkehrszeichenlegematerial_nord.pdf [2012.09.26 19:34:05 | 000,088,045 | -H-- | C] () -- C:\Users\Familie\Domino_Richtzeichen.pdf [2012.09.26 19:33:34 | 000,093,346 | -H-- | C] () -- C:\Users\Familie\Domino_Gefahrenzeichen.pdf [2012.09.07 13:48:18 | 000,089,474 | -H-- | C] () -- C:\Users\Familie\2012_Anmeldung_Wintertraining.pdf [2012.07.22 19:23:43 | 000,003,584 | -H-- | C] () -- C:\Users\Familie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.05 10:48:40 | 001,527,004 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.08.18 22:01:07 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe [2011.08.18 22:01:06 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32_setup.exe [2011.08.17 16:21:17 | 000,072,017 | ---- | C] () -- C:\Windows\SysWow64\Uninstall ALDI SÜD Mah Jong.exe [2011.07.27 00:20:38 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.07.27 00:20:38 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.07.27 00:20:38 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.07.27 00:14:32 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.07.26 23:50:58 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:373E1720 @Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:DFC5A2B2 < End of report > |
|
17.03.2013, 20:50
| #4 |
| /// Helfer-Team | Snap.do Trojaner Wo ist das Log von JRT? |
|
17.03.2013, 21:58
| #5 |
| | Snap.do Trojaner die hier? HTML-Code: Abbildname PID Module
========================= ======== ============================================
System Idle Process 0 Nicht zutreffend
System 4 Nicht zutreffend
smss.exe 404 Nicht zutreffend
csrss.exe 596 ntdll.dll, csrsrv.dll, basesrv.dll,
winsrv.dll, user32.dll, gdi32.dll,
kernel32.dll, kernelbase.dll, lpk.dll,
usp10.dll, msvcrt.dll, sxssrv.dll, sxs.dll,
rpcrt4.dll, cryptbase.dll, advapi32.dll,
sechost.dll
wininit.exe 672 ntdll.dll, kernel32.dll, kernelbase.dll,
user32.dll, gdi32.dll, lpk.dll, usp10.dll,
msvcrt.dll, rpcrt4.dll, sechost.dll,
profapi.dll, imm32.dll, msctf.dll,
nvinitx.dll, advapi32.dll, rpcrtremote.dll,
apphelp.dll, cryptbase.dll, ws2_32.dll,
nsi.dll, mswsock.dll, wshtcpip.dll,
wship6.dll, secur32.dll, sspicli.dll,
credssp.dll
csrss.exe 688 ntdll.dll, csrsrv.dll, basesrv.dll,
winsrv.dll, user32.dll, gdi32.dll,
kernel32.dll, kernelbase.dll, lpk.dll,
usp10.dll, msvcrt.dll, sxssrv.dll, sxs.dll,
rpcrt4.dll, cryptbase.dll, advapi32.dll,
sechost.dll
services.exe 736 ntdll.dll, kernel32.dll, kernelbase.dll,
msvcrt.dll, rpcrt4.dll, sspicli.dll,
profapi.dll, sechost.dll, cryptbase.dll,
scext.dll, user32.dll, gdi32.dll, lpk.dll,
usp10.dll, secur32.dll, scesrv.dll,
srvcli.dll, imm32.dll, msctf.dll,
nvinitx.dll, advapi32.dll, rpcrtremote.dll,
credssp.dll, authz.dll, ubpm.dll,
apphelp.dll, wtsapi32.dll, winsta.dll,
ws2_32.dll, nsi.dll, mswsock.dll,
wshtcpip.dll, wship6.dll
lsass.exe 748 ntdll.dll, kernel32.dll, kernelbase.dll,
msvcrt.dll, rpcrt4.dll, sspisrv.dll,
lsasrv.dll, sechost.dll, sspicli.dll,
advapi32.dll, user32.dll, gdi32.dll,
lpk.dll, usp10.dll, samsrv.dll,
cryptdll.dll, msasn1.dll, wevtapi.dll,
imm32.dll, msctf.dll, nvinitx.dll,
cngaudit.dll, authz.dll, ncrypt.dll,
bcrypt.dll, msprivs.dll, netjoin.dll,
negoexts.dll, secur32.dll, cryptbase.dll,
kerberos.dll, cryptsp.dll, ws2_32.dll,
nsi.dll, mswsock.dll, wship6.dll,
msv1_0.dll, netlogon.dll, dnsapi.dll,
logoncli.dll, schannel.dll, crypt32.dll,
wdigest.dll, rsaenh.dll, tspkg.dll,
pku2u.dll, livessp.dll, psapi.dll,
shlwapi.dll, bcryptprimitives.dll,
rpcrtremote.dll, efslsaext.dll, scecli.dll,
credssp.dll, winsta.dll, keyiso.dll,
iphlpapi.dll, winnsi.dll, netutils.dll,
userenv.dll, profapi.dll, wshtcpip.dll,
efssvc.dll, efscore.dll, efsutil.dll,
slc.dll, gpapi.dll, wtsapi32.dll,
dssenh.dll, cryptnet.dll, wldap32.dll,
mpr.dll
lsm.exe 756 ntdll.dll, kernel32.dll, kernelbase.dll,
msvcrt.dll, sechost.dll, rpcrt4.dll,
sysntfy.dll, wmsgapi.dll, cryptbase.dll,
pcwum.dll, rpcrtremote.dll, secur32.dll,
sspicli.dll, credssp.dll, advapi32.dll
winlogon.exe 808 ntdll.dll, kernel32.dll, kernelbase.dll,
user32.dll, gdi32.dll, lpk.dll, usp10.dll,
msvcrt.dll, winsta.dll, rpcrt4.dll,
imm32.dll, msctf.dll, nvinitx.dll,
advapi32.dll, sechost.dll, profapi.dll,
rpcrtremote.dll, apphelp.dll, uxinit.dll,
uxtheme.dll, cryptsp.dll, rsaenh.dll,
cryptbase.dll, windowscodecs.dll,
ole32.dll, wkscli.dll, netjoin.dll,
netutils.dll, sspicli.dll, slc.dll,
mpr.dll, authz.dll
svchost.exe 912 ntdll.dll, kernel32.dll, kernelbase.dll,
msvcrt.dll, sechost.dll, rpcrt4.dll,
umpnpmgr.dll, spinf.dll, user32.dll,
gdi32.dll, lpk.dll, usp10.dll, devrtl.dll,
imm32.dll, msctf.dll, nvinitx.dll,
advapi32.dll, rpcrtremote.dll, userenv.dll,
profapi.dll, gpapi.dll, cryptbase.dll,
umpo.dll, winsta.dll, setupapi.dll,
cfgmgr32.dll, oleaut32.dll, ole32.dll,
devobj.dll, pcwum.dll, rpcss.dll,
sspicli.dll, credssp.dll, clbcatq.dll,
apphelp.dll, ntmarta.dll, wldap32.dll,
wmidcprv.dll, fastprox.dll, wbemcomn.dll,
ws2_32.dll, nsi.dll, ntdsapi.dll,
wbemprox.dll, cryptsp.dll, rsaenh.dll,
wbemsvc.dll, wmiutils.dll, wintrust.dll,
crypt32.dll, msasn1.dll, wtsapi32.dll
nvvsvc.exe 996 ntdll.dll, kernel32.dll, kernelbase.dll,
rpcrt4.dll, wtsapi32.dll, msvcrt.dll,
shlwapi.dll, gdi32.dll, user32.dll,
lpk.dll, usp10.dll, userenv.dll,
profapi.dll, setupapi.dll, cfgmgr32.dll,
advapi32.dll, sechost.dll, oleaut32.dll,
ole32.dll, devobj.dll, imm32.dll,
msctf.dll, nvinitx.dll, cryptbase.dll,
shell32.dll, clbcatq.dll, cryptsp.dll,
rsaenh.dll, rpcrtremote.dll, apphelp.dll,
nvxdbat.dll, winsta.dll, wintrust.dll,
crypt32.dll, msasn1.dll
svchost.exe 124 ntdll.dll, kernel32.dll, kernelbase.dll,
msvcrt.dll, sechost.dll, rpcrt4.dll,
rpcepmap.dll, rpcrtremote.dll, secur32.dll,
sspicli.dll, credssp.dll, cryptbase.dll,
rpcss.dll, advapi32.dll, cryptsp.dll,
rsaenh.dll, ws2_32.dll, nsi.dll,
mswsock.dll, user32.dll, gdi32.dll,
lpk.dll, usp10.dll, imm32.dll, msctf.dll,
nvinitx.dll, wshtcpip.dll, wship6.dll,
firewallapi.dll, version.dll, clbcatq.dll,
ole32.dll, oleaut32.dll, fwpuclnt.dll,
wtsapi32.dll, winsta.dll, msi.dll,
shlwapi.dll, msiltcfg.dll, sfc.dll,
sfc_os.dll, sxs.dll
svchost.exe 628 ntdll.dll, kernel32.dll, kernelbase.dll,
msvcrt.dll, sechost.dll, rpcrt4.dll,
ole32.dll, gdi32.dll, user32.dll, lpk.dll,
usp10.dll, imm32.dll, msctf.dll,
nvinitx.dll, advapi32.dll, cryptbase.dll,
wevtsvc.dll, rpcrtremote.dll, secur32.dll,
sspicli.dll, credssp.dll, ws2_32.dll,
nsi.dll, mswsock.dll, wshtcpip.dll,
wship6.dll, gpapi.dll, ntmarta.dll,
wldap32.dll, audiosrv.dll, powrprof.dll,
setupapi.dll, cfgmgr32.dll, oleaut32.dll,
devobj.dll, mmdevapi.dll, propsys.dll,
avrt.dll, clbcatq.dll, lmhsvc.dll,
iphlpapi.dll, winnsi.dll, nrpsrv.dll,
dhcpcore.dll, dnsapi.dll, firewallapi.dll,
version.dll, dhcpcore6.dll, winsta.dll,
dhcpcsvc.dll, dhcpcsvc6.dll, shlwapi.dll,
cryptsp.dll, rsaenh.dll, audioses.dll,
provsvc.dll, npmproxy.dll, fundisc.dll,
atl.dll, msxml6.dll, fdproxy.dll,
actxprxy.dll, ieproxy.dll, p2p.dll,
p2pcollab.dll, shell32.dll, pnrpnsp.dll,
xmllite.dll, crypt32.dll, msasn1.dll,
userenv.dll, profapi.dll, wscsvc.dll,
dbghelp.dll, wbemprox.dll, wbemcomn.dll,
wbemsvc.dll, fastprox.dll, ntdsapi.dll,
wintrust.dll, imagehlp.dll, ncrypt.dll,
bcrypt.dll, bcryptprimitives.dll,
wuapi.dll, cabinet.dll, wkscli.dll,
netutils.dll, rtkapo64.dll, audioeng.dll,
r4eel64a.dll, r4eed64a.dll, rasadhlp.dll
svchost.exe 728 ntdll.dll, kernel32.dll, kernelbase.dll,
msvcrt.dll, sechost.dll, rpcrt4.dll,
ole32.dll, gdi32.dll, user32.dll, lpk.dll,
usp10.dll, imm32.dll, msctf.dll,
nvinitx.dll, advapi32.dll, cryptbase.dll,
audiosrv.dll, powrprof.dll, setupapi.dll,
cfgmgr32.dll, oleaut32.dll, devobj.dll,
mmdevapi.dll, propsys.dll, avrt.dll,
clbcatq.dll, shlwapi.dll, uxsms.dll,
wtsapi32.dll, winsta.dll, wlansvc.dll,
crypt32.dll, msasn1.dll, bcrypt.dll,
dsrole.dll, shell32.dll, wlanmsm.dll,
wlansec.dll, ws2_32.dll, nsi.dll, onex.dll,
eappprxy.dll, authz.dll, dhcpcsvc.dll,
iphlpapi.dll, winnsi.dll, eappcfg.dll,
wlgpclnt.dll, l2gpstore.dll, wlanutil.dll,
sysntfy.dll, winscard.dll, msxml6.dll,
cryptsp.dll, rsaenh.dll, rpcrtremote.dll,
secur32.dll, sspicli.dll, credssp.dll,
kerberos.dll, cryptdll.dll, wintrust.dll,
apphelp.dll, userenv.dll, profapi.dll,
netcfgx.dll, devrtl.dll, pcasvc.dll,
aepic.dll, sfc.dll, sfc_os.dll,
version.dll, wevtapi.dll, sysmain.dll,
ntmarta.dll, wldap32.dll, trkwks.dll,
hidserv.dll, hid.dll, gpapi.dll,
portabledeviceapi.dll,
portabledeviceconnectapi.dll, netman.dll,
netshell.dll, nlaapi.dll, rasdlg.dll,
mprapi.dll, rasapi32.dll, rasman.dll,
rtutils.dll, hnetcfg.dll, atl.dll, slc.dll,
wbemprox.dll, wbemcomn.dll, wbemsvc.dll,
fastprox.dll, ntdsapi.dll, listsvc.dll,
firewallapi.dll, actxprxy.dll,
idlisten.dll, xmllite.dll, netapi32.dll,
netutils.dll, srvcli.dll, wkscli.dll,
samcli.dll, ncrypt.dll, hgprint.dll,
winspool.drv, samlib.dll, shacct.dll,
comctl32.dll, cscapi.dll, comctl32.dll,
bcryptprimitives.dll
svchost.exe 492 ntdll.dll, kernel32.dll, kernelbase.dll,
msvcrt.dll, sechost.dll, rpcrt4.dll,
ole32.dll, gdi32.dll, user32.dll, lpk.dll,
usp10.dll, imm32.dll, msctf.dll,
nvinitx.dll, advapi32.dll, cryptbase.dll,
gpsvc.dll, gpapi.dll, wldap32.dll,
secur32.dll, sspicli.dll, nsi.dll,
sysntfy.dll, nlaapi.dll, profsvc.dll,
oleaut32.dll, userenv.dll, profapi.dll,
shlwapi.dll, atl.dll, rpcrtremote.dll,
themeservice.dll, clbcatq.dll, winsta.dll,
cryptsp.dll, dsrole.dll, slc.dll,
rsaenh.dll, sens.dll, ws2_32.dll,
eapsvc.dll, eapphost.dll, crypt32.dll,
msasn1.dll, umb.dll, samlib.dll,
uxtheme.dll, ntmarta.dll, shsvcs.dll,
cfgmgr32.dll, schedsvc.dll, pcwum.dll,
shell32.dll, netapi32.dll, netutils.dll,
srvcli.dll, wkscli.dll, wevtapi.dll,
authz.dll, ubpm.dll, ktmw32.dll,
xmllite.dll, setupapi.dll, devobj.dll,
credssp.dll, wintrust.dll, taskcomp.dll,
fveapi.dll, tbs.dll, fvecerts.dll,
logoncli.dll, wiarpc.dll, wtsapi32.dll,
sxs.dll, version.dll, mswsock.dll,
wshtcpip.dll, wship6.dll, netjoin.dll,
apphelp.dll, comctl32.dll, propsys.dll,
ikeext.dll, fwpuclnt.dll, ncrypt.dll,
bcrypt.dll, bcryptprimitives.dll,
iphlpapi.dll, winnsi.dll, dhcpcsvc.dll,
dhcpcsvc6.dll, wmisvc.dll, wbemcomn.dll,
vssapi.dll, vsstrace.dll, samcli.dll,
wbemcore.dll, esscli.dll, fastprox.dll,
ntdsapi.dll, wbemsvc.dll, wmiutils.dll,
repdrvfs.dll, wmiprvsd.dll, ncobjapi.dll,
wbemess.dll, iphlpsvc.dll, firewallapi.dll,
rtutils.dll, sqmapi.dll, wdscore.dll,
hnetcfg.dll, devrtl.dll, wbemprox.dll,
netprofm.dll, nci.dll, ncprov.dll,
srvsvc.dll, browser.dll, sscore.dll,
clusapi.dll, cryptdll.dll, resutils.dll,
winspool.drv, dnsapi.dll, wlidnsp.dll,
psapi.dll, mdnsnsp.dll, rasadhlp.dll,
appinfo.dll, npmproxy.dll, spinf.dll,
spfileq.dll, upnp.dll, winhttp.dll,
webio.dll, ssdpapi.dll, msxml3.dll,
urlmon.dll, iertutil.dll, wininet.dll,
normaliz.dll, netshell.dll, rasapi32.dll,
rasman.dll, wuaueng.dll, esent.dll,
cabinet.dll, mspatcha.dll, wmsgapi.dll,
qmgr.dll, bitsperf.dll, bitsigd.dll,
wer.dll, dssenh.dll, schannel.dll,
cryptnet.dll, msi.dll, advpack.dll,
mpr.dll, sensapi.dll, seclogon.dll,
actxprxy.dll, tschannel.dll, es.dll,
netcfgx.dll, ndiscapcfg.dll, rascfg.dll,
mprapi.dll, tcpipcfg.dll, mmcss.dll,
avrt.dll, aelupsvc.dll
svchost.exe 1152 ntdll.dll, kernel32.dll, kernelbase.dll,
msvcrt.dll, sechost.dll, rpcrt4.dll,
ole32.dll, gdi32.dll, user32.dll, lpk.dll,
usp10.dll, imm32.dll, msctf.dll,
nvinitx.dll, advapi32.dll, cryptbase.dll,
es.dll, oleaut32.dll, cryptsp.dll,
rsaenh.dll, rpcrtremote.dll, clbcatq.dll,
nsisvc.dll, nsi.dll, sxs.dll, netprofm.dll,
nlaapi.dll, npmproxy.dll, ws2_32.dll,
iphlpapi.dll, winnsi.dll, gpapi.dll,
winhttp.dll, webio.dll, wdi.dll,
shlwapi.dll, sspicli.dll, credssp.dll,
dnsapi.dll, perftrack.dll, wer.dll,
dwmapi.dll, secur32.dll, aepic.dll,
sfc.dll, sfc_os.dll, version.dll,
napinsp.dll, pnrpnsp.dll, mswsock.dll,
winrnr.dll, wlidnsp.dll, psapi.dll,
mdnsnsp.dll, wshbth.dll, wshtcpip.dll,
wship6.dll, rasadhlp.dll, fwpuclnt.dll,
dhcpcsvc.dll, dhcpcsvc6.dll, fdphost.dll,
fdwsd.dll, atl.dll, bcrypt.dll,
crypt32.dll, msasn1.dll, mlang.dll,
wsdapi.dll, webservices.dll,
firewallapi.dll, fdssdp.dll, ssdpapi.dll,
fdproxy.dll, bcryptprimitives.dll,
xmllite.dll, fundisc.dll, msxml6.dll,
propsys.dll, ieproxy.dll, w32time.dll,
logoncli.dll, cryptdll.dll, userenv.dll,
profapi.dll, dsrole.dll
svchost.exe 1228 ntdll.dll, kernel32.dll, kernelbase.dll,
msvcrt.dll, sechost.dll, rpcrt4.dll,
ole32.dll, gdi32.dll, user32.dll, lpk.dll,
usp10.dll, imm32.dll, msctf.dll,
nvinitx.dll, advapi32.dll, cryptbase.dll,
ws2_32.dll, nsi.dll, dnsapi.dll,
winnsi.dll, fwpuclnt.dll, userenv.dll,
profapi.dll, rpcrtremote.dll, mswsock.dll,
wship6.dll, iphlpapi.dll, dhcpcsvc.dll,
dhcpcsvc6.dll, gpapi.dll, wshtcpip.dll,
wkssvc.dll, netutils.dll, netjoin.dll,
sspicli.dll, cryptsvc.dll, cryptnet.dll,
crypt32.dll, msasn1.dll, wldap32.dll,
vssapi.dll, atl.dll, vsstrace.dll,
oleaut32.dll, samcli.dll, samlib.dll,
cryptsp.dll, rsaenh.dll, clbcatq.dll,
es.dll, propsys.dll, nlasvc.dll,
wevtapi.dll, ncsi.dll, winhttp.dll,
webio.dll, cfgmgr32.dll, secur32.dll,
credssp.dll, ssdpapi.dll, wkscli.dll,
bcrypt.dll, bcryptprimitives.dll,
wtsapi32.dll, winsta.dll, shlwapi.dll,
wlidnsp.dll, psapi.dll, mdnsnsp.dll,
rasadhlp.dll, esent.dll, sensapi.dll,
ncrypt.dll, cabinet.dll, devrtl.dll,
sxs.dll, vss_ps.dll, msxml3.dll,
dnsrslvr.dll, dnsext.dll
AvastSvc.exe 1300 ntdll.dll, wow64.dll, wow64win.dll,
wow64cpu.dll
wlanext.exe 1308 ntdll.dll, kernel32.dll, kernelbase.dll,
advapi32.dll, msvcrt.dll, sechost.dll,
rpcrt4.dll, user32.dll, gdi32.dll, lpk.dll,
usp10.dll, crypt32.dll, msasn1.dll,
imm32.dll, msctf.dll, nvinitx.dll,
cryptbase.dll, rpcrtremote.dll,
secur32.dll, sspicli.dll, credssp.dll,
iwmssvc.dll, setupapi.dll, cfgmgr32.dll,
oleaut32.dll, ole32.dll, devobj.dll,
iphlpapi.dll, nsi.dll, winnsi.dll,
ws2_32.dll, wtsapi32.dll, wintrust.dll,
comdlg32.dll, shlwapi.dll, comctl32.dll,
shell32.dll, winspool.drv, psapi.dll,
wlanapi.dll, wlanutil.dll, libeay32.dll,
wsock32.dll, psregapi.dll, traceapi.dll,
oleacc.dll, ccxplugin.dll, xmllite.dll,
cryptsp.dll, rsaenh.dll, imagehlp.dll,
ncrypt.dll, bcrypt.dll,
bcryptprimitives.dll, userenv.dll,
profapi.dll, gpapi.dll, IHVWPSPlugin.dll,
P2PSupplicantPlugin.dll,
PanAuthenticator.dll, winsta.dll,
dhcpcsvc.dll, clbcatq.dll, netcfgx.dll,
devrtl.dll, spinf.dll, dnsapi.dll,
dhcpcsvc6.dll, mswsock.dll, iwmsprov.dll,
intstngs.dll, netshell.dll, nlaapi.dll,
P2PSupplicant.dll, hnetcfg.dll, atl.dll,
slc.dll, wbemprox.dll, wbemcomn.dll,
wbemsvc.dll, fastprox.dll, ntdsapi.dll
conhost.exe 1316 ntdll.dll, kernel32.dll, kernelbase.dll,
gdi32.dll, user32.dll, lpk.dll, usp10.dll,
msvcrt.dll, imm32.dll, msctf.dll,
ole32.dll, rpcrt4.dll, oleaut32.dll,
nvinitx.dll, advapi32.dll, sechost.dll
afwServ.exe 1404 ntdll.dll, wow64.dll, wow64win.dll,
wow64cpu.dll
NvXDSync.exe 1432 ntdll.dll, kernel32.dll, kernelbase.dll,
rpcrt4.dll, shlwapi.dll, gdi32.dll,
user32.dll, lpk.dll, usp10.dll, msvcrt.dll,
advapi32.dll, sechost.dll, ole32.dll,
oleaut32.dll, imm32.dll, msctf.dll,
nvinitx.dll, cryptbase.dll, clbcatq.dll,
cryptsp.dll, rsaenh.dll, rpcrtremote.dll,
nvxdapix.dll, nvui.dll, gdiplus.dll,
version.dll, wtsapi32.dll, msimg32.dll,
winspool.drv, dwmapi.dll, winsta.dll,
comctl32.dll, nvumdshimx.dll, setupapi.dll,
cfgmgr32.dll, devobj.dll, nvapi64.dll,
shell32.dll, uxtheme.dll, wintrust.dll,
crypt32.dll, msasn1.dll, nvxdbat.dll,
profapi.dll, apphelp.dll
nvvsvc.exe 1448 ntdll.dll, kernel32.dll, kernelbase.dll,
rpcrt4.dll, wtsapi32.dll, msvcrt.dll,
shlwapi.dll, gdi32.dll, user32.dll,
lpk.dll, usp10.dll, userenv.dll,
profapi.dll, setupapi.dll, cfgmgr32.dll,
advapi32.dll, sechost.dll, oleaut32.dll,
ole32.dll, devobj.dll, imm32.dll,
msctf.dll, nvinitx.dll, cryptbase.dll,
shell32.dll, nvsvc64.dll, mscms.dll,
version.dll, winmm.dll, comctl32.dll,
msimg32.dll, powrprof.dll, psapi.dll,
dwmapi.dll, comdlg32.dll, nvapi64.dll,
wintrust.dll, crypt32.dll, msasn1.dll,
nvsvcr.dll, uxtheme.dll, clbcatq.dll,
cryptsp.dll, rsaenh.dll, rpcrtremote.dll,
winsta.dll, sspicli.dll, nvxdbat.dll,
nvxdplcy.dll, apphelp.dll, dxtrans.dll,
atl.dll, urlmon.dll, iertutil.dll,
wininet.dll, normaliz.dll, imgutil.dll,
ddrawex.dll, ddraw.dll, dciman32.dll,
pngfilt.dll
dwm.exe 1836 ntdll.dll, kernel32.dll, kernelbase.dll,
gdi32.dll, user32.dll, lpk.dll, usp10.dll,
msvcrt.dll, uxtheme.dll, imm32.dll,
msctf.dll, dwmredir.dll, dwmcore.dll,
advapi32.dll, sechost.dll, rpcrt4.dll,
windowscodecs.dll, ole32.dll, d3d10_1.dll,
d3d10_1core.dll, dxgi.dll, version.dll,
dwmapi.dll, psapi.dll, nvinitx.dll,
wintrust.dll, crypt32.dll, msasn1.dll,
igd10umd64.dll, d3dx10_40.dll, udwm.dll,
slc.dll
explorer.exe 1860 ntdll.dll, kernel32.dll, kernelbase.dll,
advapi32.dll, msvcrt.dll, sechost.dll,
rpcrt4.dll, gdi32.dll, user32.dll, lpk.dll,
usp10.dll, shlwapi.dll, shell32.dll,
ole32.dll, oleaut32.dll, explorerframe.dll,
duser.dll, dui70.dll, imm32.dll, msctf.dll,
uxtheme.dll, powrprof.dll, setupapi.dll,
cfgmgr32.dll, devobj.dll, dwmapi.dll,
slc.dll, gdiplus.dll, secur32.dll,
sspicli.dll, propsys.dll, nvinitx.dll,
winsta.dll, cryptbase.dll, comctl32.dll,
windowscodecs.dll, profapi.dll,
apphelp.dll, clbcatq.dll, ashsha64.dll,
msi.dll, ehstorshell.dll, grooveex.dll,
msvcr90.dll, msvcp90.dll, atl90.dll,
office.odf, GrooveIntlResource.dll,
ntshrui.dll, srvcli.dll, cscapi.dll,
iconcodecservice.dll, cryptsp.dll,
rsaenh.dll, rpcrtremote.dll, sndvolsso.dll,
hid.dll, mmdevapi.dll, timedate.cpl,
atl.dll, actxprxy.dll, ntmarta.dll,
wldap32.dll, shdocvw.dll, msiltcfg.dll,
version.dll, linkinfo.dll, samlib.dll,
samcli.dll, netutils.dll, xmllite.dll,
msls31.dll, gameux.dll, crypt32.dll,
msasn1.dll, wer.dll, tiptsf.dll,
authui.dll, cryptui.dll, urlmon.dll,
iertutil.dll, wininet.dll, normaliz.dll,
searchfolder.dll, structuredquery.dll,
psapi.dll, winmm.dll, wdmaud.drv,
ksuser.dll, avrt.dll, audioses.dll,
msacm32.drv, msacm32.dll, midimap.dll,
stobject.dll, batmeter.dll, wtsapi32.dll,
wintrust.dll, mscoree.dll, mscoreei.dll,
fusion.dll, clr.dll, msvcr100_clr0400.dll,
es.dll, prnfldr.dll, winspool.drv, dxp.dll,
syncreg.dll, ehsso.dll, netshell.dll,
iphlpapi.dll, nsi.dll, winnsi.dll,
nlaapi.dll, alttab.dll,
wpdshserviceobj.dll, pnidui.dll, qutil.dll,
wevtapi.dll, portabledevicetypes.dll,
portabledeviceapi.dll, dhcpcsvc.dll,
ws2_32.dll, dhcpcsvc6.dll, mssprxy.dll,
credssp.dll, srchadmin.dll, userenv.dll,
npmproxy.dll, sxs.dll, synccenter.dll,
actioncenter.dll, imapi2.dll, hgcpl.dll,
provsvc.dll, wlanapi.dll, wlanutil.dll,
wwanapi.dll, wwapi.dll, fxsst.dll,
fxsapi.dll, fxsresm.dll, qagent.dll,
bthprops.cpl, wkscli.dll, uianimation.dll,
wscinterop.dll, wscapi.dll, wscui.cpl,
werconcpl.dll, framedynos.dll,
wercplsupport.dll, msxml6.dll,
hcproviders.dll, ieproxy.dll, devrtl.dll,
mpr.dll, msftedit.dll, msxml3.dll,
ieframe.dll, oleacc.dll,
naturallanguage6.dll, nlsdata0007.dll,
nlslexicons0007.dll, thumbcache.dll,
networkexplorer.dll, firewallapi.dll,
dfscli.dll, browcli.dll, mswsock.dll,
dnsapi.dll, rasadhlp.dll, twext.dll,
shfusion.dll, msvcr80.dll, culture.dll,
mlang.dll, igfxrdeu.lrc, rasapi32.dll,
rasman.dll, rtutils.dll, sensapi.dll,
fms.dll, inetcomm.dll, msoert2.dll,
inetres.dll, wshtcpip.dll, wship6.dll,
wlidnsp.dll, mdnsnsp.dll, fwpuclnt.dll,
windowscodecsext.dll, zipfldr.dll,
appwiz.cpl, osbaseln.dll, mscms.dll,
icm32.dll, imagehlp.dll, ncrypt.dll,
bcrypt.dll, bcryptprimitives.dll,
gpapi.dll, cryptnet.dll, ehstorapi.dll,
tquery.dll, fundisc.dll, fdproxy.dll,
fdwcn.dll, wcnapi.dll, fdwnet.dll,
netprofm.dll
spoolsv.exe 1928 ntdll.dll, kernel32.dll, kernelbase.dll,
msvcrt.dll, sechost.dll, rpcrt4.dll,
user32.dll, gdi32.dll, lpk.dll, usp10.dll,
powrprof.dll, setupapi.dll, cfgmgr32.dll,
advapi32.dll, oleaut32.dll, ole32.dll,
devobj.dll, dnsapi.dll, ws2_32.dll,
nsi.dll, imm32.dll, msctf.dll, nvinitx.dll,
cryptbase.dll, slc.dll, rpcrtremote.dll,
secur32.dll, sspicli.dll, credssp.dll,
iphlpapi.dll, winnsi.dll, mswsock.dll,
wshtcpip.dll, wship6.dll, wlidnsp.dll,
psapi.dll, shlwapi.dll, mdnsnsp.dll,
rasadhlp.dll, fwpuclnt.dll, clbcatq.dll,
umb.dll, atl.dll, wintrust.dll,
crypt32.dll, msasn1.dll, localspl.dll,
spoolss.dll, srvcli.dll, winspool.drv,
printisolationproxy.dll, ep0slm01.dll,
version.dll, fxsmon.dll, tcpmon.dll,
snmpapi.dll, wsnmp32.dll, msxml6.dll,
usbmon.dll, wls0wndh.dll, wsdmon.dll,
wsdapi.dll, webservices.dll,
firewallapi.dll, fundisc.dll, fdpnp.dll,
winprint.dll, userenv.dll, profapi.dll,
gpapi.dll, ep0npp01.dll, dsrole.dll,
win32spl.dll, devrtl.dll, spinf.dll,
inetpp.dll, cryptsp.dll, winsta.dll,
rsaenh.dll, cscapi.dll, netutils.dll,
browcli.dll, dhcpcsvc.dll, dhcpcsvc6.dll
svchost.exe 1460 ntdll.dll, snxhk64.dll, kernel32.dll,
kernelbase.dll, msvcrt.dll, sechost.dll,
rpcrt4.dll, ole32.dll, gdi32.dll,
user32.dll, lpk.dll, usp10.dll, imm32.dll,
msctf.dll, nvinitx.dll, advapi32.dll,
cryptbase.dll, bfe.dll, authz.dll, slc.dll,
sspicli.dll, pcwum.dll, rpcrtremote.dll,
mpssvc.dll, firewallapi.dll, version.dll,
fwpuclnt.dll, nsi.dll, cfgmgr32.dll,
shlwapi.dll, secur32.dll, credssp.dll,
userenv.dll, profapi.dll, gpapi.dll,
ws2_32.dll, iphlpapi.dll, winnsi.dll,
dhcpcsvc.dll, dhcpcsvc6.dll, wfapigp.dll,
ntmarta.dll, wldap32.dll, mswsock.dll,
wship6.dll, wshtcpip.dll, dps.dll,
oleaut32.dll, clbcatq.dll, taskschd.dll,
bcrypt.dll, netprofm.dll, nlaapi.dll,
cryptsp.dll, rsaenh.dll, npmproxy.dll,
wdi.dll, radardt.dll, wtsapi32.dll,
wdiasqmmodule.dll, winsta.dll,
setupapi.dll, devobj.dll, wintrust.dll,
crypt32.dll, msasn1.dll, diagperf.dll,
pots.dll, tdh.dll
taskhost.exe 2136 ntdll.dll, snxhk64.dll, kernel32.dll,
kernelbase.dll, msvcrt.dll, ole32.dll,
gdi32.dll, user32.dll, lpk.dll, usp10.dll,
rpcrt4.dll, oleaut32.dll, imm32.dll,
msctf.dll, nvinitx.dll, advapi32.dll,
sechost.dll, cryptbase.dll, uxtheme.dll,
dwmapi.dll, clbcatq.dll, playsndsrv.dll,
rpcrtremote.dll, msctfmonitor.dll,
msutb.dll, winsta.dll, wtsapi32.dll,
hotstartuseragent.dll, slc.dll, winmm.dll,
dimsjob.dll, shlwapi.dll, taskschd.dll,
sspicli.dll, netprofm.dll, nsi.dll,
nlaapi.dll, cryptsp.dll, rsaenh.dll,
npmproxy.dll, dsrole.dll, mmdevapi.dll,
propsys.dll, wdmaud.drv, ksuser.dll,
avrt.dll, setupapi.dll, cfgmgr32.dll,
devobj.dll, audioses.dll, msacm32.drv,
msacm32.dll, midimap.dll
BTHSAmpPalService.exe 2332 ntdll.dll, snxhk64.dll, kernel32.dll,
kernelbase.dll, user32.dll, gdi32.dll,
lpk.dll, usp10.dll, msvcrt.dll,
advapi32.dll, sechost.dll, rpcrt4.dll,
imm32.dll, msctf.dll, nvinitx.dll,
UsR3IoPort.dll, setupapi.dll, cfgmgr32.dll,
oleaut32.dll, ole32.dll, devobj.dll
AppleMobileDeviceService. 2352 ntdll.dll, wow64.dll, wow64win.dll,
wow64cpu.dll
devmonsrv.exe 2448 ntdll.dll, wow64.dll, wow64win.dll,
wow64cpu.dll
mDNSResponder.exe 2472 ntdll.dll, snxhk64.dll, kernel32.dll,
kernelbase.dll, ws2_32.dll, msvcrt.dll,
rpcrt4.dll, nsi.dll, iphlpapi.dll,
winnsi.dll, netapi32.dll, netutils.dll,
srvcli.dll, wkscli.dll, powrprof.dll,
setupapi.dll, cfgmgr32.dll, advapi32.dll,
sechost.dll, gdi32.dll, user32.dll,
lpk.dll, usp10.dll, oleaut32.dll,
ole32.dll, devobj.dll, imm32.dll,
msctf.dll, nvinitx.dll, cryptbase.dll,
mswsock.dll, wshtcpip.dll, wship6.dll,
dhcpcsvc.dll, dhcpcsvc6.dll, dnsapi.dll
BDTUpdateService.exe 2516 ntdll.dll, wow64.dll, wow64win.dll,
wow64cpu.dll
svchost.exe 2544 ntdll.dll, snxhk64.dll, kernel32.dll,
kernelbase.dll, msvcrt.dll, sechost.dll,
rpcrt4.dll, bthserv.dll, shfolder.dll,
shell32.dll, shlwapi.dll, gdi32.dll,
user32.dll, lpk.dll, usp10.dll, imm32.dll,
msctf.dll, nvinitx.dll, advapi32.dll,
setupapi.dll, cfgmgr32.dll, oleaut32.dll,
ole32.dll, devobj.dll, wintrust.dll,
crypt32.dll, msasn1.dll, rpcrtremote.dll,
secur32.dll, sspicli.dll, credssp.dll,
msv1_0.dll, cryptdll.dll, cryptbase.dll
BTHSSecurityMgr.exe 2576 ntdll.dll, snxhk64.dll, kernel32.dll,
kernelbase.dll, wintrust.dll, msvcrt.dll,
crypt32.dll, msasn1.dll, rpcrt4.dll,
user32.dll, gdi32.dll, lpk.dll, usp10.dll,
advapi32.dll, sechost.dll, ole32.dll,
oleaut32.dll, msvcp90.dll, msvcr90.dll,
imm32.dll, msctf.dll, nvinitx.dll,
cryptbase.dll, BTSupplicantPlugin.dll,
secur32.dll, sspicli.dll, shlwapi.dll,
oleacc.dll, winspool.drv, cryptsp.dll,
rsaenh.dll, imagehlp.dll, ncrypt.dll,
bcrypt.dll, bcryptprimitives.dll,
userenv.dll, profapi.dll, gpapi.dll,
PanAuthenticator.dll, ws2_32.dll, nsi.dll,
UsR3IoPort.dll, setupapi.dll, cfgmgr32.dll,
devobj.dll
EvtEng.exe 2644 ntdll.dll, snxhk64.dll, kernel32.dll,
kernelbase.dll, secur32.dll, sspicli.dll,
msvcrt.dll, rpcrt4.dll, shlwapi.dll,
gdi32.dll, user32.dll, lpk.dll, usp10.dll,
iphlpapi.dll, nsi.dll, winnsi.dll,
crypt32.dll, msasn1.dll, setupapi.dll,
cfgmgr32.dll, advapi32.dll, sechost.dll,
oleaut32.dll, ole32.dll, devobj.dll,
murocapi.dll, comdlg32.dll, comctl32.dll,
shell32.dll, winspool.drv, psapi.dll,
imm32.dll, msctf.dll, nvinitx.dll,
libeay32.dll, wsock32.dll, ws2_32.dll,
psregapi.dll, traceapi.dll, oleacc.dll,
wtsapi32.dll, cryptbase.dll, clbcatq.dll,
cryptsp.dll, rsaenh.dll, rpcrtremote.dll,
wlanapi.dll, wlanutil.dll, intstngs.dll,
userenv.dll, profapi.dll, winsta.dll,
amtwsman.dll, winhttp.dll, webio.dll,
s24mudll.dll, version.dll, wbemprox.dll,
wbemcomn.dll, apphelp.dll, wbemsvc.dll,
fastprox.dll, ntdsapi.dll, netcfgx.dll,
devrtl.dll, wintrust.dll
PsiService_2.exe 2780 ntdll.dll, wow64.dll, wow64win.dll,
wow64cpu.dll
RegSrvc.exe 2808 ntdll.dll, snxhk64.dll, kernel32.dll,
kernelbase.dll, setupapi.dll, cfgmgr32.dll,
msvcrt.dll, rpcrt4.dll, advapi32.dll,
sechost.dll, gdi32.dll, user32.dll,
lpk.dll, usp10.dll, oleaut32.dll,
ole32.dll, devobj.dll, crypt32.dll,
msasn1.dll, shell32.dll, shlwapi.dll,
comdlg32.dll, comctl32.dll, winspool.drv,
psapi.dll, imm32.dll, msctf.dll,
nvinitx.dll, cryptbase.dll, clbcatq.dll,
cryptsp.dll, rsaenh.dll, rpcrtremote.dll,
sxs.dll
RichVideo.exe 2840 ntdll.dll, wow64.dll, wow64win.dll,
wow64cpu.dll
sftvsa.exe 1588 ntdll.dll, wow64.dll, wow64win.dll,
wow64cpu.dll
nvSCPAPISvr.exe 3080 ntdll.dll, wow64.dll, wow64win.dll,
wow64cpu.dll
svchost.exe 3108 ntdll.dll, snxhk64.dll, kernel32.dll,
kernelbase.dll, msvcrt.dll, sechost.dll,
rpcrt4.dll, wiaservc.dll, advapi32.dll,
user32.dll, gdi32.dll, lpk.dll, usp10.dll,
oleaut32.dll, ole32.dll, version.dll,
imm32.dll, msctf.dll, nvinitx.dll,
wiatrace.dll, cryptbase.dll,
rpcrtremote.dll, secur32.dll, sspicli.dll,
credssp.dll, msv1_0.dll, cryptdll.dll,
cfgmgr32.dll, clbcatq.dll, cryptsp.dll,
rsaenh.dll, setupapi.dll, devobj.dll,
sti.dll, comctl32.dll, shlwapi.dll,
wintrust.dll, crypt32.dll, msasn1.dll
TvdService.exe 3164 ntdll.dll, snxhk64.dll, kernel32.dll,
kernelbase.dll, mscoree.dll, advapi32.dll,
msvcrt.dll, sechost.dll, rpcrt4.dll,
mscoreei.dll, shlwapi.dll, gdi32.dll,
user32.dll, lpk.dll, usp10.dll, imm32.dll,
msctf.dll, nvinitx.dll, mscorwks.dll,
msvcr80.dll, shell32.dll, ole32.dll,
profapi.dll, mscorlib.ni.dll,
cryptbase.dll, cryptsp.dll, rsaenh.dll,
mscorjit.dll, System.ni.dll,
System.ServiceProcess.ni.dll,
Tvd.Remote.dll, System.Data.ni.dll,
system.data.dll, ws2_32.dll, nsi.dll,
crypt32.dll, msasn1.dll, System.Xml.ni.dll,
System.ServiceModel.ni.dll,
SMDiagnostics.ni.dll,
System.Configuration.ni.dll,
System.Runtime.Serialization.ni.dll,
httpapi.dll, pcwum.dll,
system.resources.dll, mswsock.dll,
wshtcpip.dll, wship6.dll, dnsapi.dll,
wlidnsp.dll, psapi.dll, mdnsnsp.dll,
iphlpapi.dll, winnsi.dll, rasadhlp.dll,
fwpuclnt.dll, FingerPrint.dll,
Tvd.Reporting.dll, Tvd.Aprico.dll,
System.Management.ni.dll, rpcrtremote.dll,
wminet_utils.dll, oleaut32.dll,
clbcatq.dll, wmiutils.dll, wbemcomn.dll,
wbemprox.dll, wbemsvc.dll, fastprox.dll,
ntdsapi.dll, bcrypt.dll,
system.serviceprocess.resources.dll,
System.Transactions.ni.dll,
system.transactions.dll,
system.servicemodel.resources.dll
WLIDSVC.EXE 3208 ntdll.dll, snxhk64.dll, kernel32.dll,
kernelbase.dll, advapi32.dll, msvcrt.dll,
sechost.dll, rpcrt4.dll, oleaut32.dll,
ole32.dll, gdi32.dll, user32.dll, lpk.dll,
usp10.dll, shlwapi.dll, crypt32.dll,
msasn1.dll, sensapi.dll, psapi.dll,
sqmapi.dll, netapi32.dll, netutils.dll,
srvcli.dll, wkscli.dll, samcli.dll,
winhttp.dll, webio.dll, iphlpapi.dll,
nsi.dll, winnsi.dll, wer.dll, shell32.dll,
ws2_32.dll, wtsapi32.dll, userenv.dll,
profapi.dll, wintrust.dll, version.dll,
winscard.dll, imm32.dll, msctf.dll,
nvinitx.dll, cryptbase.dll, cryptsp.dll,
rsaenh.dll, clbcatq.dll, rpcrtremote.dll,
msxml3.dll, winsta.dll, apphelp.dll,
wbemprox.dll, wbemcomn.dll, wbemsvc.dll,
fastprox.dll, ntdsapi.dll, dssenh.dll,
sspicli.dll, credssp.dll, mswsock.dll,
wshtcpip.dll, wship6.dll, dhcpcsvc.dll,
dhcpcsvc6.dll, cfgmgr32.dll, dnsapi.dll,
wlidnsp.dll, mdnsnsp.dll, rasadhlp.dll,
fwpuclnt.dll, schannel.dll, secur32.dll,
ncrypt.dll, bcrypt.dll,
bcryptprimitives.dll, gpapi.dll,
cryptnet.dll, wldap32.dll
X10nets.exe 3288 ntdll.dll, wow64.dll, wow64win.dll,
wow64cpu.dll
WLIDSVCM.EXE 3348 ntdll.dll, snxhk64.dll, kernel32.dll,
kernelbase.dll, advapi32.dll, msvcrt.dll,
sechost.dll, rpcrt4.dll, user32.dll,
gdi32.dll, lpk.dll, usp10.dll, psapi.dll,
shell32.dll, shlwapi.dll, imm32.dll,
msctf.dll, nvinitx.dll
obexsrv.exe 3360 ntdll.dll, wow64.dll, wow64win.dll,
wow64cpu.dll
unsecapp.exe 3440 ntdll.dll, snxhk64.dll, kernel32.dll,
kernelbase.dll, msvcrt.dll, wbemcomn.dll,
oleaut32.dll, ole32.dll, gdi32.dll,
user32.dll, lpk.dll, usp10.dll, rpcrt4.dll,
ws2_32.dll, nsi.dll, sechost.dll,
imm32.dll, msctf.dll, nvinitx.dll,
advapi32.dll, cryptbase.dll, clbcatq.dll,
cryptsp.dll, rsaenh.dll, rpcrtremote.dll,
wbemsvc.dll, fastprox.dll, ntdsapi.dll
sftlist.exe 3448 ntdll.dll, wow64.dll, wow64win.dll,
wow64cpu.dll ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.7.2 (03.15.2013:1) OS: Windows 7 Home Premium x64 Ran by Familie on 17.03.2013 at 21:52:19.95 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{eee6c35b-6118-11dc-9c72-001320c79847} Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1048707053-1856203506-3919785161-1001\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Search Bar Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1048707053-1856203506-3919785161-1001\software\microsoft\internet explorer\main\\Search Bar Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Search Page Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1048707053-1856203506-3919785161-1001\software\microsoft\internet explorer\main\\Search Page Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\search\\Default_Search_URL Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1048707053-1856203506-3919785161-1001\software\microsoft\internet explorer\search\\Default_Search_URL Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchurl\\Default Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1048707053-1856203506-3919785161-1001\software\microsoft\internet explorer\searchurl\\Default Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\search\\SearchAssistant Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1048707053-1856203506-3919785161-1001\software\microsoft\internet explorer\search\\SearchAssistant Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{00000000-6e41-4fd3-8538-502f5495e5fc} Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{d4027c7f-154a-4066-a1ad-4243d8127440} ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_current_user\software\smartbar Successfully deleted: [Registry Key] hkey_current_user\software\smartbarbackup Successfully deleted: [Registry Key] hkey_current_user\software\sweetim Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\genericasktoolbar.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\genericasktoolbar.toolbarwnd Successfully deleted: [Registry Key] hkey_local_machine\software\classes\genericasktoolbar.toolbarwnd.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mediaplayer.graphicsutils Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mediaplayer.graphicsutils.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mgmediaplayer.gifanimator Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mgmediaplayer.gifanimator.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\sim-packages Successfully deleted: [Registry Key] hkey_local_machine\software\classes\sweetie.ietoolbar Successfully deleted: [Registry Key] hkey_local_machine\software\classes\sweetie.ietoolbar.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\sweetim_urlsearchhook.toolbarurlsearchhook Successfully deleted: [Registry Key] hkey_local_machine\software\classes\sweetim_urlsearchhook.toolbarurlsearchhook.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.sweetie Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.sweetie.1 Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\conduitinstaller_rasapi32 Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\conduitinstaller_rasmancs Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\funmoodslatest_rasapi32 Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\funmoodslatest_rasmancs Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\quickshare_rasapi32 Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\quickshare_rasmancs Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetim_2_rasapi32 Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetim_2_rasmancs Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetim_rasapi32 Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetim_rasmancs Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetpacksupdatemanager_rasapi32 Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetpacksupdatemanager_rasmancs Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\app paths\sweetim.exe Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{31ad400d-1b06-4e33-a59a-90c2c140cba0} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ae07101b-46d4-4a98-af68-0333ea26e113} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{eee6c35b-6118-11dc-9c72-001320c79847} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{eee6c35c-6118-11dc-9c72-001320c79847} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{eee6c35c-6118-11dc-9c72-001320c79847} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{d4027c7f-154a-4066-a1ad-4243d8127440} Successfully deleted: [Registry Key] "hkey_current_user\software\apn" Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip" Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar" Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com" Successfully deleted: [Registry Key] "hkey_local_machine\software\apn" Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar" Successfully deleted: [Registry Key] "hkey_local_machine\software\pip" ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\sweetim" Failed to delete: [Folder] "C:\Users\Familie\appdata\local\smartbar" Failed to delete: [Folder] "C:\Program Files (x86)\sweetim" Successfully deleted: [Folder] "C:\Program Files (x86)\sweetpacks bundle uninstaller" Successfully deleted: [Folder] "C:\ProgramData\ask" Successfully deleted: [Folder] "C:\Users\Familie\appdata\locallow\asktoolbar" Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com" Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}" ~~~ FireFox Successfully deleted: [File] C:\Users\Familie\AppData\Roaming\mozilla\firefox\profiles\5p2kkb4x.default\invalidprefs.js Successfully deleted: [File] C:\Users\Familie\AppData\Roaming\mozilla\firefox\profiles\5p2kkb4x.default\searchplugins\askcom.xml Successfully deleted: [Folder] C:\Users\Familie\AppData\Roaming\mozilla\firefox\profiles\5p2kkb4x.default\extensions\toolbar@ask.com Successfully deleted the following from C:\Users\Familie\AppData\Roaming\mozilla\firefox\profiles\5p2kkb4x.default\prefs.js user_pref("browser.newtab.url", "hxxp://feed.snap.do/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=b50dec5c-a680-49e7-92ab-90312fa3caf9&searchtype=nt&installDate=01/01/1970"); user_pref("browser.search.selectedEngine", "Web Search"); user_pref("extensions.helperbar.SmartbarDisabled", false); user_pref("extensions.helperbar.SmartbarStateMinimaized", false); user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=b50dec5c-a680-49e7-92ab-90312fa3caf9&searchtype=ds&installDate=01/01/1970&q="); Emptied folder: C:\Users\Familie\AppData\Roaming\mozilla\firefox\profiles\5p2kkb4x.default\minidumps [50 files] ~~~ Chrome Successfully deleted: [Registry Key] hkey_local_machine\software\policies\google\chrome\extensioninstallforcelist ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 17.03.2013 at 22:18:16.17 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ HTML-Code: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by Familie on 17.03.2013 at 21:52:19.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{eee6c35b-6118-11dc-9c72-001320c79847}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1048707053-1856203506-3919785161-1001\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Search Bar
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1048707053-1856203506-3919785161-1001\software\microsoft\internet explorer\main\\Search Bar
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Search Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1048707053-1856203506-3919785161-1001\software\microsoft\internet explorer\main\\Search Page
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\search\\Default_Search_URL
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1048707053-1856203506-3919785161-1001\software\microsoft\internet explorer\search\\Default_Search_URL
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchurl\\Default
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1048707053-1856203506-3919785161-1001\software\microsoft\internet explorer\searchurl\\Default
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\search\\SearchAssistant
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1048707053-1856203506-3919785161-1001\software\microsoft\internet explorer\search\\SearchAssistant
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{00000000-6e41-4fd3-8538-502f5495e5fc}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{d4027c7f-154a-4066-a1ad-4243d8127440}
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_current_user\software\smartbar
Successfully deleted: [Registry Key] hkey_current_user\software\smartbarbackup
Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\genericasktoolbar.toolbarwnd
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\genericasktoolbar.toolbarwnd.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mediaplayer.graphicsutils
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mediaplayer.graphicsutils.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mgmediaplayer.gifanimator
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mgmediaplayer.gifanimator.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\sim-packages
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\sweetie.ietoolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\sweetie.ietoolbar.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\sweetim_urlsearchhook.toolbarurlsearchhook
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.sweetie
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.sweetie.1
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\funmoodslatest_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\funmoodslatest_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\quickshare_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\quickshare_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetim_2_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetim_2_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetim_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetim_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetpacksupdatemanager_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetpacksupdatemanager_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\app paths\sweetim.exe
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{31ad400d-1b06-4e33-a59a-90c2c140cba0}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{eee6c35c-6118-11dc-9c72-001320c79847}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{eee6c35c-6118-11dc-9c72-001320c79847}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\sweetim"
Failed to delete: [Folder] "C:\Users\Familie\appdata\local\smartbar"
Failed to delete: [Folder] "C:\Program Files (x86)\sweetim"
Successfully deleted: [Folder] "C:\Program Files (x86)\sweetpacks bundle uninstaller"
Successfully deleted: [Folder] "C:\ProgramData\ask"
Successfully deleted: [Folder] "C:\Users\Familie\appdata\locallow\asktoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"
~~~ FireFox
Successfully deleted: [File] C:\Users\Familie\AppData\Roaming\mozilla\firefox\profiles\5p2kkb4x.default\invalidprefs.js
Successfully deleted: [File] C:\Users\Familie\AppData\Roaming\mozilla\firefox\profiles\5p2kkb4x.default\searchplugins\askcom.xml
Successfully deleted: [Folder] C:\Users\Familie\AppData\Roaming\mozilla\firefox\profiles\5p2kkb4x.default\extensions\toolbar@ask.com
Successfully deleted the following from C:\Users\Familie\AppData\Roaming\mozilla\firefox\profiles\5p2kkb4x.default\prefs.js
user_pref("browser.newtab.url", "hxxp://feed.snap.do/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=b50dec5c-a680-49e7-92ab-90312fa3caf9&searchtype=nt&installDate=01/01/1970");
user_pref("browser.search.selectedEngine", "Web Search");
user_pref("extensions.helperbar.SmartbarDisabled", false);
user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=b50dec5c-a680-49e7-92ab-90312fa3caf9&searchtype=ds&installDate=01/01/1970&q=");
Emptied folder: C:\Users\Familie\AppData\Roaming\mozilla\firefox\profiles\5p2kkb4x.default\minidumps [50 files]
~~~ Chrome
Successfully deleted: [Registry Key] hkey_local_machine\software\policies\google\chrome\extensioninstallforcelist
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.03.2013 at 22:18:16.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
18.03.2013, 00:21
| #6 |
| /// Helfer-Team | Snap.do Trojaner wie sieht es aus? Immer noch da?
__________________ --> Snap.do Trojaner |
|
18.03.2013, 17:32
| #7 |
| | Snap.do Trojaner Hallo, nein! Danke. Wie hast Du das gemacht??? Gruß Samd |
|
18.03.2013, 20:45
| #8 |
| /// Helfer-Team | Snap.do Trojaner Entfernt  Sehr gut!  Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). danach: ESET Online Scanner
danach: Downloade Dir bitte  SecurityCheck und:
|
|
19.03.2013, 19:53
| #9 |
| | Snap.do Trojaner Hallo, asw läuft nicht durch. Es kommt die Fehlermeldung: avast! antirootkit funktioniert nicht mehr. Das Programm muss geschlossen werden. Avast ist deaktiviert. Die anderen logs stelle ich rein, so bald fertig. Gruß Samd |
|
19.03.2013, 20:37
| #10 |
| /// Helfer-Team | Snap.do Trojaner Alles klar! |
|
20.03.2013, 13:00
| #11 |
| | Snap.do Trojaner Hallo, Nr. 1: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2a67d45f84cde048ae73dd03ccc54d21
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-10 02:08:17
# local_time=2012-11-10 03:08:17 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 32585533 32585533 0 0
# compatibility_mode=5893 16776574 100 94 32584309 104181975 0 0
# compatibility_mode=8192 67108863 100 0 4147 4147 0 0
# scanned=20240
# found=0
# cleaned=0
# scan_time=4372
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2a67d45f84cde048ae73dd03ccc54d21
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-11 01:04:17
# local_time=2012-11-11 02:04:17 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 32590663 32590663 0 0
# compatibility_mode=5893 16776574 100 94 32589439 104187105 0 0
# compatibility_mode=8192 67108863 100 0 9277 9277 0 0
# scanned=75653
# found=0
# cleaned=0
# scan_time=38603
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2a67d45f84cde048ae73dd03ccc54d21
# engine=13429
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-20 11:51:34
# local_time=2013-03-20 12:51:34 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 93 268258 140490166 0 0
# compatibility_mode=5893 16776574 100 94 43812478 115410144 0 0
# scanned=203644
# found=3
# cleaned=0
# scan_time=60930
sh=407837A1D9ADA53A32EC954E31C739C5DAD3AC94 ft=1 fh=d6417535bd706cba vn="a variant of Win32/SpeedingUpMyPC.B application" ac=I fn="C:\Users\Familie\AppData\Local\Temp\OptimizerPro.exe"
sh=DA33E0E8FE7B06804C66C24016987ABA775BD119 ft=1 fh=999a9d274d6e0653 vn="a variant of Win32/Adware.SpeedingUpMyPC.A application" ac=I fn="C:\Users\Familie\AppData\Local\Temp\DM\zipper_031\software\OptimizerPro.exe"
sh=91783DF9A9D43E6DB80D2BBBE3415358BA0604A2 ft=1 fh=9283975beb9c7ccf vn="multiple threats" ac=I fn="C:\Windows\Temp\RegistryOptimizer.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.59 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` avast! Internet Security Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 Java 7 Update 9 Java version out of Date! Adobe Flash Player 11.6.602.180 Mozilla Firefox (19.0.2) Google Chrome 25.0.1364.152 Google Chrome 25.0.1364.172 ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast afwServ.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
20.03.2013, 19:37
| #12 | |
| /// Helfer-Team | Snap.do TrojanerZitat:
Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: http://tools.trojaner-board.de/plugincheck.html Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: http://tools.trojaner-board.de/plugincheck.html |
|
21.03.2013, 18:58
| #13 |
| | Snap.do Trojaner Hallo, hier die Kopie: PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Firefox 19.0 ist aktuell Flash (11,6,602,180) ist aktuell. Java (1,7,0,17) ist aktuell. Adobe Reader ist nicht installiert oder aktiviert. Nr. 2: PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Firefox 19.0 ist aktuell Flash (11,6,602,180) ist aktuell. Java ist Installiert aber nicht aktiviert. Adobe Reader ist nicht installiert oder aktiviert. Frage: Wie verhindere ich den Dreck? Von welcehn Programmen kommt das den? Gruß Samd |
|
21.03.2013, 19:18
| #14 |
| /// Helfer-Team | Snap.do Trojaner OptimizerPro.exe Keine Optimizer, Cleaner oder Booster downloaden! Sehr gut! damit bist Du sauber und entlassen!  adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
|
21.03.2013, 20:17
| #15 |
| | Snap.do Trojaner Shit, jetzt öffnet sich im Browser Fenster "Delta Search". Das ist doch auch etwas, was man nicht brauchen kann. Brauch ich wieder Deine Hilfe? adw konnte ich nicht deinstallieren. Gruß Samd Hilft das? Code:
ATTFilter Results of screen317's Security Check version 0.99.54 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` avast! Internet Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 Java 7 Update 17 Java version out of Date! Adobe Flash Player 11.6.602.180 Mozilla Firefox (19.0.2) Google Chrome 25.0.1364.152 Google Chrome 25.0.1364.172 ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast afwServ.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
Linear-Darstellung
